From bf86d6b0538b917eb3b5d2b81971be582e9f7260 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 16 Sep 2024 20:04:31 +0200 Subject: [PATCH 1/3] website/docs: use a more consistent version requirement notice Signed-off-by: Jens Langhammer --- website/developer-docs/blueprints/export.md | 6 +-- website/developer-docs/blueprints/index.md | 12 ++--- .../developer-docs/blueprints/v1/models.md | 42 +++------------ website/docs/expressions/_functions.md | 24 ++------- website/docs/flow/context/index.md | 20 ++----- website/docs/flow/examples/snippets.md | 6 +-- website/docs/flow/executors/sfe.md | 2 +- website/docs/flow/executors/user-settings.md | 6 +-- .../flow/stages/authenticator_duo/index.md | 12 +---- .../flow/stages/authenticator_sms/index.md | 6 +-- .../stages/authenticator_validate/index.md | 18 ++----- .../stages/authenticator_webauthn/index.md | 6 +-- .../docs/flow/stages/identification/index.md | 6 +-- website/docs/flow/stages/source/index.md | 2 +- .../docs/installation/automated-install.md | 12 +---- website/docs/installation/configuration.mdx | 54 ++++--------------- website/docs/providers/oauth2/index.md | 6 +-- .../providers/proxy/header_authentication.md | 12 +---- website/docs/providers/proxy/server_caddy.mdx | 6 +-- website/docs/providers/proxy/server_envoy.mdx | 6 +-- website/docs/sources/github/index.md | 6 +-- website/docs/sources/oauth/index.md | 6 +-- .../user-group-role/groups/manage_groups.md | 6 +-- website/docs/user-group-role/user/user_ref.md | 6 +-- website/src/css/custom.css | 7 +++ 25 files changed, 61 insertions(+), 234 deletions(-) diff --git a/website/developer-docs/blueprints/export.md b/website/developer-docs/blueprints/export.md index fa02031976ef..2a3b2138381a 100644 --- a/website/developer-docs/blueprints/export.md +++ b/website/developer-docs/blueprints/export.md @@ -2,11 +2,7 @@ title: Export --- -## Global export - -:::info -Requires authentik 2022.8.2 -::: +## Global export authentik 2022.8.2+ To migrate existing configurations to blueprints, run `ak export_blueprint` within any authentik Worker container. This will output a blueprint for most currently created objects. Some objects will not be exported as they might have dependencies on other things. diff --git a/website/developer-docs/blueprints/index.md b/website/developer-docs/blueprints/index.md index 55cdabda5696..7e36832ce1c9 100644 --- a/website/developer-docs/blueprints/index.md +++ b/website/developer-docs/blueprints/index.md @@ -2,9 +2,9 @@ title: Blueprints --- -:::info -Requires authentik 2022.8 -::: +authentik 2022.8+ + +--- Blueprints offer a new way to template, automate and distribute authentik configuration. Blueprints can be used to automatically configure instances, manage config as code without any external tools, and to distribute application configs. @@ -58,11 +58,7 @@ To push a blueprint to an OCI-compatible registry, [ORAS](https://oras.land/) ca oras push ghcr.io//blueprint/:latest :application/vnd.goauthentik.blueprint.v1+yaml ``` -## Storage - Internal - -:::info -Requires authentik 2023.1 -::: +## Storage - Internal authentik 2023.1+ Blueprints can be stored in authentik's database, which allows blueprints to be managed via external configuration management tools like Terraform. diff --git a/website/developer-docs/blueprints/v1/models.md b/website/developer-docs/blueprints/v1/models.md index f392c8295cbe..6c2a28ffc6db 100644 --- a/website/developer-docs/blueprints/v1/models.md +++ b/website/developer-docs/blueprints/v1/models.md @@ -4,11 +4,7 @@ Some models behave differently and allow for access to different API fields when ## `authentik_core.token` -### `key` - -:::info -Requires authentik 2023.4 -::: +### `key` authentik 2023.4+ Via the standard API, a token's key cannot be changed, it can only be rotated. This is to ensure a high entropy in it's key, and to prevent insecure data from being used. However, when provisioning tokens via a blueprint, it may be required to set a token to an existing value. @@ -30,11 +26,7 @@ For example: ## `authentik_core.user` -### `password` - -:::info -Requires authentik 2023.6 -::: +### `password` authentik 2023.6+ Via the standard API, a user's password can only be set via the separate `/api/v3/core/users//set_password/` endpoint. In blueprints, the password of a user can be set using the `password` field. @@ -53,11 +45,7 @@ For example: password: this-should-be-a-long-value ``` -### `permissions` - -:::info -Requires authentik 2024.8 -::: +### `permissions` authentik 2024.8+ The `permissions` field can be used to set global permissions for a user. A full list of possible permissions is included in the JSON schema for blueprints. @@ -75,11 +63,7 @@ For example: ## `authentik_core.application` -### `icon` - -:::info -Requires authentik 2023.5 -::: +### `icon` authentik 2023.5+ Application icons can be directly set to URLs with the `icon` field. @@ -97,11 +81,7 @@ For example: ## `authentik_sources_oauth.oauthsource`, `authentik_sources_saml.samlsource`, `authentik_sources_plex.plexsource` -### `icon` - -:::info -Requires authentik 2023.5 -::: +### `icon` authentik 2023.5+ Source icons can be directly set to URLs with the `icon` field. @@ -119,11 +99,7 @@ For example: ## `authentik_flows.flow` -### `icon` - -:::info -Requires authentik 2023.5 -::: +### `icon` authentik 2023.5+ Flow backgrounds can be directly set to URLs with the `background` field. @@ -143,11 +119,7 @@ For example: ## `authentik_rbac.role` -### `permissions` - -:::info -Requires authentik 2024.8 -::: +### `permissions` authentik 2024.8+ The `permissions` field can be used to set global permissions for a role. A full list of possible permissions is included in the JSON schema for blueprints. diff --git a/website/docs/expressions/_functions.md b/website/docs/expressions/_functions.md index da3b524e342f..dc934a101f31 100644 --- a/website/docs/expressions/_functions.md +++ b/website/docs/expressions/_functions.md @@ -29,11 +29,7 @@ user = list_flatten(["foo"]) # user = "foo" ``` -### `ak_call_policy(name: str, **kwargs) -> PolicyResult` - -:::info -Requires authentik 2021.12 -::: +### `ak_call_policy(name: str, **kwargs) -> PolicyResult` authentik 2021.12+ Call another policy with the name _name_. Current request is passed to policy. Key-word arguments can be used to modify the request's context. @@ -74,11 +70,7 @@ Example: other_user = ak_user_by(username="other_user") ``` -### `ak_user_has_authenticator(user: User, device_type: Optional[str] = None) -> bool` (2021.9+) - -:::info -Only available in property mappings with authentik 2022.9 and newer -::: +### `ak_user_has_authenticator(user: User, device_type: Optional[str] = None) -> bool` authentik 2022.9+ Check if a user has any authenticator devices. Only fully validated devices are counted. @@ -95,11 +87,7 @@ Example: return ak_user_has_authenticator(request.user) ``` -### `ak_create_event(action: str, **kwargs) -> None` - -:::info -Requires authentik 2022.9 -::: +### `ak_create_event(action: str, **kwargs) -> None` authentik 2022.9+ Create a new event with the action set to `action`. Any additional key-word parameters will be saved in the event context. Additionally, `context` will be set to the context in which this function is called. @@ -124,11 +112,7 @@ ip_address('192.0.2.1') in ip_network('192.0.2.0/24') # evaluates to True ``` -## DNS resolution and reverse DNS lookups - -:::note -Requires authentik 2023.3 or higher -::: +## DNS resolution and reverse DNS lookups authentik 2023.3+ To resolve a hostname to a list of IP addresses, use the functions `resolve_dns(hostname)` and `resolve_dns(hostname, ip_version)`. diff --git a/website/docs/flow/context/index.md b/website/docs/flow/context/index.md index 5b705f3752ea..b6c79415fb8c 100644 --- a/website/docs/flow/context/index.md +++ b/website/docs/flow/context/index.md @@ -60,7 +60,7 @@ When an unauthenticated user attempts to access a secured resource, they are red When a user authenticates/enrolls via an external source, this will be set to the source they are using. -#### `outpost` (dictionary) authentik 2024.10+ +#### `outpost` (dictionary) authentik 2024.10+ When a flow is executed by an Outpost (for example the [LDAP](../../providers/ldap/index.md) or [RADIUS](../../providers/radius/index.mdx)), this will be set to a dictionary containing the Outpost instance under the key `"instance"`. @@ -92,11 +92,7 @@ URL that the form will be submitted to. Key-value pairs of the data that is included in the form and will be submitted to `url`. -#### Captcha stage - -:::info -Requires authentik 2024.6 -::: +#### Captcha stage authentik 2024.6+ ##### `captcha` (dictionary) @@ -116,11 +112,7 @@ An optional list of all permissions that will be given to the application by gra #### Deny stage -##### `deny_message` (string) - -:::info -Requires authentik 2023.10 -::: +##### `deny_message` (string) authentik 2023.10+ Optionally overwrite the deny message shown, has a higher priority than the message configured in the stage. @@ -136,11 +128,7 @@ If set, this must be a list of group objects and not group names. Path the `pending_user` will be written to. If not set in the flow, falls back to the value set in the user_write stage, and otherwise to the `users` path. -##### `user_type` (string) - -:::info -Requires authentik 2023.10 -::: +##### `user_type` (string) authentik 2023.10+ Type the `pending_user` will be created as. Must be one of `internal`, `external` or `service_account`. diff --git a/website/docs/flow/examples/snippets.md b/website/docs/flow/examples/snippets.md index 1aae77af601e..1146ee03893f 100644 --- a/website/docs/flow/examples/snippets.md +++ b/website/docs/flow/examples/snippets.md @@ -2,11 +2,7 @@ title: Example policy snippets for flows --- -### Redirect current flow to another URL - -:::info -Requires authentik 2022.7 -::: +### Redirect current flow to another URL authentik 2022.7+ ```python plan = request.context.get("flow_plan") diff --git a/website/docs/flow/executors/sfe.md b/website/docs/flow/executors/sfe.md index 883f11756a9b..c68ec6eac9a9 100644 --- a/website/docs/flow/executors/sfe.md +++ b/website/docs/flow/executors/sfe.md @@ -2,7 +2,7 @@ title: Simplified flow executor --- -authentik 2024.6.1+ +authentik 2024.6.1+ A simplified web-based flow executor that authentik automatically uses for older browsers that do not support modern web technologies. diff --git a/website/docs/flow/executors/user-settings.md b/website/docs/flow/executors/user-settings.md index 615c424368d9..4771401dcd0e 100644 --- a/website/docs/flow/executors/user-settings.md +++ b/website/docs/flow/executors/user-settings.md @@ -2,9 +2,9 @@ title: User settings --- -:::info -Requires authentik 2022.3 -::: +authentik 2023.3+ + +--- The user interface (/if/user/) uses a specialized flow executor to allow individual users to customize their profile. A user's profile consists of key/value fields, so this executor only supports Prompt or User Write stages. If the configured flow contains another stage, a button will be shown to open the default executor. diff --git a/website/docs/flow/stages/authenticator_duo/index.md b/website/docs/flow/stages/authenticator_duo/index.md index abcd1c54f0a5..005e0a9187d3 100644 --- a/website/docs/flow/stages/authenticator_duo/index.md +++ b/website/docs/flow/stages/authenticator_duo/index.md @@ -10,25 +10,17 @@ Copy all of the integration key, secret key and API hostname, and paste them in Devices created reference the stage they were created with, since the API credentials are needed to authenticate. This also means when the stage is deleted, all devices are removed. -## Importing users +## Importing users authentik 2022.9+ :::info Due to the way the Duo API works, authentik can only automatically import existing Duo users when a Duo MFA or higher license is active. ::: -:::info -This requires authentik 2022.9 -::: - To import a device, open the Stages list in the authentik Admin interface. On the right next to the import button you'll see an import button, with which you can import Duo devices to authentik users. The Duo username can be found by navigating to your Duo Admin dashboard and selecting _Users_ in the sidebar. Optionally if you have multiple users with the same username, you can click on a User and copy their ID from the URL, and use that to import the device. -### Older versions - -:::info -This API requires authentik 2021.9.1 or later -::: +### Older versions authentik 2021.9.1+ You can call the `/api/v3/stages/authenticator/duo/{stage_uuid}/import_devices/` endpoint ([see here](https://goauthentik.io/api/#post-/stages/authenticator/duo/-stage_uuid-/import_devices/)) using the following parameters: diff --git a/website/docs/flow/stages/authenticator_sms/index.md b/website/docs/flow/stages/authenticator_sms/index.md index c2046df8c0c4..b9d785769598 100644 --- a/website/docs/flow/stages/authenticator_sms/index.md +++ b/website/docs/flow/stages/authenticator_sms/index.md @@ -46,11 +46,7 @@ return { } ``` -## Verify only - -:::info -Requires authentik 2022.6 -::: +## Verify only authentik 2022.6+ To only verify the validity of a users' phone number, without saving it in an easily accessible way, you can enable this option. Phone numbers from devices enrolled through this stage will only have their hashed phone number saved. These devices can also not be used with the [Authenticator validation](../authenticator_validate/) stage. diff --git a/website/docs/flow/stages/authenticator_validate/index.md b/website/docs/flow/stages/authenticator_validate/index.md index f509e2010e03..bc5e1aa45a15 100644 --- a/website/docs/flow/stages/authenticator_validate/index.md +++ b/website/docs/flow/stages/authenticator_validate/index.md @@ -23,19 +23,11 @@ Keep in mind that when using Code-based devices (TOTP, Static and SMS), values l ### Options -#### Less-frequent validation - -:::info -Requires authentik 2022.5.1 -::: +#### Less-frequent validation authentik 2022.5.1+ You can configure this stage to only ask for MFA validation if the user hasn't authenticated themselves within a defined time period. To configure this, set _Last validation threshold_ to any non-zero value. Any of the users devices within the selected classes are checked. -#### Passwordless authentication - -:::info -Requires authentik 2021.12.4 -::: +#### Passwordless authentication authentik 2021.12.4+ :::caution Firefox has some known issues regarding TouchID (see https://bugzilla.mozilla.org/show_bug.cgi?id=1536482) @@ -76,11 +68,7 @@ Logins which used Passwordless authentication have the _auth_method_ context var } ``` -#### WebAuthn Device type restrictions - -:::info -Requires authentik 2024.4 -::: +#### WebAuthn Device type restrictions authentik 2024.4+ Optionally restrict which WebAuthn device types can be used to authenticate. diff --git a/website/docs/flow/stages/authenticator_webauthn/index.md b/website/docs/flow/stages/authenticator_webauthn/index.md index b2717145d74a..7c47be1fbf4b 100644 --- a/website/docs/flow/stages/authenticator_webauthn/index.md +++ b/website/docs/flow/stages/authenticator_webauthn/index.md @@ -18,11 +18,7 @@ Configure if the created authenticator is stored in the encrypted memory on the Configure if authentik will require either a removable device (like a YubiKey, Google Titan, etc) or a non-removable device (like Windows Hello, TouchID or password managers), or not send a requirement. -#### Device type restrictions - -:::info -Requires authentik 2024.4 -::: +#### Device type restrictions authentik 2024.4+ Optionally restrict the types of devices allowed to be enrolled. This option can be used to ensure users are only able to enroll FIPS-compliant devices for example. diff --git a/website/docs/flow/stages/identification/index.md b/website/docs/flow/stages/identification/index.md index ad05f2390135..51e0f0e9fd46 100644 --- a/website/docs/flow/stages/identification/index.md +++ b/website/docs/flow/stages/identification/index.md @@ -22,11 +22,7 @@ To prompt users for their password on the same step as identifying themselves, a These fields specify if and which flows are linked on the form. The enrollment flow is linked as `Need an account? Sign up.`, and the recovery flow is linked as `Forgot username or password?`. -## Pretend user exists - -:::info -Requires authentik 2024.2 -::: +## Pretend user exists authentik 2024.2+ When enabled, any user identifier will be accepted as valid (as long as they match the correct format, i.e. when [User fields](#user-fields) is set to only allow Emails, then the identifier still needs to be an Email). The stage will succeed and the flow will continue to the next stage. Stages like the [Password stage](../password/index.md) and [Email stage](../email/index.mdx) are aware of this "pretend" user and will behave the same as if the user would exist. diff --git a/website/docs/flow/stages/source/index.md b/website/docs/flow/stages/source/index.md index e9fe848abb17..e69dbd4101d2 100644 --- a/website/docs/flow/stages/source/index.md +++ b/website/docs/flow/stages/source/index.md @@ -3,7 +3,7 @@ title: Source stage --- Enterprise -authentik 2024.4+ +authentik 2024.4+ --- diff --git a/website/docs/installation/automated-install.md b/website/docs/installation/automated-install.md index ca33a6481ab5..071d2a8a4d31 100644 --- a/website/docs/installation/automated-install.md +++ b/website/docs/installation/automated-install.md @@ -8,19 +8,11 @@ To install authentik automatically (skipping the Out-of-box experience), you can Configure the default password for the `akadmin` user. Only read on the first startup. Can be used for any flow executor. -### `AUTHENTIK_BOOTSTRAP_TOKEN` - -:::note -Requires authentik 2021.8 -::: +### `AUTHENTIK_BOOTSTRAP_TOKEN` authentik 2021.8+ Create a token for the default `akadmin` user. Only read on the first startup. The string you specify for this variable is the token key you can use to authenticate yourself to the API. -### `AUTHENTIK_BOOTSTRAP_EMAIL` - -:::note -Requires authentik 2023.3 -::: +### `AUTHENTIK_BOOTSTRAP_EMAIL` authentik 2023.3+ Set the email address for the default `akadmin` user. diff --git a/website/docs/installation/configuration.mdx b/website/docs/installation/configuration.mdx index 7dc0f91e7ef0..ace5557cc2fc 100644 --- a/website/docs/installation/configuration.mdx +++ b/website/docs/installation/configuration.mdx @@ -299,89 +299,53 @@ Disable the inbuilt update-checker. Defaults to `false`. - Kubeconfig - Existence of a docker socket -### `AUTHENTIK_LDAP__TASK_TIMEOUT_HOURS` - -:::info -Requires authentik 2023.1 -::: +### `AUTHENTIK_LDAP__TASK_TIMEOUT_HOURS` authentik 2023.1+ Timeout in hours for LDAP synchronization tasks. Defaults to `2`. -### `AUTHENTIK_LDAP__PAGE_SIZE` - -:::info -Requires authentik 2023.6.1 -::: +### `AUTHENTIK_LDAP__PAGE_SIZE` authentik 2023.6.1+ Page size for LDAP synchronization. Controls the number of objects created in a single task. Defaults to `50`. -### `AUTHENTIK_LDAP__TLS__CIPHERS` - -:::info -Requires authentik 2022.7 -::: +### `AUTHENTIK_LDAP__TLS__CIPHERS` authentik 2022.7+ Allows configuration of TLS Cliphers for LDAP connections used by LDAP sources. Setting applies to all sources. Defaults to `null`. -### `AUTHENTIK_REPUTATION__EXPIRY` - -:::info -Requires authentik 2023.8.2 -::: +### `AUTHENTIK_REPUTATION__EXPIRY` authentik 2023.8.2+ Configure how long reputation scores should be saved for in seconds. Note that this is different than [`AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION`](#redis-settings), as reputation is saved to the database every 5 minutes. Defaults to `86400`. -### `AUTHENTIK_SESSION_STORAGE` - -:::info -Requires authentik 2024.4 -::: +### `AUTHENTIK_SESSION_STORAGE` authentik 2024.4+ Configure if the sessions are stored in the cache or the database. Defaults to `cache`. Allowed values are `cache` and `db`. Note that changing this value will invalidate all previous sessions. -### `AUTHENTIK_WEB__WORKERS` - -:::info -Requires authentik 2022.9 -::: +### `AUTHENTIK_WEB__WORKERS` authentik 2022.9+ Configure how many gunicorn worker processes should be started (see https://docs.gunicorn.org/en/stable/design.html). Defaults to 2. A value below 2 workers is not recommended. In environments where scaling with multiple replicas of the authentik server is not possible, this number can be increased to handle higher loads. -### `AUTHENTIK_WEB__THREADS` - -:::info -Requires authentik 2022.9 -::: +### `AUTHENTIK_WEB__THREADS` authentik 2022.9+ Configure how many gunicorn threads a worker processes should have (see https://docs.gunicorn.org/en/stable/design.html). Defaults to 4. -### `AUTHENTIK_WORKER__CONCURRENCY` - -:::info -Requires authentik 2023.9.0 -::: +### `AUTHENTIK_WORKER__CONCURRENCY` authentik 2023.9+ Configure Celery worker concurrency for authentik worker (see https://docs.celeryq.dev/en/latest/userguide/configuration.html#worker-concurrency). This essentially defines the number of worker processes spawned for a single worker. Defaults to 2. -## System settings - -:::info -Requires authentik 2024.2 -::: +## System settings authentik 2024.2+ Additional settings are configurable using the Admin interface, under **System** -> **Settings** or using the API. diff --git a/website/docs/providers/oauth2/index.md b/website/docs/providers/oauth2/index.md index cc865a1a1672..cf4ae28a0c13 100644 --- a/website/docs/providers/oauth2/index.md +++ b/website/docs/providers/oauth2/index.md @@ -77,11 +77,7 @@ return True - `goauthentik.io/api`: This scope grants the refresh token access to the authentik API on behalf of the user -## Default scopes - -:::info -Requires authentik 2022.7 -::: +## Default scopes authentik 2022.7+ When a client does not request any scopes, authentik will treat the request as if all configured scopes were requested. Depending on the configured authorization flow, consent still needs to be given, and all scopes are listed there. diff --git a/website/docs/providers/proxy/header_authentication.md b/website/docs/providers/proxy/header_authentication.md index e7069b029e50..d3b04ae85c44 100644 --- a/website/docs/providers/proxy/header_authentication.md +++ b/website/docs/providers/proxy/header_authentication.md @@ -25,11 +25,7 @@ By default, when _Intercept header authentication_ is enabled, authentik will in If the proxied application requires usage of the "Authorization" header, the setting should be disabled. When this setting is disabled, authentik will still attempt to interpret the "Authorization" header, and fall back to the default behaviour if it can't. -### Receiving HTTP Basic authentication - -:::info -Requires authentik 2023.1 -::: +### Receiving HTTP Basic authentication authentik 2023.1+ Proxy providers can receive HTTP basic authentication credentials. The password is expected to be an _App password_, as the credentials are used internally with the [OAuth2 machine-to-machine authentication flow](../oauth2/client_credentials.md). @@ -43,11 +39,7 @@ It is **strongly** recommended that the client sending requests with HTTP-Basic Starting with authentik 2023.2, logging in with the reserved username `goauthentik.io/token` will behave as if a bearer token was used. All the same options as below apply. This is to allow token-based authentication for applications which might only support basic authentication. -### Receiving HTTP Bearer authentication - -:::info -Requires authentik 2023.1 -::: +### Receiving HTTP Bearer authentication authentik 2023.1+ Proxy providers can receive HTTP bearer authentication credentials. The token is expected to be a JWT token issued for the proxy provider. This is described [here](../oauth2/client_credentials.md), using the _client_id_ value shown in the admin interface. Both static and JWT authentication methods are supported. diff --git a/website/docs/providers/proxy/server_caddy.mdx b/website/docs/providers/proxy/server_caddy.mdx index fc91561a8c1a..dd05e0431add 100644 --- a/website/docs/providers/proxy/server_caddy.mdx +++ b/website/docs/providers/proxy/server_caddy.mdx @@ -1,14 +1,10 @@ import Tabs from "@theme/Tabs"; import TabItem from "@theme/TabItem"; -# Caddy +# Caddy authentik 2022.8+ The configuration template shown below apply to both single-application and domain-level forward auth. -:::info -Requires authentik 2022.8 -::: - import Placeholders from "./__placeholders.md"; diff --git a/website/docs/providers/proxy/server_envoy.mdx b/website/docs/providers/proxy/server_envoy.mdx index fd99dd7b3785..5d76c3c9a7dd 100644 --- a/website/docs/providers/proxy/server_envoy.mdx +++ b/website/docs/providers/proxy/server_envoy.mdx @@ -1,14 +1,10 @@ import Tabs from "@theme/Tabs"; import TabItem from "@theme/TabItem"; -# Envoy +# Envoy authentik 2022.6+ The configuration template shown below apply to both single-application and domain-level forward auth. -:::info -Requires authentik 2022.6 -::: - :::info If you are using Istio and Kubernetes, use the port number that is exposed for your cluster. ::: diff --git a/website/docs/sources/github/index.md b/website/docs/sources/github/index.md index cf84d71a91c3..57fab9a85053 100644 --- a/website/docs/sources/github/index.md +++ b/website/docs/sources/github/index.md @@ -50,11 +50,7 @@ Save, and you now have Github as a source. For more details on how-to have the new source display on the Login Page see [here](../index.md#add-sources-to-default-login-page). ::: -### Checking for membership of a GitHub Organisation - -:::info -Requires authentik 2021.12.5. -::: +### Checking for membership of a GitHub Organisation authentik 2021.12.5.