Removal of HTTP Basic authentication for API requests
For legacy reasons, authentik used to support HTTP-Basic authenticated requests, using the token as a password. This has been removed.
Removal of deprecated context in Expression policies used in prompt stages
Before this version, you could use both
context['prompt_data']['*field_name*']. The former one has been removed as it could overwrite other data in the context if the field name is the same as another context value.
Added name field for invitations
Invitations now require a name, used to better identify their purpose.
Applications can now be grouped together to better organise connected applications in the user dashboard.
JWT authentication for
Providers can now be configured to accept JWTs signed by configured certificates, which makes it a lot easier to services access to authentik, when an existing machine/service identity is provided (for example, this can be used to let Kubernetes Pods authenticate themselves to authentik via their service account)
- core: add method to set key of token
- core: add num_pk to group for applications that need a numerical group id
- internal: disable HTML encoding in go-generated log messages
- lifecycle: fix password and hostname in redis URI not properly quoted
- outposts: check if docker ports should be mapped before comparing ports
- policies: add policy log messages to test endpoints
- providers/oauth2: map internal groups to GitHub teams in GHE OAuth emulation (#2497)
- providers/oauth2: pass scope and other parameters to access policy request context
- stages/email: allow overriding of destination email in plan context
- stages/invitation: add invitation name
- stages/prompt: filter rest_framework.fields.empty when field is not required
- stages/prompt: fix non-required fields not allowing blank values
- stages/prompt: set field default based on placeholder
- tenants: add tenant-level attributes, applied to users based on request
- web: live-convert to slug in fields where only slugs are allowed
- web: migrate dropdowns to wizards (#2633)
- web/admin: allow editing of invitations
- web/admin: fix missing protocols on generated nginx config
- web/admin: trigger update when provider wizard finishes
- web/user: add column layouts
This release does not introduce any new requirements.
Download the docker-compose file for 2022.4 from here. Afterwards, simply run
docker-compose up -d.
Update your values to use the new images: