--- title: Release 2023.6 slug: "/releases/2023.6" --- ## New features - LDAP StartTLS support authentik's [LDAP Provider](../../providers/ldap/index.md) now supports StartTLS in addition to supporting SSL. The StartTLS is a more modern method of encrypting LDAP traffic. With this added support, the LDAP [Outpost](../../outposts/index.mdx) can now support multiple certificates. - LDAP Schema improvements In addition to the StartTLS support, the schema support in the LDAP provider has been drastically overhauled. This will improve support with applications and clients relying on the schema to parse data received. Additionally, the base DN is no longer required to be set when binding, as the outpost now finds the correct provider based on the bind DN. - Event matcher policy can now match on individual models Previously the _Event matcher policy_ was only able to match on event actions, client IPs and apps, which made it a requirement to use expression policies to match only on certain model actions. ## Upgrading This release does not introduce any new requirements. ### docker-compose To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands: ``` wget -O docker-compose.yml https://goauthentik.io/version/2023.6/docker-compose.yml docker-compose up -d ``` The `-O` flag retains the downloaded file's name, overwriting any existing local file with the same name. ### Kubernetes Update your values to use the new images: ```yaml image: repository: ghcr.io/goauthentik/server tag: 2023.6.0 ``` ## Minor changes/fixes - \*: use dataclass slots wherever applicable (#6005) - blueprints: allow setting user's passwords from blueprints (#5797) - blueprints: fix API validation with OCI blueprint path (#5822) - blueprints: fix check for file path not being run on worker (#5703) - blueprints: support custom ports for OCI blueprints (#5727) - core: make groups field for user optional (#5702) - core: prevent selecting a group as a parent of itself (#6016) - events: fix ak_create_event using wrong request for event creation (#5731) - lifecycle: Add depends_on for worker and server container (#5634) - outposts/ldap: fix race condition when refreshing the provider - outposts: fix missing radius outpost controller (#5730) - policies/event_matcher: add model filter (#5802) - policies/event_matcher: change empty values to null (#6032) - providers/ldap: add StartTLS support (#5861) - providers/ldap: fix LDAP Outpost application selection (#5812) - providers/ldap: fix Outpost provider listing excluding backchannel providers (#5933) - providers/ldap: improve password totp detection (#6006) - providers/ldap: rework Schema and DSE (#5838) - providers/oauth2: correctly advertise code_challenge_methods_supported (#6007) - providers/oauth2: launch url: if URL parsing fails, return no launch URL (#5918) - providers/proxy: add support for traefik.io API and CRD (#5801) - security: cure53 fix (#6039) - sources/ldap: add support for cert based auth (#5850) - sources/ldap: fix duplicate bind when authenticating user directly to… (#5927) - sources/ldap: include UnwillingToPerformError as possible exception (#6031) - sources/saml: separate verification cert (#5699) - web/admin: fix codemirror not working on safari (#5943) - web/admin: theme adjustments (#5944) - web/flows: fix RedirectStage not detecting absolute URLs correctly (#5781) - web/user: fix MFA enroll dropdown broken when password stage has no configuration flow (#5744) - web/user: fix broken search on application library (#5743) - web/user: fix search input styling (#5745) - web/user: refactor LibraryPage for testing, add CTA (#5665) - web: Replace lingui.js with lit-localize (#5761) ## API Changes #### What's New --- ##### `GET` /admin/models/ #### What's Changed --- ##### `GET` /crypto/certificatekeypairs/{kp_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `managed` * Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `PUT` /crypto/certificatekeypairs/{kp_uuid}/ ###### Request: Changed content type : `application/json` - Deleted property `managed` (string) > Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `managed` * Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `PATCH` /crypto/certificatekeypairs/{kp_uuid}/ ###### Request: Changed content type : `application/json` - Deleted property `managed` (string) > Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `managed` * Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `POST` /crypto/certificatekeypairs/generate/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `managed` * Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `GET` /policies/event_matcher/{policy_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `model` (object) > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. > > - `authentik_crypto.certificatekeypair` - Certificate-Key Pair > - `authentik_events.event` - Event > - `authentik_events.notificationtransport` - Notification Transport > - `authentik_events.notification` - Notification > - `authentik_events.notificationrule` - Notification Rule > - `authentik_events.notificationwebhookmapping` - Webhook Mapping > - `authentik_flows.flow` - Flow > - `authentik_flows.flowstagebinding` - Flow Stage Binding > - `authentik_outposts.dockerserviceconnection` - Docker Service-Connection > - `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection > - `authentik_outposts.outpost` - outpost > - `authentik_policies_dummy.dummypolicy` - Dummy Policy > - `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy > - `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy > - `authentik_policies_expression.expressionpolicy` - Expression Policy > - `authentik_policies_password.passwordpolicy` - Password Policy > - `authentik_policies_reputation.reputationpolicy` - Reputation Policy > - `authentik_policies_reputation.reputation` - reputation > - `authentik_policies.policybinding` - Policy Binding > - `authentik_providers_ldap.ldapprovider` - LDAP Provider > - `authentik_providers_oauth2.scopemapping` - Scope Mapping > - `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider > - `authentik_providers_oauth2.authorizationcode` - Authorization Code > - `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token > - `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token > - `authentik_providers_proxy.proxyprovider` - Proxy Provider > - `authentik_providers_radius.radiusprovider` - Radius Provider > - `authentik_providers_saml.samlprovider` - SAML Provider > - `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping > - `authentik_providers_scim.scimprovider` - SCIM Provider > - `authentik_providers_scim.scimmapping` - SCIM Mapping > - `authentik_sources_ldap.ldapsource` - LDAP Source > - `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping > - `authentik_sources_oauth.oauthsource` - OAuth Source > - `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection > - `authentik_sources_plex.plexsource` - Plex Source > - `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection > - `authentik_sources_saml.samlsource` - SAML Source > - `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection > - `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage > - `authentik_stages_authenticator_duo.duodevice` - Duo Device > - `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage > - `authentik_stages_authenticator_sms.smsdevice` - SMS Device > - `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage > - `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage > - `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage > - `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage > - `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device > - `authentik_stages_captcha.captchastage` - Captcha Stage > - `authentik_stages_consent.consentstage` - Consent Stage > - `authentik_stages_consent.userconsent` - User Consent > - `authentik_stages_deny.denystage` - Deny Stage > - `authentik_stages_dummy.dummystage` - Dummy Stage > - `authentik_stages_email.emailstage` - Email Stage > - `authentik_stages_identification.identificationstage` - Identification Stage > - `authentik_stages_invitation.invitationstage` - Invitation Stage > - `authentik_stages_invitation.invitation` - Invitation > - `authentik_stages_password.passwordstage` - Password Stage > - `authentik_stages_prompt.prompt` - Prompt > - `authentik_stages_prompt.promptstage` - Prompt Stage > - `authentik_stages_user_delete.userdeletestage` - User Delete Stage > - `authentik_stages_user_login.userloginstage` - User Login Stage > - `authentik_stages_user_logout.userlogoutstage` - User Logout Stage > - `authentik_stages_user_write.userwritestage` - User Write Stage > - `authentik_tenants.tenant` - Tenant > - `authentik_blueprints.blueprintinstance` - Blueprint Instance > - `authentik_core.group` - group > - `authentik_core.user` - User > - `authentik_core.application` - Application > - `authentik_core.token` - Token Enum values: - `authentik_crypto.certificatekeypair` - `authentik_events.event` - `authentik_events.notificationtransport` - `authentik_events.notification` - `authentik_events.notificationrule` - `authentik_events.notificationwebhookmapping` - `authentik_flows.flow` - `authentik_flows.flowstagebinding` - `authentik_outposts.dockerserviceconnection` - `authentik_outposts.kubernetesserviceconnection` - `authentik_outposts.outpost` - `authentik_policies_dummy.dummypolicy` - `authentik_policies_event_matcher.eventmatcherpolicy` - `authentik_policies_expiry.passwordexpirypolicy` - `authentik_policies_expression.expressionpolicy` - `authentik_policies_password.passwordpolicy` - `authentik_policies_reputation.reputationpolicy` - `authentik_policies_reputation.reputation` - `authentik_policies.policybinding` - `authentik_providers_ldap.ldapprovider` - `authentik_providers_oauth2.scopemapping` - `authentik_providers_oauth2.oauth2provider` - `authentik_providers_oauth2.authorizationcode` - `authentik_providers_oauth2.accesstoken` - `authentik_providers_oauth2.refreshtoken` - `authentik_providers_proxy.proxyprovider` - `authentik_providers_radius.radiusprovider` - `authentik_providers_saml.samlprovider` - `authentik_providers_saml.samlpropertymapping` - `authentik_providers_scim.scimprovider` - `authentik_providers_scim.scimmapping` - `authentik_sources_ldap.ldapsource` - `authentik_sources_ldap.ldappropertymapping` - `authentik_sources_oauth.oauthsource` - `authentik_sources_oauth.useroauthsourceconnection` - `authentik_sources_plex.plexsource` - `authentik_sources_plex.plexsourceconnection` - `authentik_sources_saml.samlsource` - `authentik_sources_saml.usersamlsourceconnection` - `authentik_stages_authenticator_duo.authenticatorduostage` - `authentik_stages_authenticator_duo.duodevice` - `authentik_stages_authenticator_sms.authenticatorsmsstage` - `authentik_stages_authenticator_sms.smsdevice` - `authentik_stages_authenticator_static.authenticatorstaticstage` - `authentik_stages_authenticator_totp.authenticatortotpstage` - `authentik_stages_authenticator_validate.authenticatorvalidatestage` - `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - `authentik_stages_authenticator_webauthn.webauthndevice` - `authentik_stages_captcha.captchastage` - `authentik_stages_consent.consentstage` - `authentik_stages_consent.userconsent` - `authentik_stages_deny.denystage` - `authentik_stages_dummy.dummystage` - `authentik_stages_email.emailstage` - `authentik_stages_identification.identificationstage` - `authentik_stages_invitation.invitationstage` - `authentik_stages_invitation.invitation` - `authentik_stages_password.passwordstage` - `authentik_stages_prompt.prompt` - `authentik_stages_prompt.promptstage` - `authentik_stages_user_delete.userdeletestage` - `authentik_stages_user_login.userloginstage` - `authentik_stages_user_logout.userlogoutstage` - `authentik_stages_user_write.userwritestage` - `authentik_tenants.tenant` - `authentik_blueprints.blueprintinstance` - `authentik_core.group` - `authentik_core.user` - `authentik_core.application` - `authentik_core.token` - Changed property `app` (string) > - `authentik.admin` - authentik Admin > - `authentik.api` - authentik API > - `authentik.crypto` - authentik Crypto > - `authentik.events` - authentik Events > - `authentik.flows` - authentik Flows > - `authentik.lib` - authentik lib > - `authentik.outposts` - authentik Outpost > - `authentik.policies.dummy` - authentik Policies.Dummy > - `authentik.policies.event_matcher` - authentik Policies.Event Matcher > - `authentik.policies.expiry` - authentik Policies.Expiry > - `authentik.policies.expression` - authentik Policies.Expression > - `authentik.policies.password` - authentik Policies.Password > - `authentik.policies.reputation` - authentik Policies.Reputation > - `authentik.policies` - authentik Policies > - `authentik.providers.ldap` - authentik Providers.LDAP > - `authentik.providers.oauth2` - authentik Providers.OAuth2 > - `authentik.providers.proxy` - authentik Providers.Proxy > - `authentik.providers.radius` - authentik Providers.Radius > - `authentik.providers.saml` - authentik Providers.SAML > - `authentik.providers.scim` - authentik Providers.SCIM > - `authentik.recovery` - authentik Recovery > - `authentik.sources.ldap` - authentik Sources.LDAP > - `authentik.sources.oauth` - authentik Sources.OAuth > - `authentik.sources.plex` - authentik Sources.Plex > - `authentik.sources.saml` - authentik Sources.SAML > - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo > - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS > - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static > - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP > - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate > - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn > - `authentik.stages.captcha` - authentik Stages.Captcha > - `authentik.stages.consent` - authentik Stages.Consent > - `authentik.stages.deny` - authentik Stages.Deny > - `authentik.stages.dummy` - authentik Stages.Dummy > - `authentik.stages.email` - authentik Stages.Email > - `authentik.stages.identification` - authentik Stages.Identification > - `authentik.stages.invitation` - authentik Stages.User Invitation > - `authentik.stages.password` - authentik Stages.Password > - `authentik.stages.prompt` - authentik Stages.Prompt > - `authentik.stages.user_delete` - authentik Stages.User Delete > - `authentik.stages.user_login` - authentik Stages.User Login > - `authentik.stages.user_logout` - authentik Stages.User Logout > - `authentik.stages.user_write` - authentik Stages.User Write > - `authentik.tenants` - authentik Tenants > - `authentik.blueprints` - authentik Blueprints > - `authentik.core` - authentik Core > - `authentik.enterprise` - authentik Enterprise Added enum value: - `authentik.enterprise` ##### `PUT` /policies/event_matcher/{policy_uuid}/ ###### Request: Changed content type : `application/json` - Added property `model` (object) > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. > > - `authentik_crypto.certificatekeypair` - Certificate-Key Pair > - `authentik_events.event` - Event > - `authentik_events.notificationtransport` - Notification