+ To check if the user is member of an organisation, you can use the following policy on your flows: diff --git a/website/docs/sources/oauth/index.md b/website/docs/sources/oauth/index.md index ee40581a3c76..2ab69973a817 100644 --- a/website/docs/sources/oauth/index.md +++ b/website/docs/sources/oauth/index.md @@ -14,11 +14,7 @@ This source allows users to enroll themselves with an external OAuth-based Ident Starting with authentik 2022.10, the default scopes can be replaced by prefix the value for scopes with `*`. -### OpenID Connect - -:::info -Requires authentik 2022.6 -::: +### OpenID Connect authentik 2022.6+ #### Well-known diff --git a/website/docs/user-group-role/groups/manage_groups.md b/website/docs/user-group-role/groups/manage_groups.md index 4f88af4197a9..c8d41910f866 100644 --- a/website/docs/user-group-role/groups/manage_groups.md +++ b/website/docs/user-group-role/groups/manage_groups.md @@ -43,11 +43,7 @@ To delete a group, follow these steps: You can assign a role to a group, and then all users in the group inherit the permissions assigned to that role. For instructions and more information, see ["Assign a role to a group"](../roles/manage_roles.md#assign-a-role-to-a-group). -## Delegating group member management - -:::info -Requires authentik 2024.4 -::: +## Delegating group member management authentik 2024.4+ To give a specific Role or User the ability to manage group members, the following permissions need to be granted on the matching Group object: diff --git a/website/docs/user-group-role/user/user_ref.md b/website/docs/user-group-role/user/user_ref.md index 6d0993978d37..fab480c3bedb 100644 --- a/website/docs/user-group-role/user/user_ref.md +++ b/website/docs/user-group-role/user/user_ref.md @@ -42,11 +42,7 @@ for group in user.ak_groups.all(): yield group.name ``` -## Path - -:::info -Requires authentik 2022.7 -::: +## Path authentik 2022.7+ Paths can be used to organize users into folders depending on which source created them or organizational structure. Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else. diff --git a/website/src/css/custom.css b/website/src/css/custom.css index beb7ca2f2838..7cc797cd2810 100644 --- a/website/src/css/custom.css +++ b/website/src/css/custom.css @@ -117,3 +117,10 @@ body { .navbar-sidebar__items { background-color: var(--ifm-color-primary); } + +.badge--version { + --ifm-badge-background-color: var(--ifm-color-info); + --ifm-badge-border-color: var(--ifm-badge-background-color); + font-size: 0.75rem; + vertical-align: middle; +} From 1c1c776a7688f345360c4a0f982fc91d1458bb00 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 23 Sep 2024 16:16:49 +0200 Subject: [PATCH 2/3] adjust colours Signed-off-by: Jens Langhammer --- website/src/css/custom.css | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/website/src/css/custom.css b/website/src/css/custom.css index 7cc797cd2810..7b27764bf358 100644 --- a/website/src/css/custom.css +++ b/website/src/css/custom.css @@ -119,7 +119,8 @@ body { } .badge--version { - --ifm-badge-background-color: var(--ifm-color-info); + --ifm-badge-background-color: var(--ifm-color-primary-contrast-background); + color: var(--ifm-color-primary-contrast-foreground); --ifm-badge-border-color: var(--ifm-badge-background-color); font-size: 0.75rem; vertical-align: middle; From 0dcd28ad111ea174b79bfe11c92924ce972e45d6 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 23 Sep 2024 16:38:19 +0200 Subject: [PATCH 3/3] fix some anchors Signed-off-by: Jens Langhammer --- website/docs/flow/stages/identification/index.md | 2 +- website/docs/flow/stages/password/index.md | 2 +- website/docs/installation/configuration.mdx | 4 ++-- website/docs/releases/2022/v2022.9.md | 2 +- website/docs/user-group-role/user/user_ref.md | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/website/docs/flow/stages/identification/index.md b/website/docs/flow/stages/identification/index.md index 51e0f0e9fd46..fa592812a4c7 100644 --- a/website/docs/flow/stages/identification/index.md +++ b/website/docs/flow/stages/identification/index.md @@ -42,7 +42,7 @@ Starting with authentik 2023.5, when no user fields are selected and only one so ### Passwordless flow -See [Passwordless authentication](../authenticator_validate/index.md#passwordless-authentication). +See [Passwordless