authentik-api 2026.2.2 → 2026.5.0.rc1

data/lib/authentik/api/models/saml_source.rb

@@ -79,6 +79,9 @@ module Authentik::Api
     # Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done.
     attr_accessor :allow_idp_initiated
 
+    # When enabled, the IdP will re-authenticate the user even if a session exists.
+    attr_accessor :force_authn
+
     # NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
     attr_accessor :name_id_policy
 
@@ -155,6 +158,7 @@ module Authentik::Api
         :'sso_url' => :'sso_url',
         :'slo_url' => :'slo_url',
         :'allow_idp_initiated' => :'allow_idp_initiated',
+        :'force_authn' => :'force_authn',
         :'name_id_policy' => :'name_id_policy',
         :'binding_type' => :'binding_type',
         :'verification_kp' => :'verification_kp',
@@ -207,6 +211,7 @@ module Authentik::Api
         :'sso_url' => :'String',
         :'slo_url' => :'String',
         :'allow_idp_initiated' => :'Boolean',
+        :'force_authn' => :'Boolean',
         :'name_id_policy' => :'SAMLNameIDPolicyEnum',
         :'binding_type' => :'BindingTypeEnum',
         :'verification_kp' => :'String',
@@ -382,6 +387,10 @@ module Authentik::Api
         self.allow_idp_initiated = attributes[:'allow_idp_initiated']
       end
 
+      if attributes.key?(:'force_authn')
+        self.force_authn = attributes[:'force_authn']
+      end
+
       if attributes.key?(:'name_id_policy')
         self.name_id_policy = attributes[:'name_id_policy']
       end
@@ -630,6 +639,7 @@ module Authentik::Api
           sso_url == o.sso_url &&
           slo_url == o.slo_url &&
           allow_idp_initiated == o.allow_idp_initiated &&
+          force_authn == o.force_authn &&
           name_id_policy == o.name_id_policy &&
           binding_type == o.binding_type &&
           verification_kp == o.verification_kp &&
@@ -651,7 +661,7 @@ module Authentik::Api
     # Calculates hash code according to all attributes.
     # @return [Integer] Hash code
     def hash
-      [pk, name, slug, enabled, promoted, authentication_flow, enrollment_flow, user_property_mappings, group_property_mappings, component, verbose_name, verbose_name_plural, meta_model_name, policy_engine_mode, user_matching_mode, managed, user_path_template, icon, icon_url, icon_themed_urls, group_matching_mode, pre_authentication_flow, issuer, sso_url, slo_url, allow_idp_initiated, name_id_policy, binding_type, verification_kp, signing_kp, digest_algorithm, signature_algorithm, temporary_user_delete_after, encryption_kp, signed_assertion, signed_response].hash
+      [pk, name, slug, enabled, promoted, authentication_flow, enrollment_flow, user_property_mappings, group_property_mappings, component, verbose_name, verbose_name_plural, meta_model_name, policy_engine_mode, user_matching_mode, managed, user_path_template, icon, icon_url, icon_themed_urls, group_matching_mode, pre_authentication_flow, issuer, sso_url, slo_url, allow_idp_initiated, force_authn, name_id_policy, binding_type, verification_kp, signing_kp, digest_algorithm, signature_algorithm, temporary_user_delete_after, encryption_kp, signed_assertion, signed_response].hash
     end
 
     # Builds the object from hash

data/lib/authentik/api/models/saml_source_request.rb

@@ -58,6 +58,9 @@ module Authentik::Api
     # Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done.
     attr_accessor :allow_idp_initiated
 
+    # When enabled, the IdP will re-authenticate the user even if a session exists.
+    attr_accessor :force_authn
+
     # NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent.
     attr_accessor :name_id_policy
 