Transport > - `authentik_events.notification` - Notification > - `authentik_events.notificationrule` - Notification Rule > - `authentik_events.notificationwebhookmapping` - Webhook Mapping > - `authentik_flows.flow` - Flow > - `authentik_flows.flowstagebinding` - Flow Stage Binding > - `authentik_outposts.dockerserviceconnection` - Docker Service-Connection > - `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection > - `authentik_outposts.outpost` - outpost > - `authentik_policies_dummy.dummypolicy` - Dummy Policy > - `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy > - `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy > - `authentik_policies_expression.expressionpolicy` - Expression Policy > - `authentik_policies_password.passwordpolicy` - Password Policy > - `authentik_policies_reputation.reputationpolicy` - Reputation Policy > - `authentik_policies_reputation.reputation` - reputation > - `authentik_policies.policybinding` - Policy Binding > - `authentik_providers_ldap.ldapprovider` - LDAP Provider > - `authentik_providers_oauth2.scopemapping` - Scope Mapping > - `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider > - `authentik_providers_oauth2.authorizationcode` - Authorization Code > - `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token > - `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token > - `authentik_providers_proxy.proxyprovider` - Proxy Provider > - `authentik_providers_radius.radiusprovider` - Radius Provider > - `authentik_providers_saml.samlprovider` - SAML Provider > - `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping > - `authentik_providers_scim.scimprovider` - SCIM Provider > - `authentik_providers_scim.scimmapping` - SCIM Mapping > - `authentik_sources_ldap.ldapsource` - LDAP Source > - `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping > - `authentik_sources_oauth.oauthsource` - OAuth Source > - `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection > - `authentik_sources_plex.plexsource` - Plex Source > - `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection > - `authentik_sources_saml.samlsource` - SAML Source > - `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection > - `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage > - `authentik_stages_authenticator_duo.duodevice` - Duo Device > - `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage > - `authentik_stages_authenticator_sms.smsdevice` - SMS Device > - `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage > - `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage > - `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage > - `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage > - `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device > - `authentik_stages_captcha.captchastage` - Captcha Stage > - `authentik_stages_consent.consentstage` - Consent Stage > - `authentik_stages_consent.userconsent` - User Consent > - `authentik_stages_deny.denystage` - Deny Stage > - `authentik_stages_dummy.dummystage` - Dummy Stage > - `authentik_stages_email.emailstage` - Email Stage > - `authentik_stages_identification.identificationstage` - Identification Stage > - `authentik_stages_invitation.invitationstage` - Invitation Stage > - `authentik_stages_invitation.invitation` - Invitation > - `authentik_stages_password.passwordstage` - Password Stage > - `authentik_stages_prompt.prompt` - Prompt > - `authentik_stages_prompt.promptstage` - Prompt Stage > - `authentik_stages_user_delete.userdeletestage` - User Delete Stage > - `authentik_stages_user_login.userloginstage` - User Login Stage > - `authentik_stages_user_logout.userlogoutstage` - User Logout Stage > - `authentik_stages_user_write.userwritestage` - User Write Stage > - `authentik_tenants.tenant` - Tenant > - `authentik_blueprints.blueprintinstance` - Blueprint Instance > - `authentik_core.group` - group > - `authentik_core.user` - User > - `authentik_core.application` - Application > - `authentik_core.token` - Token - Changed property `app` (string) > - `authentik.admin` - authentik Admin > - `authentik.api` - authentik API > - `authentik.crypto` - authentik Crypto > - `authentik.events` - authentik Events > - `authentik.flows` - authentik Flows > - `authentik.lib` - authentik lib > - `authentik.outposts` - authentik Outpost > - `authentik.policies.dummy` - authentik Policies.Dummy > - `authentik.policies.event_matcher` - authentik Policies.Event Matcher > - `authentik.policies.expiry` - authentik Policies.Expiry > - `authentik.policies.expression` - authentik Policies.Expression > - `authentik.policies.password` - authentik Policies.Password > - `authentik.policies.reputation` - authentik Policies.Reputation > - `authentik.policies` - authentik Policies > - `authentik.providers.ldap` - authentik Providers.LDAP > - `authentik.providers.oauth2` - authentik Providers.OAuth2 > - `authentik.providers.proxy` - authentik Providers.Proxy > - `authentik.providers.radius` - authentik Providers.Radius > - `authentik.providers.saml` - authentik Providers.SAML > - `authentik.providers.scim` - authentik Providers.SCIM > - `authentik.recovery` - authentik Recovery > - `authentik.sources.ldap` - authentik Sources.LDAP > - `authentik.sources.oauth` - authentik Sources.OAuth > - `authentik.sources.plex` - authentik Sources.Plex > - `authentik.sources.saml` - authentik Sources.SAML > - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo > - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS > - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static > - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP > - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate > - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn > - `authentik.stages.captcha` - authentik Stages.Captcha > - `authentik.stages.consent` - authentik Stages.Consent > - `authentik.stages.deny` - authentik Stages.Deny > - `authentik.stages.dummy` - authentik Stages.Dummy > - `authentik.stages.email` - authentik Stages.Email > - `authentik.stages.identification` - authentik Stages.Identification > - `authentik.stages.invitation` - authentik Stages.User Invitation > - `authentik.stages.password` - authentik Stages.Password > - `authentik.stages.prompt` - authentik Stages.Prompt > - `authentik.stages.user_delete` - authentik Stages.User Delete > - `authentik.stages.user_login` - authentik Stages.User Login > - `authentik.stages.user_logout` - authentik Stages.User Logout > - `authentik.stages.user_write` - authentik Stages.User Write > - `authentik.tenants` - authentik Tenants > - `authentik.blueprints` - authentik Blueprints > - `authentik.core` - authentik Core > - `authentik.enterprise` - authentik Enterprise Added enum value: - `authentik.enterprise` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `model` (object) > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. > > - `authentik_crypto.certificatekeypair` - Certificate-Key Pair > - `authentik_events.event` - Event > - `authentik_events.notificationtransport` - Notification Transport > - `authentik_events.notification` - Notification > - `authentik_events.notificationrule` - Notification Rule > - `authentik_events.notificationwebhookmapping` - Webhook Mapping > - `authentik_flows.flow` - Flow > - `authentik_flows.flowstagebinding` - Flow Stage Binding > - `authentik_outposts.dockerserviceconnection` - Docker Service-Connection > - `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection > - `authentik_outposts.outpost` - outpost > - `authentik_policies_dummy.dummypolicy` - Dummy Policy > - `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy > - `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy > - `authentik_policies_expression.expressionpolicy` - Expression Policy > - `authentik_policies_password.passwordpolicy` - Password Policy > - `authentik_policies_reputation.reputationpolicy` - Reputation Policy > - `authentik_policies_reputation.reputation` - reputation > - `authentik_policies.policybinding` - Policy Binding > - `authentik_providers_ldap.ldapprovider` - LDAP Provider > - `authentik_providers_oauth2.scopemapping` - Scope Mapping > - `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider > - `authentik_providers_oauth2.authorizationcode` - Authorization Code > - `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token > - `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token > - `authentik_providers_proxy.proxyprovider` - Proxy Provider > - `authentik_providers_radius.radiusprovider` - Radius Provider > - `authentik_providers_saml.samlprovider` - SAML Provider > - `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping > - `authentik_providers_scim.scimprovider` - SCIM Provider > - `authentik_providers_scim.scimmapping` - SCIM Mapping > - `authentik_sources_ldap.ldapsource` - LDAP Source > - `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping > - `authentik_sources_oauth.oauthsource` - OAuth Source > - `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection > - `authentik_sources_plex.plexsource` - Plex Source > - `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection > - `authentik_sources_saml.samlsource` - SAML Source > - `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection > - `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage > - `authentik_stages_authenticator_duo.duodevice` - Duo Device > - `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage > - `authentik_stages_authenticator_sms.smsdevice` - SMS Device > - `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage > - `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage > - `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage > - `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage > - `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device > - `authentik_stages_captcha.captchastage` - Captcha Stage > - `authentik_stages_consent.consentstage` - Consent Stage > - `authentik_stages_consent.userconsent` - User Consent > - `authentik_stages_deny.denystage` - Deny Stage > - `authentik_stages_dummy.dummystage` - Dummy Stage > - `authentik_stages_email.emailstage` - Email Stage > - `authentik_stages_identification.identificationstage` - Identification Stage > - `authentik_stages_invitation.invitationstage` - Invitation Stage > - `authentik_stages_invitation.invitation` - Invitation > - `authentik_stages_password.passwordstage` - Password Stage > - `authentik_stages_prompt.prompt` - Prompt > - `authentik_stages_prompt.promptstage` - Prompt Stage > - `authentik_stages_user_delete.userdeletestage` - User Delete Stage > - `authentik_stages_user_login.userloginstage` - User Login Stage > - `authentik_stages_user_logout.userlogoutstage` - User Logout Stage > - `authentik_stages_user_write.userwritestage` - User Write Stage > - `authentik_tenants.tenant` - Tenant > - `authentik_blueprints.blueprintinstance` - Blueprint Instance > - `authentik_core.group` - group > - `authentik_core.user` - User > - `authentik_core.application` - Application > - `authentik_core.token` - Token - Changed property `app` (string) > - `authentik.admin` - authentik Admin > - `authentik.api` - authentik API > - `authentik.crypto` - authentik Crypto > - `authentik.events` - authentik Events > - `authentik.flows` - authentik Flows > - `authentik.lib` - authentik lib > - `authentik.outposts` - authentik Outpost > - `authentik.policies.dummy` - authentik Policies.Dummy > - `authentik.policies.event_matcher` - authentik Policies.Event Matcher > - `authentik.policies.expiry` - authentik Policies.Expiry > - `authentik.policies.expression` - authentik Policies.Expression > - `authentik.policies.password` - authentik Policies.Password > - `authentik.policies.reputation` - authentik Policies.Reputation > - `authentik.policies` - authentik Policies > - `authentik.providers.ldap` - authentik Providers.LDAP > - `authentik.providers.oauth2` - authentik Providers.OAuth2 > - `authentik.providers.proxy` - authentik Providers.Proxy > - `authentik.providers.radius` - authentik Providers.Radius > - `authentik.providers.saml` - authentik Providers.SAML > - `authentik.providers.scim` - authentik Providers.SCIM > - `authentik.recovery` - authentik Recovery > - `authentik.sources.ldap` - authentik Sources.LDAP > - `authentik.sources.oauth` - authentik Sources.OAuth > - `authentik.sources.plex` - authentik Sources.Plex > - `authentik.sources.saml` - authentik Sources.SAML > - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo > - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS > - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static > - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP > - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate > - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn > - `authentik.stages.captcha` - authentik Stages.Captcha > - `authentik.stages.consent` - authentik Stages.Consent > - `authentik.stages.deny` - authentik Stages.Deny > - `authentik.stages.dummy` - authentik Stages.Dummy > - `authentik.stages.email` - authentik Stages.Email > - `authentik.stages.identification` - authentik Stages.Identification > - `authentik.stages.invitation` - authentik Stages.User Invitation > - `authentik.stages.password` - authentik Stages.Password > - `authentik.stages.prompt` - authentik Stages.Prompt > - `authentik.stages.user_delete` - authentik Stages.User Delete > - `authentik.stages.user_login` - authentik Stages.User Login > - `authentik.stages.user_logout` - authentik Stages.User Logout > - `authentik.stages.user_write` - authentik Stages.User Write > - `authentik.tenants` - authentik Tenants > - `authentik.blueprints` - authentik Blueprints > - `authentik.core` - authentik Core > - `authentik.enterprise` - authentik Enterprise Added enum value: - `authentik.enterprise` ##### `PATCH` /policies/event_matcher/{policy_uuid}/ ###### Request: Changed content type : `application/json` - Added property `model` (object) > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. > > - `authentik_crypto.certificatekeypair` - Certificate-Key Pair > - `authentik_events.event` - Event > - `authentik_events.notificationtransport` - Notification Transport > - `authentik_events.notification` - Notification > - `authentik_events.notificationrule` - Notification Rule > - `authentik_events.notificationwebhookmapping` - Webhook Mapping > - `authentik_flows.flow` - Flow > - `authentik_flows.flowstagebinding` - Flow Stage Binding > - `authentik_outposts.dockerserviceconnection` - Docker Service-Connection > - `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection > - `authentik_outposts.outpost` - outpost > - `authentik_policies_dummy.dummypolicy` - Dummy Policy > - `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy > - `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy > - `authentik_policies_expression.expressionpolicy` - Expression Policy > - `authentik_policies_password.passwordpolicy` - Password Policy > - `authentik_policies_reputation.reputationpolicy` - Reputation Policy > - `authentik_policies_reputation.reputation` - reputation > - `authentik_policies.policybinding` - Policy