authentication](../authenticator_validate/index.md#passwordless-authentication-authentik-2021124). ### Enrollment flow diff --git a/website/docs/flow/stages/password/index.md b/website/docs/flow/stages/password/index.md index b893c2ac7f88..08539322a773 100644 --- a/website/docs/flow/stages/password/index.md +++ b/website/docs/flow/stages/password/index.md @@ -6,7 +6,7 @@ This is a generic password prompt which authenticates the current `pending_user` ## Passwordless login -There are two different ways to configure passwordless authentication; you can follow the instructions [here](../authenticator_validate/index.md#passwordless-authentication) to allow users to directly authenticate with their authenticator (only supported for WebAuthn devices), or dynamically skip the password stage depending on the users device, which is documented here. +There are two different ways to configure passwordless authentication; you can follow the instructions [here](../authenticator_validate/index.md#passwordless-authentication-authentik-2021124) to allow users to directly authenticate with their authenticator (only supported for WebAuthn devices), or dynamically skip the password stage depending on the users device, which is documented here. Depending on what kind of device you want to require the user to have: diff --git a/website/docs/installation/configuration.mdx b/website/docs/installation/configuration.mdx index ace5557cc2fc..fe17de340b75 100644 --- a/website/docs/installation/configuration.mdx +++ b/website/docs/installation/configuration.mdx @@ -123,7 +123,7 @@ Note that `USE_PGBOUNCER` and `USE_PGPOOL` are inherited from the main database - `AUTHENTIK_CACHE__TIMEOUT_REPUTATION`: Timeout for cached reputation until they expire in seconds, defaults to 300 :::info - `AUTHENTIK_CACHE__TIMEOUT_REPUTATION` only applies to the cache expiry, see [`AUTHENTIK_REPUTATION__EXPIRY`](#authentik_reputation__expiry) to control how long reputation is persisted for. + `AUTHENTIK_CACHE__TIMEOUT_REPUTATION` only applies to the cache expiry, see [`AUTHENTIK_REPUTATION__EXPIRY`](#authentik_reputation__expiry-authentik-202382) to control how long reputation is persisted for. ::: ## Channel Layer Settings (inter-instance communication) @@ -136,7 +136,7 @@ Note that `USE_PGBOUNCER` and `USE_PGPOOL` are inherited from the main database - `AUTHENTIK_BROKER__TRANSPORT_OPTIONS`: Base64-encoded broker transport options :::info - `AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION` only applies to the cache expiry, see [`AUTHENTIK_REPUTATION__EXPIRY`](#authentik_reputation__expiry) to control how long reputation is persisted for. + `AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION` only applies to the cache expiry, see [`AUTHENTIK_REPUTATION__EXPIRY`](#authentik_reputation__expiry-authentik-202382) to control how long reputation is persisted for. ::: ## Listen Settings diff --git a/website/docs/releases/2022/v2022.9.md b/website/docs/releases/2022/v2022.9.md index a70916cf6a72..cd0b89cf2bd3 100644 --- a/website/docs/releases/2022/v2022.9.md +++ b/website/docs/releases/2022/v2022.9.md @@ -5,7 +5,7 @@ slug: "/releases/2022.9" ## Breaking changes -- `WORKERS` environment variable has been renamed to match other config options, see [Configuration](../installation/configuration#authentik_web__workers) +- `WORKERS` environment variable has been renamed to match other config options, see [Configuration](../../installation/configuration.mdx#authentik_web__workers-authentik-20229) ## New features diff --git a/website/docs/user-group-role/user/user_ref.md b/website/docs/user-group-role/user/user_ref.md index fab480c3bedb..93c83687f9a1 100644 --- a/website/docs/user-group-role/user/user_ref.md +++ b/website/docs/user-group-role/user/user_ref.md @@ -14,7 +14,7 @@ The User object has the following properties: - `is_active` Boolean field if user is active. - `date_joined` Date user joined/was created. - `password_change_date` Date password was last changed. -- `path` User's path, see [Path](#path) +- `path` User's path, see [Path](#path-authentik-20227) - `attributes` Dynamic attributes, see [Attributes](#attributes) - `group_attributes()` Merged attributes of all groups the user is member of and the user's own attributes. - `ak_groups` This is a queryset of all the user's groups.