@@ -126,6 +129,7 @@ module Authentik::Api
         :'sso_url' => :'sso_url',
         :'slo_url' => :'slo_url',
         :'allow_idp_initiated' => :'allow_idp_initiated',
+        :'force_authn' => :'force_authn',
         :'name_id_policy' => :'name_id_policy',
         :'binding_type' => :'binding_type',
         :'verification_kp' => :'verification_kp',
@@ -170,6 +174,7 @@ module Authentik::Api
         :'sso_url' => :'String',
         :'slo_url' => :'String',
         :'allow_idp_initiated' => :'Boolean',
+        :'force_authn' => :'Boolean',
         :'name_id_policy' => :'SAMLNameIDPolicyEnum',
         :'binding_type' => :'BindingTypeEnum',
         :'verification_kp' => :'String',
@@ -295,6 +300,10 @@ module Authentik::Api
         self.allow_idp_initiated = attributes[:'allow_idp_initiated']
       end
 
+      if attributes.key?(:'force_authn')
+        self.force_authn = attributes[:'force_authn']
+      end
+
       if attributes.key?(:'name_id_policy')
         self.name_id_policy = attributes[:'name_id_policy']
       end
@@ -510,6 +519,7 @@ module Authentik::Api
           sso_url == o.sso_url &&
           slo_url == o.slo_url &&
           allow_idp_initiated == o.allow_idp_initiated &&
+          force_authn == o.force_authn &&
           name_id_policy == o.name_id_policy &&
           binding_type == o.binding_type &&
           verification_kp == o.verification_kp &&
@@ -531,7 +541,7 @@ module Authentik::Api
     # Calculates hash code according to all attributes.
     # @return [Integer] Hash code
     def hash
-      [name, slug, enabled, promoted, authentication_flow, enrollment_flow, user_property_mappings, group_property_mappings, policy_engine_mode, user_matching_mode, user_path_template, icon, group_matching_mode, pre_authentication_flow, issuer, sso_url, slo_url, allow_idp_initiated, name_id_policy, binding_type, verification_kp, signing_kp, digest_algorithm, signature_algorithm, temporary_user_delete_after, encryption_kp, signed_assertion, signed_response].hash
+      [name, slug, enabled, promoted, authentication_flow, enrollment_flow, user_property_mappings, group_property_mappings, policy_engine_mode, user_matching_mode, user_path_template, icon, group_matching_mode, pre_authentication_flow, issuer, sso_url, slo_url, allow_idp_initiated, force_authn, name_id_policy, binding_type, verification_kp, signing_kp, digest_algorithm, signature_algorithm, temporary_user_delete_after, encryption_kp, signed_assertion, signed_response].hash
     end
 
     # Builds the object from hash

data/lib/authentik/api/models/ssf_provider.rb

@@ -33,10 +33,14 @@ module Authentik::Api
 
     attr_accessor :oidc_auth_providers
 
+    attr_accessor :oidc_auth_providers_obj
+
     attr_accessor :ssf_url
 
     attr_accessor :event_retention
 
+    attr_accessor :push_verify_certificates
+
     # Attribute mapping from ruby-style variable name to JSON key.
     def self.attribute_map
       {
@@ -49,8 +53,10 @@ module Authentik::Api
         :'signing_key' => :'signing_key',
         :'token_obj' => :'token_obj',
         :'oidc_auth_providers' => :'oidc_auth_providers',
+        :'oidc_auth_providers_obj' => :'oidc_auth_providers_obj',
         :'ssf_url' => :'ssf_url',
-        :'event_retention' => :'event_retention'
+        :'event_retention' => :'event_retention',
+        :'push_verify_certificates' => :'push_verify_certificates'
       }
     end
 
@@ -76,8 +82,10 @@ module Authentik::Api
         :'signing_key' => :'String',
         :'token_obj' => :'Token',
         :'oidc_auth_providers' => :'Array<Integer>',
+        :'oidc_auth_providers_obj' => :'Array<Provider>',
         :'ssf_url' => :'String',
-        :'event_retention' => :'String'
+        :'event_retention' => :'String',
+        :'push_verify_certificates' => :'Boolean'
       }
     end
 
@@ -158,6 +166,14 @@ module Authentik::Api
         end
       end
 
+      if attributes.key?(:'oidc_auth_providers_obj')
+        if (value = attributes[:'oidc_auth_providers_obj']).is_a?(Array)
+          self.oidc_auth_providers_obj = value
+        end
+      else
+        self.oidc_auth_providers_obj = nil
+      end
+
       if attributes.key?(:'ssf_url')
         self.ssf_url = attributes[:'ssf_url']
       else
@@ -167,6 +183,10 @@ module Authentik::Api
       if attributes.key?(:'event_retention')
         self.event_retention = attributes[:'event_retention']
       end
+
+      if attributes.key?(:'push_verify_certificates')
+        self.push_verify_certificates = attributes[:'push_verify_certificates']
+      end
     end
 
     # Show invalid properties with the reasons. Usually used together with valid?
@@ -206,6 +226,10 @@ module Authentik::Api
         invalid_properties.push('invalid value for "token_obj", token_obj cannot be nil.')
       end
 
+      if @oidc_auth_providers_obj.nil?
+        invalid_properties.push('invalid value for "oidc_auth_providers_obj", oidc_auth_providers_obj cannot be nil.')
+      end
+
       invalid_properties
     end
 
@@ -221,6 +245,7 @@ module Authentik::Api
       return false if @meta_model_name.nil?
       return false if @signing_key.nil?
       return false if @token_obj.nil?
+      return false if @oidc_auth_providers_obj.nil?
       true
     end
 
@@ -304,6 +329,16 @@ module Authentik::Api
       @token_obj = token_obj
     end
 
+    # Custom attribute writer method with validation
+    # @param [Object] oidc_auth_providers_obj Value to be assigned
+    def oidc_auth_providers_obj=(oidc_auth_providers_obj)
+      if oidc_auth_providers_obj.nil?
+        fail ArgumentError, 'oidc_auth_providers_obj cannot be nil'
+      end
+
+      @oidc_auth_providers_obj = oidc_auth_providers_obj
+    end
+
     # Checks equality by comparing each attribute.
     # @param [Object] Object to be compared
     def ==(o)
@@ -318,8 +353,10 @@ module Authentik::Api
           signing_key == o.signing_key &&
           token_obj == o.token_obj &&
           oidc_auth_providers == o.oidc_auth_providers &&
+          oidc_auth_providers_obj == o.oidc_auth_providers_obj &&
           ssf_url == o.ssf_url &&
-          event_retention == o.event_retention
+          event_retention == o.event_retention &&
+          push_verify_certificates == o.push_verify_certificates
     end
 
     # @see the `==` method
@@ -331,7 +368,7 @@ module Authentik::Api
     # Calculates hash code according to all attributes.
     # @return [Integer] Hash code
     def hash
-      [pk, name, component, verbose_name, verbose_name_plural, meta_model_name, signing_key, token_obj, oidc_auth_providers, ssf_url, event_retention].hash
+      [pk, name, component, verbose_name, verbose_name_plural, meta_model_name, signing_key, token_obj, oidc_auth_providers, oidc_auth_providers_obj, ssf_url, event_retention, push_verify_certificates].hash
     end
 
     # Builds the object from hash

data/lib/authentik/api/models/ssf_provider_request.rb

@@ -19,13 +19,16 @@ module Authentik::Api
 
     attr_accessor :event_retention
 
+    attr_accessor :push_verify_certificates
+
     # Attribute mapping from ruby-style variable name to JSON key.
     def self.attribute_map
       {
         :'name' => :'name',
         :'signing_key' => :'signing_key',
         :'oidc_auth_providers' => :'oidc_auth_providers',
-        :'event_retention' => :'event_retention'
+        :'event_retention' => :'event_retention',
+        :'push_verify_certificates' => :'push_verify_certificates'
       }
     end
 
@@ -45,7 +48,8 @@ module Authentik::Api
         :'name' => :'String',
         :'signing_key' => :'String',
         :'oidc_auth_providers' => :'Array<Integer>',
-        :'event_retention' => :'String'
+        :'event_retention' => :'String',
+        :'push_verify_certificates' => :'Boolean'
       }
     end
 