Binding > - `authentik_providers_ldap.ldapprovider` - LDAP Provider > - `authentik_providers_oauth2.scopemapping` - Scope Mapping > - `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider > - `authentik_providers_oauth2.authorizationcode` - Authorization Code > - `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token > - `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token > - `authentik_providers_proxy.proxyprovider` - Proxy Provider > - `authentik_providers_radius.radiusprovider` - Radius Provider > - `authentik_providers_saml.samlprovider` - SAML Provider > - `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping > - `authentik_providers_scim.scimprovider` - SCIM Provider > - `authentik_providers_scim.scimmapping` - SCIM Mapping > - `authentik_sources_ldap.ldapsource` - LDAP Source > - `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping > - `authentik_sources_oauth.oauthsource` - OAuth Source > - `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection > - `authentik_sources_plex.plexsource` - Plex Source > - `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection > - `authentik_sources_saml.samlsource` - SAML Source > - `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection > - `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage > - `authentik_stages_authenticator_duo.duodevice` - Duo Device > - `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage > - `authentik_stages_authenticator_sms.smsdevice` - SMS Device > - `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage > - `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage > - `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage > - `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage > - `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device > - `authentik_stages_captcha.captchastage` - Captcha Stage > - `authentik_stages_consent.consentstage` - Consent Stage > - `authentik_stages_consent.userconsent` - User Consent > - `authentik_stages_deny.denystage` - Deny Stage > - `authentik_stages_dummy.dummystage` - Dummy Stage > - `authentik_stages_email.emailstage` - Email Stage > - `authentik_stages_identification.identificationstage` - Identification Stage > - `authentik_stages_invitation.invitationstage` - Invitation Stage > - `authentik_stages_invitation.invitation` - Invitation > - `authentik_stages_password.passwordstage` - Password Stage > - `authentik_stages_prompt.prompt` - Prompt > - `authentik_stages_prompt.promptstage` - Prompt Stage > - `authentik_stages_user_delete.userdeletestage` - User Delete Stage > - `authentik_stages_user_login.userloginstage` - User Login Stage > - `authentik_stages_user_logout.userlogoutstage` - User Logout Stage > - `authentik_stages_user_write.userwritestage` - User Write Stage > - `authentik_tenants.tenant` - Tenant > - `authentik_blueprints.blueprintinstance` - Blueprint Instance > - `authentik_core.group` - group > - `authentik_core.user` - User > - `authentik_core.application` - Application > - `authentik_core.token` - Token - Changed property `app` (string) > - `authentik.admin` - authentik Admin > - `authentik.api` - authentik API > - `authentik.crypto` - authentik Crypto > - `authentik.events` - authentik Events > - `authentik.flows` - authentik Flows > - `authentik.lib` - authentik lib > - `authentik.outposts` - authentik Outpost > - `authentik.policies.dummy` - authentik Policies.Dummy > - `authentik.policies.event_matcher` - authentik Policies.Event Matcher > - `authentik.policies.expiry` - authentik Policies.Expiry > - `authentik.policies.expression` - authentik Policies.Expression > - `authentik.policies.password` - authentik Policies.Password > - `authentik.policies.reputation` - authentik Policies.Reputation > - `authentik.policies` - authentik Policies > - `authentik.providers.ldap` - authentik Providers.LDAP > - `authentik.providers.oauth2` - authentik Providers.OAuth2 > - `authentik.providers.proxy` - authentik Providers.Proxy > - `authentik.providers.radius` - authentik Providers.Radius > - `authentik.providers.saml` - authentik Providers.SAML > - `authentik.providers.scim` - authentik Providers.SCIM > - `authentik.recovery` - authentik Recovery > - `authentik.sources.ldap` - authentik Sources.LDAP > - `authentik.sources.oauth` - authentik Sources.OAuth > - `authentik.sources.plex` - authentik Sources.Plex > - `authentik.sources.saml` - authentik Sources.SAML > - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo > - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS > - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static > - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP > - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate > - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn > - `authentik.stages.captcha` - authentik Stages.Captcha > - `authentik.stages.consent` - authentik Stages.Consent > - `authentik.stages.deny` - authentik Stages.Deny > - `authentik.stages.dummy` - authentik Stages.Dummy > - `authentik.stages.email` - authentik Stages.Email > - `authentik.stages.identification` - authentik Stages.Identification > - `authentik.stages.invitation` - authentik Stages.User Invitation > - `authentik.stages.password` - authentik Stages.Password > - `authentik.stages.prompt` - authentik Stages.Prompt > - `authentik.stages.user_delete` - authentik Stages.User Delete > - `authentik.stages.user_login` - authentik Stages.User Login > - `authentik.stages.user_logout` - authentik Stages.User Logout > - `authentik.stages.user_write` - authentik Stages.User Write > - `authentik.tenants` - authentik Tenants > - `authentik.blueprints` - authentik Blueprints > - `authentik.core` - authentik Core > - `authentik.enterprise` - authentik Enterprise Added enum value: - `authentik.enterprise` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `model` (object) > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. > > - `authentik_crypto.certificatekeypair` - Certificate-Key Pair > - `authentik_events.event` - Event > - `authentik_events.notificationtransport` - Notification Transport > - `authentik_events.notification` - Notification > - `authentik_events.notificationrule` - Notification Rule > - `authentik_events.notificationwebhookmapping` - Webhook Mapping > - `authentik_flows.flow` - Flow > - `authentik_flows.flowstagebinding` - Flow Stage Binding > - `authentik_outposts.dockerserviceconnection` - Docker Service-Connection > - `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection > - `authentik_outposts.outpost` - outpost > - `authentik_policies_dummy.dummypolicy` - Dummy Policy > - `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy > - `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy > - `authentik_policies_expression.expressionpolicy` - Expression Policy > - `authentik_policies_password.passwordpolicy` - Password Policy > - `authentik_policies_reputation.reputationpolicy` - Reputation Policy > - `authentik_policies_reputation.reputation` - reputation > - `authentik_policies.policybinding` - Policy Binding > - `authentik_providers_ldap.ldapprovider` - LDAP Provider > - `authentik_providers_oauth2.scopemapping` - Scope Mapping > - `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider > - `authentik_providers_oauth2.authorizationcode` - Authorization Code > - `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token > - `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token > - `authentik_providers_proxy.proxyprovider` - Proxy Provider > - `authentik_providers_radius.radiusprovider` - Radius Provider > - `authentik_providers_saml.samlprovider` - SAML Provider > - `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping > - `authentik_providers_scim.scimprovider` - SCIM Provider > - `authentik_providers_scim.scimmapping` - SCIM Mapping > - `authentik_sources_ldap.ldapsource` - LDAP Source > - `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping > - `authentik_sources_oauth.oauthsource` - OAuth Source > - `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection > - `authentik_sources_plex.plexsource` - Plex Source > - `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection > - `authentik_sources_saml.samlsource` - SAML Source > - `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection > - `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage > - `authentik_stages_authenticator_duo.duodevice` - Duo Device > - `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage > - `authentik_stages_authenticator_sms.smsdevice` - SMS Device > - `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage > - `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage > - `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage > - `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage > - `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device > - `authentik_stages_captcha.captchastage` - Captcha Stage > - `authentik_stages_consent.consentstage` - Consent Stage > - `authentik_stages_consent.userconsent` - User Consent > - `authentik_stages_deny.denystage` - Deny Stage > - `authentik_stages_dummy.dummystage` - Dummy Stage > - `authentik_stages_email.emailstage` - Email Stage > - `authentik_stages_identification.identificationstage` - Identification Stage > - `authentik_stages_invitation.invitationstage` - Invitation Stage > - `authentik_stages_invitation.invitation` - Invitation > - `authentik_stages_password.passwordstage` - Password Stage > - `authentik_stages_prompt.prompt` - Prompt > - `authentik_stages_prompt.promptstage` - Prompt Stage > - `authentik_stages_user_delete.userdeletestage` - User Delete Stage > - `authentik_stages_user_login.userloginstage` - User Login Stage > - `authentik_stages_user_logout.userlogoutstage` - User Logout Stage > - `authentik_stages_user_write.userwritestage` - User Write Stage > - `authentik_tenants.tenant` - Tenant > - `authentik_blueprints.blueprintinstance` - Blueprint Instance > - `authentik_core.group` - group > - `authentik_core.user` - User > - `authentik_core.application` - Application > - `authentik_core.token` - Token - Changed property `app` (string) > - `authentik.admin` - authentik Admin > - `authentik.api` - authentik API > - `authentik.crypto` - authentik Crypto > - `authentik.events` - authentik Events > - `authentik.flows` - authentik Flows > - `authentik.lib` - authentik lib > - `authentik.outposts` - authentik Outpost > - `authentik.policies.dummy` - authentik Policies.Dummy > - `authentik.policies.event_matcher` - authentik Policies.Event Matcher > - `authentik.policies.expiry` - authentik Policies.Expiry > - `authentik.policies.expression` - authentik Policies.Expression > - `authentik.policies.password` - authentik Policies.Password > - `authentik.policies.reputation` - authentik Policies.Reputation > - `authentik.policies` - authentik Policies > - `authentik.providers.ldap` - authentik Providers.LDAP > - `authentik.providers.oauth2` - authentik Providers.OAuth2 > - `authentik.providers.proxy` - authentik Providers.Proxy > - `authentik.providers.radius` - authentik Providers.Radius > - `authentik.providers.saml` - authentik Providers.SAML > - `authentik.providers.scim` - authentik Providers.SCIM > - `authentik.recovery` - authentik Recovery > - `authentik.sources.ldap` - authentik Sources.LDAP > - `authentik.sources.oauth` - authentik Sources.OAuth > - `authentik.sources.plex` - authentik Sources.Plex > - `authentik.sources.saml` - authentik Sources.SAML > - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo > - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS > - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static > - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP > - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate > - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn > - `authentik.stages.captcha` - authentik Stages.Captcha > - `authentik.stages.consent` - authentik Stages.Consent > - `authentik.stages.deny` - authentik Stages.Deny > - `authentik.stages.dummy` - authentik Stages.Dummy > - `authentik.stages.email` - authentik Stages.Email > - `authentik.stages.identification` - authentik Stages.Identification > - `authentik.stages.invitation` - authentik Stages.User Invitation > - `authentik.stages.password` - authentik Stages.Password > - `authentik.stages.prompt` - authentik Stages.Prompt > - `authentik.stages.user_delete` - authentik Stages.User Delete > - `authentik.stages.user_login` - authentik Stages.User Login > - `authentik.stages.user_logout` - authentik Stages.User Logout > - `authentik.stages.user_write` - authentik Stages.User Write > - `authentik.tenants` - authentik Tenants > - `authentik.blueprints` - authentik Blueprints > - `authentik.core` - authentik Core > - `authentik.enterprise` - authentik Enterprise Added enum value: - `authentik.enterprise` ##### `GET` /propertymappings/all/{pm_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `GET` /propertymappings/ldap/{pm_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `PUT` /propertymappings/ldap/{pm_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `PATCH` /propertymappings/ldap/{pm_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `GET` /propertymappings/saml/{pm_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `PUT` /propertymappings/saml/{pm_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `PATCH` /propertymappings/saml/{pm_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `GET` /propertymappings/scim/{pm_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `PUT` /propertymappings/scim/{pm_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `PATCH` /propertymappings/scim/{pm_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `GET` /propertymappings/scope/{pm_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `PUT` /propertymappings/scope/{pm_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `PATCH` /propertymappings/scope/{pm_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `GET` /providers/all/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. ##### `GET` /providers/oauth2/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Changed property `sub_mode` (string) > - `hashed_user_id` - Based on the Hashed User ID > - `user_id` - Based on user ID > - `user_uuid` - Based on user UUID > - `user_username` - Based on the username > - `user_email` - Based on the User's Email. This is recommended over the UPN method. > - `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. Added enum value: - `user_uuid` ##### `PUT` /providers/oauth2/{id}/ ###### Request: Changed content type : `application/json` - Changed property `sub_mode` (string) > - `hashed_user_id` - Based on the Hashed User ID > - `user_id` - Based on user ID > - `user_uuid` - Based on user UUID > - `user_username` - Based on the username > - `user_email` - Based on the User's Email. This is recommended over the UPN method. > - `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. Added enum value: - `user_uuid` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Changed property `sub_mode` (string) > - `hashed_user_id` - Based on the Hashed User ID > - `user_id` - Based on user ID > - `user_uuid` - Based on user UUID > - `user_username` - Based on the username > - `user_email` - Based on the User's Email. This is recommended over the UPN method. > - `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. Added enum value: - `user_uuid` ##### `PATCH` /providers/oauth2/{id}/ ###### Request: Changed content type : `application/json` - Changed property `sub_mode` (string) > - `hashed_user_id` - Based on the Hashed User ID > - `user_id` - Based on user ID > - `user_uuid` - Based on user UUID > - `user_username` - Based on the username > - `user_email` - Based on the User's Email. This is recommended over the UPN method. > - `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. Added enum value: - `user_uuid` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Changed property `sub_mode` (string) > - `hashed_user_id` - Based on the Hashed User ID > - `user_id` - Based on user ID > - `user_uuid` - Based on user UUID > - `user_username` - Based on the username > - `user_email` - Based on the User's Email. This is recommended over the UPN method. > - `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. Added enum value: - `user_uuid` ##### `GET` /providers/proxy/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. ##### `PUT` /providers/proxy/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. ##### `PATCH` /providers/proxy/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. ##### `GET` /providers/radius/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` - `outpost_set` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Added property `outpost_set` (array) Items (string): ##### `PUT` /providers/radius/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` - `outpost_set` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Added property `outpost_set` (array) ##### `PATCH` /providers/radius/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` - `outpost_set` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Added property `outpost_set` (array) ##### `GET` /providers/scim/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` New optional properties: - `assigned_application_name` - `assigned_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Deleted property `assigned_application_slug` (string) > Internal application name, used in URLs. * Deleted property `assigned_application_name` (string) > Application's display Name. ##### `PUT` /providers/scim/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` New optional properties: - `assigned_application_name` - `assigned_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Deleted property `assigned_application_slug` (string) > Internal application name, used in URLs. * Deleted property `assigned_application_name` (string) > Application's display Name. ##### `PATCH` /providers/scim/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` New optional properties: - `assigned_application_name` - `assigned_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Deleted property `assigned_application_slug` (string) > Internal application name, used in URLs. * Deleted property `assigned_application_name` (string) > Application's display Name. ##### `GET` /core/applications/{slug}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `backchannel_providers_obj` * Added property `backchannel_providers` (array) Items (integer): * Added property `backchannel_providers_obj` (array) Items (object): > Provider Serializer - Property `pk` (integer) - Property `name` (string) - Property `authentication_flow` (string) > Flow used for authentication when the associated application is accessed by an un-authenticated user. - Property `authorization_flow` (string) > Flow used when authorizing this provider. - Property `property_mappings` (array) Items (string): - Property `component` (string) > Get object component so that we know how to edit the object - Property `assigned_application_slug` (string) > Internal application name, used in URLs. - Property `assigned_application_name` (string) > Application's display Name. - Property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. - Property `assigned_backchannel_application_name` (string) > Application's display Name. - Property `verbose_name` (string) > Return object's verbose_name - Property `verbose_name_plural` (string) > Return object's plural verbose_name - Property `meta_model_name` (string) > Return internal model name * Changed property `provider_obj` (object) > Provider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /core/applications/{slug}/ ###### Request: Changed content type : `application/json` - Added property `backchannel_providers` (array) - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `backchannel_providers_obj` * Added property `backchannel_providers` (array) * Added property `backchannel_providers_obj` (array) * Changed property `provider_obj` (object) > Provider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /core/applications/{slug}/ ###### Request: Changed content type : `application/json` - Added property `backchannel_providers` (array) - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `backchannel_providers_obj` * Added property `backchannel_providers` (array) * Added property `backchannel_providers_obj` (array) * Changed property `provider_obj` (object) > Provider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /core/tokens/{identifier}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `user_obj` (object) > User Serializer New optional properties: - `groups` ##### `PUT` /core/tokens/{identifier}/ ###### Request: Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `user_obj` (object) > User Serializer New optional properties: - `groups` ##### `PATCH` /core/tokens/{identifier}/ ###### Request: Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `user_obj` (object) > User Serializer New optional properties: - `groups` ##### `GET` /core/users/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New optional properties: - `groups` ##### `PUT` /core/users/{id}/ ###### Request: Changed content type : `application/json` New optional properties: - `groups` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New optional properties: - `groups` ##### `PATCH` /core/users/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New optional properties: - `groups` ##### `POST` /crypto/certificatekeypairs/ ###### Request: Changed content type : `application/json` - Deleted property `managed` (string) > Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` New required properties: - `managed` * Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `GET` /crypto/certificatekeypairs/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > CertificateKeyPair Serializer New required properties: - `managed` * Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `GET` /flows/instances/{slug}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /flows/instances/{slug}/ ###### Request: Changed content type : `application/json` - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /flows/instances/{slug}/ ###### Request: Changed content type : `application/json` - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /outposts/instances/{uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `providers_obj` (array) Changed items (object): > Provider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. ##### `PUT` /outposts/instances/{uuid}/ ###### Request: Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `providers_obj` (array) Changed items (object): > Provider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. ##### `PATCH` /outposts/instances/{uuid}/ ###### Request: Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `providers_obj` (array) Changed items (object): > Provider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. ##### `GET` /outposts/ldap/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `mfa_support` (boolean) > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. - Changed property `application_slug` (string) > Prioritise backchannel slug over direct application slug - Changed property `uid_start_number` (integer) > The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber - Changed property `gid_start_number` (integer) > The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber ##### `GET` /policies/bindings/{policy_binding_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `user_obj` (object) > User Serializer New optional properties: - `groups` ##### `PUT` /policies/bindings/{policy_binding_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `user_obj` (object) > User Serializer New optional properties: - `groups` ##### `PATCH` /policies/bindings/{policy_binding_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `user_obj` (object) > User Serializer New optional properties: - `groups` ##### `POST` /policies/event_matcher/ ###### Request: Changed content type : `application/json` - Added property `model` (object) > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. > > - `authentik_crypto.certificatekeypair` - Certificate-Key Pair > - `authentik_events.event` - Event > - `authentik_events.notificationtransport` - Notification Transport > - `authentik_events.notification` - Notification > - `authentik_events.notificationrule` - Notification Rule > - `authentik_events.notificationwebhookmapping` - Webhook Mapping > - `authentik_flows.flow` - Flow > - `authentik_flows.flowstagebinding` - Flow Stage Binding > - `authentik_outposts.dockerserviceconnection` - Docker Service-Connection > - `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection > - `authentik_outposts.outpost` - outpost > - `authentik_policies_dummy.dummypolicy` - Dummy Policy > - `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy > - `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy > - `authentik_policies_expression.expressionpolicy` - Expression Policy > - `authentik_policies_password.passwordpolicy` - Password Policy > - `authentik_policies_reputation.reputationpolicy` - Reputation Policy > - `authentik_policies_reputation.reputation` - reputation > - `authentik_policies.policybinding` - Policy Binding > - `authentik_providers_ldap.ldapprovider` - LDAP Provider > - `authentik_providers_oauth2.scopemapping` - Scope Mapping > - `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider > - `authentik_providers_oauth2.authorizationcode` - Authorization Code > - `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token > - `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token > - `authentik_providers_proxy.proxyprovider` - Proxy Provider > - `authentik_providers_radius.radiusprovider` - Radius Provider > - `authentik_providers_saml.samlprovider` - SAML Provider > - `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping > - `authentik_providers_scim.scimprovider` - SCIM Provider > - `authentik_providers_scim.scimmapping` - SCIM Mapping > - `authentik_sources_ldap.ldapsource` - LDAP Source > - `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping > - `authentik_sources_oauth.oauthsource` - OAuth Source > - `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection > - `authentik_sources_plex.plexsource` - Plex Source > - `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection > - `authentik_sources_saml.samlsource` - SAML Source > - `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection > - `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage > - `authentik_stages_authenticator_duo.duodevice` - Duo Device > - `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage > - `authentik_stages_authenticator_sms.smsdevice` - SMS Device > - `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage > - `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage > - `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage > - `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage > - `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device > - `authentik_stages_captcha.captchastage` - Captcha Stage > - `authentik_stages_consent.consentstage` - Consent Stage > - `authentik_stages_consent.userconsent` - User Consent > - `authentik_stages_deny.denystage` - Deny Stage > - `authentik_stages_dummy.dummystage` - Dummy Stage > - `authentik_stages_email.emailstage` - Email Stage > - `authentik_stages_identification.identificationstage` - Identification Stage > - `authentik_stages_invitation.invitationstage` - Invitation Stage > - `authentik_stages_invitation.invitation` - Invitation > - `authentik_stages_password.passwordstage` - Password Stage > - `authentik_stages_prompt.prompt` - Prompt > - `authentik_stages_prompt.promptstage` - Prompt Stage > - `authentik_stages_user_delete.userdeletestage` - User Delete Stage > - `authentik_stages_user_login.userloginstage` - User Login Stage > - `authentik_stages_user_logout.userlogoutstage` - User Logout Stage > - `authentik_stages_user_write.userwritestage` - User Write Stage > - `authentik_tenants.tenant` - Tenant > - `authentik_blueprints.blueprintinstance` - Blueprint Instance > - `authentik_core.group` - group > - `authentik_core.user` - User > - `authentik_core.application` - Application > - `authentik_core.token` - Token - Changed property `app` (string) > - `authentik.admin` - authentik Admin > - `authentik.api` - authentik API > - `authentik.crypto` - authentik Crypto > - `authentik.events` - authentik Events > - `authentik.flows` - authentik Flows > - `authentik.lib` - authentik lib > - `authentik.outposts` - authentik Outpost > - `authentik.policies.dummy` - authentik Policies.Dummy > - `authentik.policies.event_matcher` - authentik Policies.Event Matcher > - `authentik.policies.expiry` - authentik Policies.Expiry > - `authentik.policies.expression` - authentik Policies.Expression > - `authentik.policies.password` - authentik Policies.Password > - `authentik.policies.reputation` - authentik Policies.Reputation > - `authentik.policies` - authentik Policies > - `authentik.providers.ldap` - authentik Providers.LDAP > - `authentik.providers.oauth2` - authentik Providers.OAuth2 > - `authentik.providers.proxy` - authentik Providers.Proxy > - `authentik.providers.radius` - authentik Providers.Radius > - `authentik.providers.saml` - authentik Providers.SAML > - `authentik.providers.scim` - authentik Providers.SCIM > - `authentik.recovery` - authentik Recovery > - `authentik.sources.ldap` - authentik Sources.LDAP > - `authentik.sources.oauth` - authentik Sources.OAuth > - `authentik.sources.plex` - authentik Sources.Plex > - `authentik.sources.saml` - authentik Sources.SAML > - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo > - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS > - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static > - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP > - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate > - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn > - `authentik.stages.captcha` - authentik Stages.Captcha > - `authentik.stages.consent` - authentik Stages.Consent > - `authentik.stages.deny` - authentik Stages.Deny > - `authentik.stages.dummy` - authentik