Skip to main content

Release 2022.4

Breaking changes

  • Removal of HTTP Basic authentication for API requests

    For legacy reasons, authentik used to support HTTP-Basic authenticated requests, using the token as a password. This has been removed.

  • Removal of deprecated context in Expression policies used in prompt stages

    Before this version, you could use both context['*field_name*'] and context['prompt_data']['*field_name*']. The former one has been removed as it could overwrite other data in the context if the field name is the same as another context value.

  • Added name field for invitations

    Invitations now require a name, used to better identify their purpose.

New features

  • Application Grouping

    Applications can now be grouped together to better organise connected applications in the user dashboard.

  • JWT authentication for client_credentials grants

    Providers can now be configured to accept JWTs signed by configured certificates, which makes it a lot easier to services access to authentik, when an existing machine/service identity is provided (for example, this can be used to let Kubernetes Pods authenticate themselves to authentik via their service account)

Minor changes/fixes

  • core: add method to set key of token
  • core: add num_pk to group for applications that need a numerical group id
  • internal: disable HTML encoding in go-generated log messages
  • lifecycle: fix password and hostname in redis URI not properly quoted
  • outposts: check if docker ports should be mapped before comparing ports
  • policies: add policy log messages to test endpoints
  • providers/oauth2: map internal groups to GitHub teams in GHE OAuth emulation (#2497)
  • providers/oauth2: pass scope and other parameters to access policy request context
  • stages/email: allow overriding of destination email in plan context
  • stages/invitation: add invitation name
  • stages/prompt: filter rest_framework.fields.empty when field is not required
  • stages/prompt: fix non-required fields not allowing blank values
  • stages/prompt: set field default based on placeholder
  • tenants: add tenant-level attributes, applied to users based on request
  • web: live-convert to slug in fields where only slugs are allowed
  • web: migrate dropdowns to wizards (#2633)
  • web/admin: allow editing of invitations
  • web/admin: fix missing protocols on generated nginx config
  • web/admin: trigger update when provider wizard finishes
  • web/user: add column layouts


This release does not introduce any new requirements.


Download the docker-compose file for 2022.4 from here. Afterwards, simply run docker-compose up -d.


Update your values to use the new images:

tag: 2022.4.1