@@ -92,6 +96,10 @@ module Authentik::Api
       if attributes.key?(:'event_retention')
         self.event_retention = attributes[:'event_retention']
       end
+
+      if attributes.key?(:'push_verify_certificates')
+        self.push_verify_certificates = attributes[:'push_verify_certificates']
+      end
     end
 
     # Show invalid properties with the reasons. Usually used together with valid?
@@ -175,7 +183,8 @@ module Authentik::Api
           name == o.name &&
           signing_key == o.signing_key &&
           oidc_auth_providers == o.oidc_auth_providers &&
-          event_retention == o.event_retention
+          event_retention == o.event_retention &&
+          push_verify_certificates == o.push_verify_certificates
     end
 
     # @see the `==` method
@@ -187,7 +196,7 @@ module Authentik::Api
     # Calculates hash code according to all attributes.
     # @return [Integer] Hash code
     def hash
-      [name, signing_key, oidc_auth_providers, event_retention].hash
+      [name, signing_key, oidc_auth_providers, event_retention, push_verify_certificates].hash
     end
 
     # Builds the object from hash

data/lib/authentik/api/models/ssf_stream.rb

@@ -12,6 +12,8 @@ module Authentik::Api
   class SSFStream < ApiModelBase
     attr_accessor :pk
 
+    attr_accessor :status
+
     attr_accessor :provider
 
     attr_accessor :provider_obj
@@ -54,6 +56,7 @@ module Authentik::Api
     def self.attribute_map
       {
         :'pk' => :'pk',
+        :'status' => :'status',
         :'provider' => :'provider',
         :'provider_obj' => :'provider_obj',
         :'delivery_method' => :'delivery_method',
@@ -79,6 +82,7 @@ module Authentik::Api
     def self.openapi_types
       {
         :'pk' => :'String',
+        :'status' => :'SSFStreamStatusEnum',
         :'provider' => :'Integer',
         :'provider_obj' => :'SSFProvider',
         :'delivery_method' => :'DeliveryMethodEnum',
@@ -119,6 +123,10 @@ module Authentik::Api
         self.pk = nil
       end
 
+      if attributes.key?(:'status')
+        self.status = attributes[:'status']
+      end
+
       if attributes.key?(:'provider')
         self.provider = attributes[:'provider']
       else
@@ -277,6 +285,7 @@ module Authentik::Api
       return true if self.equal?(o)
       self.class == o.class &&
           pk == o.pk &&
+          status == o.status &&
           provider == o.provider &&
           provider_obj == o.provider_obj &&
           delivery_method == o.delivery_method &&
@@ -296,7 +305,7 @@ module Authentik::Api
     # Calculates hash code according to all attributes.
     # @return [Integer] Hash code
     def hash
-      [pk, provider, provider_obj, delivery_method, endpoint_url, events_requested, format, aud, iss].hash
+      [pk, status, provider, provider_obj, delivery_method, endpoint_url, events_requested, format, aud, iss].hash
     end
 
     # Builds the object from hash

data/lib/authentik/api/models/ssf_stream_status_enum.rb

@@ -0,0 +1,36 @@
+=begin
+This file is automatically generated by: https://openapi-generator.tech.
+Any manual changes will be lost when the OpenAPI scheme changes.
+
+=end
+
+require 'date'
+require 'time'
+
+module Authentik::Api
+  class SSFStreamStatusEnum
+    ENABLED = "enabled".freeze
+    PAUSED = "paused".freeze
+    DISABLED = "disabled".freeze
+    DISABLED_DELETED = "disabled_deleted".freeze
+
+    def self.all_vars
+      @all_vars ||= [ENABLED, PAUSED, DISABLED, DISABLED_DELETED].freeze
+    end
+
+    # Builds the enum from string
+    # @param [String] The enum value in the form of the string
+    # @return [String] The enum value
+    def self.build_from_hash(value)
+      new.build_from_hash(value)
+    end
+
+    # Builds the enum from string
+    # @param [String] The enum value in the form of the string
+    # @return [String] The enum value
+    def build_from_hash(value)
+      return value if SSFStreamStatusEnum.all_vars.include?(value)
+      raise "Invalid ENUM value #{value} for class #SSFStreamStatusEnum"
+    end
+  end
+end

data/lib/authentik/api/models/task.rb

@@ -104,7 +104,7 @@ module Authentik::Api
         :'message_id' => :'String',
         :'queue_name' => :'String',
         :'actor_name' => :'String',
-        :'state' => :'TaskStateEnum',
+        :'state' => :'TaskStatusEnum',
         :'mtime' => :'Time',
         :'retries' => :'Integer',
         :'eta' => :'Time',

data/lib/authentik/api/models/{task_state_enum.rb → task_status_enum.rb}

@@ -8,7 +8,7 @@ require 'date'
 require 'time'
 
 module Authentik::Api
-  class TaskStateEnum
+  class TaskStatusEnum
     QUEUED = "queued".freeze
     CONSUMED = "consumed".freeze
     PREPROCESS = "preprocess".freeze
@@ -32,8 +32,8 @@ module Authentik::Api
     # @param [String] The enum value in the form of the string
     # @return [String] The enum value
     def build_from_hash(value)
-      return value if TaskStateEnum.all_vars.include?(value)
-      raise "Invalid ENUM value #{value} for class #TaskStateEnum"
+      return value if TaskStatusEnum.all_vars.include?(value)
+      raise "Invalid ENUM value #{value} for class #TaskStatusEnum"
     end
   end
 end

data/lib/authentik/api/models/{notification_transport_mode_enum.rb → transport_mode_enum.rb}

@@ -8,7 +8,7 @@ require 'date'
 require 'time'
 
 module Authentik::Api
-  class NotificationTransportModeEnum
+  class TransportModeEnum
     LOCAL = "local".freeze
     WEBHOOK = "webhook".freeze
     WEBHOOK_SLACK = "webhook_slack".freeze
@@ -29,8 +29,8 @@ module Authentik::Api
     # @param [String] The enum value in the form of the string
     # @return [String] The enum value
     def build_from_hash(value)
-      return value if NotificationTransportModeEnum.all_vars.include?(value)
-      raise "Invalid ENUM value #{value} for class #NotificationTransportModeEnum"
+      return value if TransportModeEnum.all_vars.include?(value)
+      raise "Invalid ENUM value #{value} for class #TransportModeEnum"
     end
   end
 end

data/lib/authentik/api/models/usage_enum.rb

@@ -0,0 +1,33 @@
+=begin
+This file is automatically generated by: https://openapi-generator.tech.
+Any manual changes will be lost when the OpenAPI scheme changes.
+
+=end
+
+require 'date'
+require 'time'
+
+module Authentik::Api
+  class UsageEnum
+    MEDIA = "media".freeze
+
+    def self.all_vars
+      @all_vars ||= [MEDIA].freeze
+    end
+
+    # Builds the enum from string
+    # @param [String] The enum value in the form of the string
+    # @return [String] The enum value
+    def self.build_from_hash(value)
+      new.build_from_hash(value)
+    end
+
+    # Builds the enum from string
+    # @param [String] The enum value in the form of the string
+    # @return [String] The enum value
+    def build_from_hash(value)
+      return value if UsageEnum.all_vars.include?(value)
+      raise "Invalid ENUM value #{value} for class #UsageEnum"
+    end
+  end
+end

data/lib/authentik/api/models/user_account_lockdown_request.rb

@@ -0,0 +1,144 @@
+=begin
+This file is automatically generated by: https://openapi-generator.tech.
+Any manual changes will be lost when the OpenAPI scheme changes.
+
+=end
+
+require 'date'
+require 'time'
+
+module Authentik::Api
+  # Choose the target account before starting the lockdown flow.
+  class UserAccountLockdownRequest < ApiModelBase
+    # User to lock. If omitted, locks the current user (self-service).
+    attr_accessor :user
+
+    # Attribute mapping from ruby-style variable name to JSON key.
+    def self.attribute_map
+      {
+        :'user' => :'user'
+      }
+    end
+
+    # Returns attribute mapping this model knows about
+    def self.acceptable_attribute_map
+      attribute_map
+    end
+
+    # Returns all the JSON keys this model knows about
+    def self.acceptable_attributes
+      acceptable_attribute_map.values
+    end
+
+    # Attribute type mapping.
+    def self.openapi_types
+      {
+        :'user' => :'Integer'
+      }
+    end
+
+    # List of attributes with nullable: true
+    def self.openapi_nullable
+      Set.new([
+        :'user'
+      ])
+    end
+
+    # Initializes the object
+    # @param [Hash] attributes Model attributes in the form of hash
+    def initialize(attributes = {})
+      if (!attributes.is_a?(Hash))
+        fail ArgumentError, "The input argument (attributes) must be a hash in `Authentik::Api::UserAccountLockdownRequest` initialize method"
+      end
+
+      # check to see if the attribute exists and convert string to symbol for hash key
+      acceptable_attribute_map = self.class.acceptable_attribute_map
+      attributes = attributes.each_with_object({}) { |(k, v), h|
+        if (!acceptable_attribute_map.key?(k.to_sym))
+          fail ArgumentError, "`#{k}` is not a valid attribute in `Authentik::Api::UserAccountLockdownRequest`. Please check the name to make sure it's valid. List of attributes: " + acceptable_attribute_map.keys.inspect
+        end
+        h[k.to_sym] = v
+      }
+
+      if attributes.key?(:'user')
+        self.user = attributes[:'user']
+      end
+    end
+
+    # Show invalid properties with the reasons. Usually used together with valid?
+    # @return Array for valid properties with the reasons
+    def list_invalid_properties
+      warn '[DEPRECATED] the `list_invalid_properties` method is obsolete'
+      invalid_properties = Array.new
+      invalid_properties
+    end
+
+    # Check to see if the all the properties in the model are valid
+    # @return true if the model is valid
+    def valid?
+      warn '[DEPRECATED] the `valid?` method is obsolete'
+      true
+    end
+
+    # Checks equality by comparing each attribute.
+    # @param [Object] Object to be compared
+    def ==(o)
+      return true if self.equal?(o)
+      self.class == o.class &&
+          user == o.user
+    end
+
+    # @see the `==` method
+    # @param [Object] Object to be compared
+    def eql?(o)
+      self == o
+    end
+
+    # Calculates hash code according to all attributes.
+    # @return [Integer] Hash code
+    def hash
+      [user].hash
+    end
+
+    # Builds the object from hash
+    # @param [Hash] attributes Model attributes in the form of hash
+    # @return [Object] Returns the model itself
+    def self.build_from_hash(attributes)
+      return nil unless attributes.is_a?(Hash)
+      attributes = attributes.transform_keys(&:to_sym)
+      transformed_hash = {}
+      openapi_types.each_pair do |key, type|
+        if attributes.key?(attribute_map[key]) && attributes[attribute_map[key]].nil?
+          transformed_hash["#{key}"] = nil
+        elsif type =~ /\AArray<(.*)>/i
+          # check to ensure the input is an array given that the attribute
+          # is documented as an array but the input is not
+          if attributes[attribute_map[key]].is_a?(Array)
+            transformed_hash["#{key}"] = attributes[attribute_map[key]].map { |v| _deserialize($1, v) }
+          end
+        elsif !attributes[attribute_map[key]].nil?
+          transformed_hash["#{key}"] = _deserialize(type, attributes[attribute_map[key]])
+        end
+      end
+      new(transformed_hash)
+    end
+
+    # Returns the object in the form of hash
+    # @return [Hash] Returns the object in the form of hash
+    def to_hash
+      hash = {}
+      self.class.attribute_map.each_pair do |attr, param|
+        value = self.send(attr)
+        if value.nil?
+          is_nullable = self.class.openapi_nullable.include?(attr)
+          next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+        end
+
+        hash[param] = _to_hash(value)
+      end
+      hash
+    end
+
+  end
+
+end