Stages.Dummy > - `authentik.stages.email` - authentik Stages.Email > - `authentik.stages.identification` - authentik Stages.Identification > - `authentik.stages.invitation` - authentik Stages.User Invitation > - `authentik.stages.password` - authentik Stages.Password > - `authentik.stages.prompt` - authentik Stages.Prompt > - `authentik.stages.user_delete` - authentik Stages.User Delete > - `authentik.stages.user_login` - authentik Stages.User Login > - `authentik.stages.user_logout` - authentik Stages.User Logout > - `authentik.stages.user_write` - authentik Stages.User Write > - `authentik.tenants` - authentik Tenants > - `authentik.blueprints` - authentik Blueprints > - `authentik.core` - authentik Core > - `authentik.enterprise` - authentik Enterprise Added enum value: - `authentik.enterprise` ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Added property `model` (object) > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. > > - `authentik_crypto.certificatekeypair` - Certificate-Key Pair > - `authentik_events.event` - Event > - `authentik_events.notificationtransport` - Notification Transport > - `authentik_events.notification` - Notification > - `authentik_events.notificationrule` - Notification Rule > - `authentik_events.notificationwebhookmapping` - Webhook Mapping > - `authentik_flows.flow` - Flow > - `authentik_flows.flowstagebinding` - Flow Stage Binding > - `authentik_outposts.dockerserviceconnection` - Docker Service-Connection > - `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection > - `authentik_outposts.outpost` - outpost > - `authentik_policies_dummy.dummypolicy` - Dummy Policy > - `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy > - `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy > - `authentik_policies_expression.expressionpolicy` - Expression Policy > - `authentik_policies_password.passwordpolicy` - Password Policy > - `authentik_policies_reputation.reputationpolicy` - Reputation Policy > - `authentik_policies_reputation.reputation` - reputation > - `authentik_policies.policybinding` - Policy Binding > - `authentik_providers_ldap.ldapprovider` - LDAP Provider > - `authentik_providers_oauth2.scopemapping` - Scope Mapping > - `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider > - `authentik_providers_oauth2.authorizationcode` - Authorization Code > - `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token > - `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token > - `authentik_providers_proxy.proxyprovider` - Proxy Provider > - `authentik_providers_radius.radiusprovider` - Radius Provider > - `authentik_providers_saml.samlprovider` - SAML Provider > - `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping > - `authentik_providers_scim.scimprovider` - SCIM Provider > - `authentik_providers_scim.scimmapping` - SCIM Mapping > - `authentik_sources_ldap.ldapsource` - LDAP Source > - `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping > - `authentik_sources_oauth.oauthsource` - OAuth Source > - `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection > - `authentik_sources_plex.plexsource` - Plex Source > - `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection > - `authentik_sources_saml.samlsource` - SAML Source > - `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection > - `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage > - `authentik_stages_authenticator_duo.duodevice` - Duo Device > - `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage > - `authentik_stages_authenticator_sms.smsdevice` - SMS Device > - `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage > - `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage > - `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage > - `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage > - `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device > - `authentik_stages_captcha.captchastage` - Captcha Stage > - `authentik_stages_consent.consentstage` - Consent Stage > - `authentik_stages_consent.userconsent` - User Consent > - `authentik_stages_deny.denystage` - Deny Stage > - `authentik_stages_dummy.dummystage` - Dummy Stage > - `authentik_stages_email.emailstage` - Email Stage > - `authentik_stages_identification.identificationstage` - Identification Stage > - `authentik_stages_invitation.invitationstage` - Invitation Stage > - `authentik_stages_invitation.invitation` - Invitation > - `authentik_stages_password.passwordstage` - Password Stage > - `authentik_stages_prompt.prompt` - Prompt > - `authentik_stages_prompt.promptstage` - Prompt Stage > - `authentik_stages_user_delete.userdeletestage` - User Delete Stage > - `authentik_stages_user_login.userloginstage` - User Login Stage > - `authentik_stages_user_logout.userlogoutstage` - User Logout Stage > - `authentik_stages_user_write.userwritestage` - User Write Stage > - `authentik_tenants.tenant` - Tenant > - `authentik_blueprints.blueprintinstance` - Blueprint Instance > - `authentik_core.group` - group > - `authentik_core.user` - User > - `authentik_core.application` - Application > - `authentik_core.token` - Token - Changed property `app` (string) > - `authentik.admin` - authentik Admin > - `authentik.api` - authentik API > - `authentik.crypto` - authentik Crypto > - `authentik.events` - authentik Events > - `authentik.flows` - authentik Flows > - `authentik.lib` - authentik lib > - `authentik.outposts` - authentik Outpost > - `authentik.policies.dummy` - authentik Policies.Dummy > - `authentik.policies.event_matcher` - authentik Policies.Event Matcher > - `authentik.policies.expiry` - authentik Policies.Expiry > - `authentik.policies.expression` - authentik Policies.Expression > - `authentik.policies.password` - authentik Policies.Password > - `authentik.policies.reputation` - authentik Policies.Reputation > - `authentik.policies` - authentik Policies > - `authentik.providers.ldap` - authentik Providers.LDAP > - `authentik.providers.oauth2` - authentik Providers.OAuth2 > - `authentik.providers.proxy` - authentik Providers.Proxy > - `authentik.providers.radius` - authentik Providers.Radius > - `authentik.providers.saml` - authentik Providers.SAML > - `authentik.providers.scim` - authentik Providers.SCIM > - `authentik.recovery` - authentik Recovery > - `authentik.sources.ldap` - authentik Sources.LDAP > - `authentik.sources.oauth` - authentik Sources.OAuth > - `authentik.sources.plex` - authentik Sources.Plex > - `authentik.sources.saml` - authentik Sources.SAML > - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo > - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS > - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static > - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP > - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate > - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn > - `authentik.stages.captcha` - authentik Stages.Captcha > - `authentik.stages.consent` - authentik Stages.Consent > - `authentik.stages.deny` - authentik Stages.Deny > - `authentik.stages.dummy` - authentik Stages.Dummy > - `authentik.stages.email` - authentik Stages.Email > - `authentik.stages.identification` - authentik Stages.Identification > - `authentik.stages.invitation` - authentik Stages.User Invitation > - `authentik.stages.password` - authentik Stages.Password > - `authentik.stages.prompt` - authentik Stages.Prompt > - `authentik.stages.user_delete` - authentik Stages.User Delete > - `authentik.stages.user_login` - authentik Stages.User Login > - `authentik.stages.user_logout` - authentik Stages.User Logout > - `authentik.stages.user_write` - authentik Stages.User Write > - `authentik.tenants` - authentik Tenants > - `authentik.blueprints` - authentik Blueprints > - `authentik.core` - authentik Core > - `authentik.enterprise` - authentik Enterprise Added enum value: - `authentik.enterprise` ##### `GET` /policies/event_matcher/ ###### Parameters: Added: `model` in `query` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > Event Matcher Policy Serializer - Added property `model` (object) > Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched. > > - `authentik_crypto.certificatekeypair` - Certificate-Key Pair > - `authentik_events.event` - Event > - `authentik_events.notificationtransport` - Notification Transport > - `authentik_events.notification` - Notification > - `authentik_events.notificationrule` - Notification Rule > - `authentik_events.notificationwebhookmapping` - Webhook Mapping > - `authentik_flows.flow` - Flow > - `authentik_flows.flowstagebinding` - Flow Stage Binding > - `authentik_outposts.dockerserviceconnection` - Docker Service-Connection > - `authentik_outposts.kubernetesserviceconnection` - Kubernetes Service-Connection > - `authentik_outposts.outpost` - outpost > - `authentik_policies_dummy.dummypolicy` - Dummy Policy > - `authentik_policies_event_matcher.eventmatcherpolicy` - Event Matcher Policy > - `authentik_policies_expiry.passwordexpirypolicy` - Password Expiry Policy > - `authentik_policies_expression.expressionpolicy` - Expression Policy > - `authentik_policies_password.passwordpolicy` - Password Policy > - `authentik_policies_reputation.reputationpolicy` - Reputation Policy > - `authentik_policies_reputation.reputation` - reputation > - `authentik_policies.policybinding` - Policy Binding > - `authentik_providers_ldap.ldapprovider` - LDAP Provider > - `authentik_providers_oauth2.scopemapping` - Scope Mapping > - `authentik_providers_oauth2.oauth2provider` - OAuth2/OpenID Provider > - `authentik_providers_oauth2.authorizationcode` - Authorization Code > - `authentik_providers_oauth2.accesstoken` - OAuth2 Access Token > - `authentik_providers_oauth2.refreshtoken` - OAuth2 Refresh Token > - `authentik_providers_proxy.proxyprovider` - Proxy Provider > - `authentik_providers_radius.radiusprovider` - Radius Provider > - `authentik_providers_saml.samlprovider` - SAML Provider > - `authentik_providers_saml.samlpropertymapping` - SAML Property Mapping > - `authentik_providers_scim.scimprovider` - SCIM Provider > - `authentik_providers_scim.scimmapping` - SCIM Mapping > - `authentik_sources_ldap.ldapsource` - LDAP Source > - `authentik_sources_ldap.ldappropertymapping` - LDAP Property Mapping > - `authentik_sources_oauth.oauthsource` - OAuth Source > - `authentik_sources_oauth.useroauthsourceconnection` - User OAuth Source Connection > - `authentik_sources_plex.plexsource` - Plex Source > - `authentik_sources_plex.plexsourceconnection` - User Plex Source Connection > - `authentik_sources_saml.samlsource` - SAML Source > - `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection > - `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage > - `authentik_stages_authenticator_duo.duodevice` - Duo Device > - `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage > - `authentik_stages_authenticator_sms.smsdevice` - SMS Device > - `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage > - `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage > - `authentik_stages_authenticator_validate.authenticatorvalidatestage` - Authenticator Validation Stage > - `authentik_stages_authenticator_webauthn.authenticatewebauthnstage` - WebAuthn Authenticator Setup Stage > - `authentik_stages_authenticator_webauthn.webauthndevice` - WebAuthn Device > - `authentik_stages_captcha.captchastage` - Captcha Stage > - `authentik_stages_consent.consentstage` - Consent Stage > - `authentik_stages_consent.userconsent` - User Consent > - `authentik_stages_deny.denystage` - Deny Stage > - `authentik_stages_dummy.dummystage` - Dummy Stage > - `authentik_stages_email.emailstage` - Email Stage > - `authentik_stages_identification.identificationstage` - Identification Stage > - `authentik_stages_invitation.invitationstage` - Invitation Stage > - `authentik_stages_invitation.invitation` - Invitation > - `authentik_stages_password.passwordstage` - Password Stage > - `authentik_stages_prompt.prompt` - Prompt > - `authentik_stages_prompt.promptstage` - Prompt Stage > - `authentik_stages_user_delete.userdeletestage` - User Delete Stage > - `authentik_stages_user_login.userloginstage` - User Login Stage > - `authentik_stages_user_logout.userlogoutstage` - User Logout Stage > - `authentik_stages_user_write.userwritestage` - User Write Stage > - `authentik_tenants.tenant` - Tenant > - `authentik_blueprints.blueprintinstance` - Blueprint Instance > - `authentik_core.group` - group > - `authentik_core.user` - User > - `authentik_core.application` - Application > - `authentik_core.token` - Token - Changed property `app` (string) > - `authentik.admin` - authentik Admin > - `authentik.api` - authentik API > - `authentik.crypto` - authentik Crypto > - `authentik.events` - authentik Events > - `authentik.flows` - authentik Flows > - `authentik.lib` - authentik lib > - `authentik.outposts` - authentik Outpost > - `authentik.policies.dummy` - authentik Policies.Dummy > - `authentik.policies.event_matcher` - authentik Policies.Event Matcher > - `authentik.policies.expiry` - authentik Policies.Expiry > - `authentik.policies.expression` - authentik Policies.Expression > - `authentik.policies.password` - authentik Policies.Password > - `authentik.policies.reputation` - authentik Policies.Reputation > - `authentik.policies` - authentik Policies > - `authentik.providers.ldap` - authentik Providers.LDAP > - `authentik.providers.oauth2` - authentik Providers.OAuth2 > - `authentik.providers.proxy` - authentik Providers.Proxy > - `authentik.providers.radius` - authentik Providers.Radius > - `authentik.providers.saml` - authentik Providers.SAML > - `authentik.providers.scim` - authentik Providers.SCIM > - `authentik.recovery` - authentik Recovery > - `authentik.sources.ldap` - authentik Sources.LDAP > - `authentik.sources.oauth` - authentik Sources.OAuth > - `authentik.sources.plex` - authentik Sources.Plex > - `authentik.sources.saml` - authentik Sources.SAML > - `authentik.stages.authenticator_duo` - authentik Stages.Authenticator.Duo > - `authentik.stages.authenticator_sms` - authentik Stages.Authenticator.SMS > - `authentik.stages.authenticator_static` - authentik Stages.Authenticator.Static > - `authentik.stages.authenticator_totp` - authentik Stages.Authenticator.TOTP > - `authentik.stages.authenticator_validate` - authentik Stages.Authenticator.Validate > - `authentik.stages.authenticator_webauthn` - authentik Stages.Authenticator.WebAuthn > - `authentik.stages.captcha` - authentik Stages.Captcha > - `authentik.stages.consent` - authentik Stages.Consent > - `authentik.stages.deny` - authentik Stages.Deny > - `authentik.stages.dummy` - authentik Stages.Dummy > - `authentik.stages.email` - authentik Stages.Email > - `authentik.stages.identification` - authentik Stages.Identification > - `authentik.stages.invitation` - authentik Stages.User Invitation > - `authentik.stages.password` - authentik Stages.Password > - `authentik.stages.prompt` - authentik Stages.Prompt > - `authentik.stages.user_delete` - authentik Stages.User Delete > - `authentik.stages.user_login` - authentik Stages.User Login > - `authentik.stages.user_logout` - authentik Stages.User Logout > - `authentik.stages.user_write` - authentik Stages.User Write > - `authentik.tenants` - authentik Tenants > - `authentik.blueprints` - authentik Blueprints > - `authentik.core` - authentik Core > - `authentik.enterprise` - authentik Enterprise Added enum value: - `authentik.enterprise` ##### `GET` /propertymappings/all/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > PropertyMapping Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `POST` /propertymappings/ldap/ ###### Request: Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `GET` /propertymappings/ldap/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > LDAP PropertyMapping Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `POST` /propertymappings/saml/ ###### Request: Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `GET` /propertymappings/saml/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > SAMLPropertyMapping Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `POST` /propertymappings/scim/ ###### Request: Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `GET` /propertymappings/scim/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > SCIMMapping Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `POST` /propertymappings/scope/ ###### Request: Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `GET` /propertymappings/scope/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > ScopeMapping Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ##### `GET` /providers/all/ ###### Parameters: Added: `backchannel_only` in `query` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > Provider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. ##### `GET` /providers/ldap/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Added property `mfa_support` (boolean) > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. * Changed property `uid_start_number` (integer) > The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber * Changed property `gid_start_number` (integer) > The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber ##### `PUT` /providers/ldap/{id}/ ###### Request: Changed content type : `application/json` - Added property `mfa_support` (boolean) > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. - Changed property `uid_start_number` (integer) > The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber - Changed property `gid_start_number` (integer) > The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Added property `mfa_support` (boolean) > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. * Changed property `uid_start_number` (integer) > The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber * Changed property `gid_start_number` (integer) > The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber ##### `PATCH` /providers/ldap/{id}/ ###### Request: Changed content type : `application/json` - Added property `mfa_support` (boolean) > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. - Changed property `uid_start_number` (integer) > The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber - Changed property `gid_start_number` (integer) > The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Added property `mfa_support` (boolean) > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. * Changed property `uid_start_number` (integer) > The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber * Changed property `gid_start_number` (integer) > The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber ##### `POST` /providers/oauth2/ ###### Request: Changed content type : `application/json` - Changed property `sub_mode` (string) > - `hashed_user_id` - Based on the Hashed User ID > - `user_id` - Based on user ID > - `user_uuid` - Based on user UUID > - `user_username` - Based on the username > - `user_email` - Based on the User's Email. This is recommended over the UPN method. > - `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. Added enum value: - `user_uuid` ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Changed property `sub_mode` (string) > - `hashed_user_id` - Based on the Hashed User ID > - `user_id` - Based on user ID > - `user_uuid` - Based on user UUID > - `user_username` - Based on the username > - `user_email` - Based on the User's Email. This is recommended over the UPN method. > - `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. Added enum value: - `user_uuid` ##### `GET` /providers/oauth2/ ###### Parameters: Changed: `sub_mode` in `query` > Configure what data should be used as unique User Identifier. For most cases, the default should be fine. > > - `hashed_user_id` - Based on the Hashed User ID > - `user_id` - Based on user ID > - `user_uuid` - Based on user UUID > - `user_username` - Based on the username > - `user_email` - Based on the User's Email. This is recommended over the UPN method. > - `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > OAuth2Provider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Changed property `sub_mode` (string) > - `hashed_user_id` - Based on the Hashed User ID > - `user_id` - Based on user ID > - `user_uuid` - Based on user UUID > - `user_username` - Based on the username > - `user_email` - Based on the User's Email. This is recommended over the UPN method. > - `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. Added enum value: - `user_uuid` ##### `POST` /providers/proxy/ ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. ##### `GET` /providers/proxy/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > ProxyProvider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. ##### `POST` /providers/radius/ ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` - `outpost_set` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Added property `outpost_set` (array) ##### `GET` /providers/radius/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > RadiusProvider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` - `outpost_set` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Added property `outpost_set` (array) ##### `GET` /providers/saml/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. ##### `PUT` /providers/saml/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. ##### `PATCH` /providers/saml/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. ##### `POST` /providers/scim/ ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` New optional properties: - `assigned_application_name` - `assigned_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Deleted property `assigned_application_slug` (string) > Internal application name, used in URLs. * Deleted property `assigned_application_name` (string) > Application's display Name. ##### `GET` /providers/scim/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > SCIMProvider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` New optional properties: - `assigned_application_name` - `assigned_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Deleted property `assigned_application_slug` (string) > Internal application name, used in URLs. * Deleted property `assigned_application_name` (string) > Application's display Name. ##### `GET` /root/config/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `capabilities` (array) Changed items (string): > _ `can_save_media` - Can Save Media > _ `can_geo_ip` - Can Geo Ip > _ `can_impersonate` - Can Impersonate > _ `can_debug` - Can Debug > \* `is_enterprise` - Is Enterprise Added enum value: - `is_enterprise` ##### `GET` /sources/all/{slug}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /sources/ldap/{slug}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `client_certificate` (string) > Client certificate to authenticate against the LDAP Server's Certificate. - Added property `sni` (boolean) - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /sources/ldap/{slug}/ ###### Request: Changed content type : `application/json` - Added property `client_certificate` (string) > Client certificate to authenticate against the LDAP Server's Certificate. - Added property `sni` (boolean) - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `client_certificate` (string) > Client certificate to authenticate against the LDAP Server's Certificate. - Added property `sni` (boolean) - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /sources/ldap/{slug}/ ###### Request: Changed content type : `application/json` - Added property `client_certificate` (string) > Client certificate to authenticate against the LDAP Server's Certificate. - Added property `sni` (boolean) - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `client_certificate` (string) > Client certificate to authenticate against the LDAP Server's Certificate. - Added property `sni` (boolean) - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /sources/oauth/{slug}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass - Changed property `provider_type` (string) > - `apple` - Apple > - `azuread` - Azure AD > - `discord` - Discord > - `facebook` - Facebook > - `github` - GitHub > - `google` - Google > - `mailcow` - Mailcow > - `openidconnect` - OpenID Connect > - `okta` - Okta > - `patreon` - Patreon > - `reddit` - Reddit > - `twitch` - Twitch > - `twitter` - Twitter Added enum value: - `patreon` ##### `PUT` /sources/oauth/{slug}/ ###### Request: Changed content type : `application/json` - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass - Changed property `provider_type` (string) > - `apple` - Apple > - `azuread` - Azure AD > - `discord` - Discord > - `facebook` - Facebook > - `github` - GitHub > - `google` - Google > - `mailcow` - Mailcow > - `openidconnect` - OpenID Connect > - `okta` - Okta > - `patreon` - Patreon > - `reddit` - Reddit > - `twitch` - Twitch > - `twitter` - Twitter Added enum value: - `patreon` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass - Changed property `provider_type` (string) > - `apple` - Apple > - `azuread` - Azure AD > - `discord` - Discord > - `facebook` - Facebook > - `github` - GitHub > - `google` - Google > - `mailcow` - Mailcow > - `openidconnect` - OpenID Connect > - `okta` - Okta > - `patreon` - Patreon > - `reddit` - Reddit > - `twitch` - Twitch > - `twitter` - Twitter Added enum value: - `patreon` ##### `PATCH` /sources/oauth/{slug}/ ###### Request: Changed content type : `application/json` - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass - Changed property `provider_type` (string) > - `apple` - Apple > - `azuread` - Azure AD > - `discord` - Discord > - `facebook` - Facebook > - `github` - GitHub > - `google` - Google > - `mailcow` - Mailcow > - `openidconnect` - OpenID Connect > - `okta` - Okta > - `patreon` - Patreon > - `reddit` - Reddit > - `twitch` - Twitch > - `twitter` - Twitter Added enum value: - `patreon` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass - Changed property `provider_type` (string) > - `apple` - Apple > - `azuread` - Azure AD > - `discord` - Discord > - `facebook` - Facebook > - `github` - GitHub > - `google` - Google > - `mailcow` - Mailcow > - `openidconnect` - OpenID Connect > - `okta` - Okta > - `patreon` - Patreon > - `reddit` - Reddit > - `twitch` - Twitch > - `twitter` - Twitter Added enum value: - `patreon` ##### `GET` /sources/plex/{slug}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /sources/plex/{slug}/ ###### Request: Changed content type : `application/json` - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /sources/plex/{slug}/ ###### Request: Changed content type : `application/json` - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /sources/saml/{slug}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `verification_kp` (string) > When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `signing_kp` (string) > Keypair used to sign outgoing Responses going to the Identity Provider. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /sources/saml/{slug}/ ###### Request: Changed content type : `application/json` - Added property `verification_kp` (string) > When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. - Changed property `signing_kp` (string) > Keypair used to sign outgoing Responses going to the Identity Provider. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `verification_kp` (string) > When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `signing_kp` (string) > Keypair used to sign outgoing Responses going to the Identity Provider. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /sources/saml/{slug}/ ###### Request: Changed content type : `application/json` - Added property `verification_kp` (string) > When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. - Changed property `signing_kp` (string) > Keypair used to sign outgoing Responses going to the Identity Provider. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `verification_kp` (string) > When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `signing_kp` (string) > Keypair used to sign outgoing Responses going to the Identity Provider. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /sources/user_connections/all/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `source` (object) > Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /sources/user_connections/all/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `source` (object) > Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /sources/user_connections/all/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `source` (object) > Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /sources/user_connections/oauth/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `source` (object) > Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /sources/user_connections/oauth/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `source` (object) > Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /sources/user_connections/oauth/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `source` (object) > Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /sources/user_connections/plex/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `source` (object) > Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /sources/user_connections/plex/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `source` (object) > Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /sources/user_connections/plex/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `source` (object) > Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /sources/user_connections/saml/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `source` (object) > Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /sources/user_connections/saml/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `source` (object) > Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /sources/user_connections/saml/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `source` (object) > Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/invitation/invitations/{invite_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_obj` (object) > Flow Serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/invitation/invitations/{invite_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_obj` (object) > Flow Serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/invitation/invitations/{invite_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_obj` (object) > Flow Serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /core/applications/ ###### Request: Changed content type : `application/json` - Added property `backchannel_providers` (array) - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` New required properties: - `backchannel_providers_obj` * Added property `backchannel_providers` (array) * Added property `backchannel_providers_obj` (array) * Changed property `provider_obj` (object) > Provider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /core/applications/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > Application Serializer New required properties: - `backchannel_providers_obj` * Added property `backchannel_providers` (array) * Added property `backchannel_providers_obj` (array) * Changed property `provider_obj` (object) > Provider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /core/tokens/ ###### Request: Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `user_obj` (object) > User Serializer New optional properties: - `groups` ##### `GET` /core/tokens/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > Token Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `user_obj` (object) > User Serializer New optional properties: - `groups` ##### `GET` /core/user_consent/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `user` (object) > User Serializer New optional properties: - `groups` - Changed property `application` (object) > Application Serializer New required properties: - `backchannel_providers_obj` * Added property `backchannel_providers` (array) * Added property `backchannel_providers_obj` (array) * Changed property `provider_obj` (object) > Provider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /core/users/ ###### Request: Changed content type : `application/json` New optional properties: - `groups` ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` New optional properties: - `groups` ##### `GET` /core/users/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > User Serializer New optional properties: - `groups` ##### `GET` /flows/bindings/{fsb_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /flows/bindings/{fsb_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /flows/bindings/{fsb_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /flows/instances/ ###### Request: Changed content type : `application/json` - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /flows/instances/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > Flow Serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /oauth2/access_tokens/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `provider` (object) > OAuth2Provider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Changed property `sub_mode` (string) > - `hashed_user_id` - Based on the Hashed User ID > - `user_id` - Based on user ID > - `user_uuid` - Based on user UUID > - `user_username` - Based on the username > - `user_email` - Based on the User's Email. This is recommended over the UPN method. > - `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. Added enum value: - `user_uuid` - Changed property `user` (object) > User Serializer New optional properties: - `groups` ##### `GET` /oauth2/authorization_codes/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `provider` (object) > OAuth2Provider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Changed property `sub_mode` (string) > - `hashed_user_id` - Based on the Hashed User ID > - `user_id` - Based on user ID > - `user_uuid` - Based on user UUID > - `user_username` - Based on the username > - `user_email` - Based on the User's Email. This is recommended over the UPN method. > - `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. Added enum value: - `user_uuid` - Changed property `user` (object) > User Serializer New optional properties: - `groups` ##### `GET` /oauth2/refresh_tokens/{id}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `provider` (object) > OAuth2Provider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Changed property `sub_mode` (string) > - `hashed_user_id` - Based on the Hashed User ID > - `user_id` - Based on user ID > - `user_uuid` - Based on user UUID > - `user_username` - Based on the username > - `user_email` - Based on the User's Email. This is recommended over the UPN method. > - `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. Added enum value: - `user_uuid` - Changed property `user` (object) > User Serializer New optional properties: - `groups` ##### `POST` /outposts/instances/ ###### Request: Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `providers_obj` (array) Changed items (object): > Provider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. ##### `GET` /outposts/instances/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > Outpost Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `providers_obj` (array) Changed items (object): > Provider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. ##### `GET` /outposts/ldap/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > LDAPProvider Serializer - Added property `mfa_support` (boolean) > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. - Changed property `application_slug` (string) > Prioritise backchannel slug over direct application slug - Changed property `uid_start_number` (integer) > The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber - Changed property `gid_start_number` (integer) > The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber ##### `POST` /policies/bindings/ ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `user_obj` (object) > User Serializer New optional properties: - `groups` ##### `GET` /policies/bindings/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > PolicyBinding Serializer - Changed property `user_obj` (object) > User Serializer New optional properties: - `groups` ##### `POST` /providers/ldap/ ###### Request: Changed content type : `application/json` - Added property `mfa_support` (boolean) > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. - Changed property `uid_start_number` (integer) > The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber - Changed property `gid_start_number` (integer) > The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Added property `mfa_support` (boolean) > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. * Changed property `uid_start_number` (integer) > The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber * Changed property `gid_start_number` (integer) > The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber ##### `GET` /providers/ldap/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > LDAPProvider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Added property `mfa_support` (boolean) > When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. * Changed property `uid_start_number` (integer) > The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber * Changed property `gid_start_number` (integer) > The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber ##### `POST` /providers/saml/ ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. ##### `GET` /providers/saml/ ###### Parameters: Added: `backchannel_application` in `query` Added: `is_backchannel` in `query` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > SAMLProvider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. ##### `GET` /sources/all/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /sources/ldap/ ###### Request: Changed content type : `application/json` - Added property `client_certificate` (string) > Client certificate to authenticate against the LDAP Server's Certificate. - Added property `sni` (boolean) - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Added property `client_certificate` (string) > Client certificate to authenticate against the LDAP Server's Certificate. - Added property `sni` (boolean) - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /sources/ldap/ ###### Parameters: Added: `client_certificate` in `query` Added: `sni` in `query` ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > LDAP Source Serializer - Added property `client_certificate` (string) > Client certificate to authenticate against the LDAP Server's Certificate. - Added property `sni` (boolean) - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /sources/oauth/ ###### Request: Changed content type : `application/json` - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass - Changed property `provider_type` (string) > - `apple` - Apple > - `azuread` - Azure AD > - `discord` - Discord > - `facebook` - Facebook > - `github` - GitHub > - `google` - Google > - `mailcow` - Mailcow > - `openidconnect` - OpenID Connect > - `okta` - Okta > - `patreon` - Patreon > - `reddit` - Reddit > - `twitch` - Twitch > - `twitter` - Twitter Added enum value: - `patreon` ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass - Changed property `provider_type` (string) > - `apple` - Apple > - `azuread` - Azure AD > - `discord` - Discord > - `facebook` - Facebook > - `github` - GitHub > - `google` - Google > - `mailcow` - Mailcow > - `openidconnect` - OpenID Connect > - `okta` - Okta > - `patreon` - Patreon > - `reddit` - Reddit > - `twitch` - Twitch > - `twitter` - Twitter Added enum value: - `patreon` ##### `GET` /sources/oauth/ ###### Parameters: Changed: `policy_engine_mode` in `query` > - `all` - all, all policies must pass > - `any` - any, any policy must pass > > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > OAuth Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass - Changed property `provider_type` (string) > - `apple` - Apple > - `azuread` - Azure AD > - `discord` - Discord > - `facebook` - Facebook > - `github` - GitHub > - `google` - Google > - `mailcow` - Mailcow > - `openidconnect` - OpenID Connect > - `okta` - Okta > - `patreon` - Patreon > - `reddit` - Reddit > - `twitch` - Twitch > - `twitter` - Twitter Added enum value: - `patreon` ##### `POST` /sources/plex/ ###### Request: Changed content type : `application/json` - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /sources/plex/ ###### Parameters: Changed: `policy_engine_mode` in `query` > - `all` - all, all policies must pass > - `any` - any, any policy must pass > > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > Plex Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /sources/saml/ ###### Request: Changed content type : `application/json` - Added property `verification_kp` (string) > When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. - Changed property `signing_kp` (string) > Keypair used to sign outgoing Responses going to the Identity Provider. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Added property `verification_kp` (string) > When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `signing_kp` (string) > Keypair used to sign outgoing Responses going to the Identity Provider. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /sources/saml/ ###### Parameters: Added: `verification_kp` in `query` Changed: `policy_engine_mode` in `query` > - `all` - all, all policies must pass > - `any` - any, any policy must pass > > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > SAMLSource Serializer - Added property `verification_kp` (string) > When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `signing_kp` (string) > Keypair used to sign outgoing Responses going to the Identity Provider. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /sources/user_connections/all/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > OAuth Source Serializer - Changed property `source` (object) > Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /sources/user_connections/oauth/ ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `source` (object) > Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /sources/user_connections/oauth/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > OAuth Source Serializer - Changed property `source` (object) > Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /sources/user_connections/plex/ ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `source` (object) > Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /sources/user_connections/plex/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > Plex Source connection Serializer - Changed property `source` (object) > Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /sources/user_connections/saml/ ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `source` (object) > Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /sources/user_connections/saml/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > SAML Source Serializer - Changed property `source` (object) > Source Serializer - Changed property `managed` (string) > Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update. - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/all/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/authenticator/duo/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/authenticator/duo/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/authenticator/duo/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/authenticator/sms/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/authenticator/sms/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/authenticator/sms/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/authenticator/static/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/authenticator/static/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/authenticator/static/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/authenticator/totp/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/authenticator/totp/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/authenticator/totp/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/authenticator/validate/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/authenticator/validate/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/authenticator/validate/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/authenticator/webauthn/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/authenticator/webauthn/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/authenticator/webauthn/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/captcha/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/captcha/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/captcha/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/consent/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/consent/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/consent/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/deny/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/deny/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/deny/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/dummy/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/dummy/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/dummy/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/email/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/email/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/email/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/identification/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/identification/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/identification/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/invitation/invitations/ ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `flow_obj` (object) > Flow Serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/invitation/invitations/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > Invitation Serializer - Changed property `flow_obj` (object) > Flow Serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/invitation/stages/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/invitation/stages/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/invitation/stages/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/password/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/password/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/password/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/prompt/stages/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/prompt/stages/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/prompt/stages/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/user_delete/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/user_delete/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/user_delete/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/user_login/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/user_login/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/user_login/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/user_logout/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/user_logout/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/user_logout/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/user_write/{stage_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/user_write/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/user_write/{stage_uuid}/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /core/user_consent/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > UserConsent Serializer - Changed property `user` (object) > User Serializer New optional properties: - `groups` - Changed property `application` (object) > Application Serializer New required properties: - `backchannel_providers_obj` * Added property `backchannel_providers` (array) * Added property `backchannel_providers_obj` (array) * Changed property `provider_obj` (object) > Provider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /flows/bindings/ ###### Request: Changed content type : `application/json` - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /flows/bindings/ ###### Parameters: Changed: `policy_engine_mode` in `query` > - `all` - all, all policies must pass > - `any` - any, any policy must pass > > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > FlowStageBinding Serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /flows/executor/{flow_slug}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` Updated `ak-stage-prompt` component: - Changed property `fields` (array) Changed items (object): > Serializer for a single Prompt field New required properties: - `initial_value` * Added property `initial_value` (string) ##### `POST` /flows/executor/{flow_slug}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` Updated `ak-stage-prompt` component: - Changed property `fields` (array) Changed items (object): > Serializer for a single Prompt field New required properties: - `initial_value` * Added property `initial_value` (string) ##### `GET` /flows/inspector/{flow_slug}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `plans` (array) Changed items (object): > Serializer for an active FlowPlan - Changed property `current_stage` (object) > FlowStageBinding Serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /oauth2/access_tokens/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > Serializer for BaseGrantModel and RefreshToken - Changed property `provider` (object) > OAuth2Provider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Changed property `sub_mode` (string) > - `hashed_user_id` - Based on the Hashed User ID > - `user_id` - Based on user ID > - `user_uuid` - Based on user UUID > - `user_username` - Based on the username > - `user_email` - Based on the User's Email. This is recommended over the UPN method. > - `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. Added enum value: - `user_uuid` - Changed property `user` (object) > User Serializer New optional properties: - `groups` ##### `GET` /oauth2/authorization_codes/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > Serializer for BaseGrantModel and ExpiringBaseGrant - Changed property `provider` (object) > OAuth2Provider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Changed property `sub_mode` (string) > - `hashed_user_id` - Based on the Hashed User ID > - `user_id` - Based on user ID > - `user_uuid` - Based on user UUID > - `user_username` - Based on the username > - `user_email` - Based on the User's Email. This is recommended over the UPN method. > - `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. Added enum value: - `user_uuid` - Changed property `user` (object) > User Serializer New optional properties: - `groups` ##### `GET` /oauth2/refresh_tokens/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > Serializer for BaseGrantModel and RefreshToken - Changed property `provider` (object) > OAuth2Provider Serializer New required properties: - `assigned_backchannel_application_name` - `assigned_backchannel_application_slug` * Added property `assigned_backchannel_application_slug` (string) > Internal application name, used in URLs. * Added property `assigned_backchannel_application_name` (string) > Application's display Name. * Changed property `sub_mode` (string) > - `hashed_user_id` - Based on the Hashed User ID > - `user_id` - Based on user ID > - `user_uuid` - Based on user UUID > - `user_username` - Based on the username > - `user_email` - Based on the User's Email. This is recommended over the UPN method. > - `user_upn` - Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains. Added enum value: - `user_uuid` - Changed property `user` (object) > User Serializer New optional properties: - `groups` ##### `GET` /stages/all/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > Stage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/authenticator/duo/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/authenticator/duo/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > AuthenticatorDuoStage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/authenticator/sms/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/authenticator/sms/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > AuthenticatorSMSStage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/authenticator/static/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/authenticator/static/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > AuthenticatorStaticStage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/authenticator/totp/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/authenticator/totp/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > AuthenticatorTOTPStage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/authenticator/validate/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/authenticator/validate/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > AuthenticatorValidateStage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/authenticator/webauthn/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/authenticator/webauthn/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > AuthenticateWebAuthnStage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/captcha/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/captcha/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > CaptchaStage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/consent/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/consent/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > ConsentStage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/deny/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/deny/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > DenyStage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/dummy/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/dummy/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > DummyStage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/email/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/email/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > EmailStage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/identification/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/identification/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > IdentificationStage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/invitation/stages/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/invitation/stages/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > InvitationStage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/password/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/password/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > PasswordStage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/prompt/prompts/{prompt_uuid}/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `initial_value` (string) > Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices. - Added property `initial_value_expression` (boolean) - Changed property `placeholder` (string) > Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices. - Changed property `promptstage_set` (array) Changed items (object): > Stage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PUT` /stages/prompt/prompts/{prompt_uuid}/ ###### Request: Changed content type : `application/json` - Added property `initial_value` (string) > Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices. - Added property `initial_value_expression` (boolean) - Changed property `placeholder` (string) > Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices. - Changed property `promptstage_set` (array) Changed items (object): > Stage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `initial_value` (string) > Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices. - Added property `initial_value_expression` (boolean) - Changed property `placeholder` (string) > Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices. - Changed property `promptstage_set` (array) Changed items (object): > Stage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `PATCH` /stages/prompt/prompts/{prompt_uuid}/ ###### Request: Changed content type : `application/json` - Added property `initial_value` (string) > Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices. - Added property `initial_value_expression` (boolean) - Changed property `placeholder` (string) > Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices. - Changed property `promptstage_set` (array) Changed items (object): > Stage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Added property `initial_value` (string) > Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices. - Added property `initial_value_expression` (boolean) - Changed property `placeholder` (string) > Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices. - Changed property `promptstage_set` (array) Changed items (object): > Stage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/prompt/prompts/preview/ ###### Request: Changed content type : `application/json` - Added property `initial_value` (string) > Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices. - Added property `initial_value_expression` (boolean) - Changed property `placeholder` (string) > Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices. - Changed property `promptstage_set` (array) Changed items (object): > Stage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `fields` (array) Changed items (object): > Serializer for a single Prompt field New required properties: - `initial_value` * Added property `initial_value` (string) ##### `POST` /stages/prompt/stages/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/prompt/stages/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > PromptStage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/user_delete/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/user_delete/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > UserDeleteStage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/user_login/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/user_login/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > UserLoginStage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/user_logout/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/user_logout/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > UserLogoutStage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/user_write/ ###### Request: Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/user_write/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > UserWriteStage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `POST` /stages/prompt/prompts/ ###### Request: Changed content type : `application/json` - Added property `initial_value` (string) > Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices. - Added property `initial_value_expression` (boolean) - Changed property `placeholder` (string) > Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices. - Changed property `promptstage_set` (array) Changed items (object): > Stage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ###### Return Type: Changed response : **201 Created** - Changed content type : `application/json` - Added property `initial_value` (string) > Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices. - Added property `initial_value_expression` (boolean) - Changed property `placeholder` (string) > Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices. - Changed property `promptstage_set` (array) Changed items (object): > Stage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass ##### `GET` /stages/prompt/prompts/ ###### Return Type: Changed response : **200 OK** - Changed content type : `application/json` - Changed property `results` (array) Changed items (object): > Prompt Serializer - Added property `initial_value` (string) > Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices. - Added property `initial_value_expression` (boolean) - Changed property `placeholder` (string) > Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices. - Changed property `promptstage_set` (array) Changed items (object): > Stage Serializer - Changed property `flow_set` (array) Changed items (object): > Stripped down flow serializer - Changed property `policy_engine_mode` (string) > - `all` - all, all policies must pass > - `any` - any, any policy must pass