{"id":6526,"library":"authentik-client","title":"authentik-client","description":"authentik is an open-source Identity Provider (IdP) for modern SSO, supporting SAML, OAuth2/OIDC, LDAP, RADIUS, and more. This Python package, currently version 2026.2.1, is an automatically generated API client designed to interact with the authentik API from Python. Releases generally occur every two months, shifting to a three-month cycle starting with version 2026.5.","status":"active","version":"2026.2.1","language":"en","source_language":"en","source_url":"https://github.com/goauthentik/client-python","tags":["authentication","identity management","SSO","OAuth2","OIDC","client","API","OpenAPI"],"install":[{"cmd":"pip install authentik-client","lang":"bash","label":"Install latest version"}],"dependencies":[{"reason":"Required Python version","package":"python","optional":false}],"imports":[{"symbol":"authentik_client","correct":"import authentik_client"},{"symbol":"ApiException","correct":"from authentik_client.rest import ApiException"},{"symbol":"CoreApi","correct":"from authentik_client import CoreApi"},{"symbol":"Configuration","correct":"from authentik_client import Configuration"}],"quickstart":{"code":"import authentik_client\nfrom authentik_client.rest import ApiException\nimport os\n\n# Configure API key authorization: authentik\n# For machine-to-machine authentication, typically an application-specific token is used.\n# Set AUTHENTIK_HOST and AUTHENTIK_ACCESS_TOKEN environment variables.\nconfiguration = authentik_client.Configuration(\n    host=os.environ.get(\"AUTHENTIK_HOST\", \"https://your.authentik.instance/api/v3\"),\n    access_token=os.environ.get(\"AUTHENTIK_ACCESS_TOKEN\", \"YOUR_AUTHENTIK_TOKEN\")\n)\n\n# Create an instance of the API class\nwith authentik_client.ApiClient(configuration) as api_client:\n    # Create an instance of the Core API (or any other API you need)\n    core_api = authentik_client.CoreApi(api_client)\n\n    try:\n        # Example: Get a list of users\n        # For a full list of available APIs and models, refer to the client's documentation.\n        users_page = core_api.core_users_list()\n        print(\"Successfully fetched users:\")\n        for user in users_page.results:\n            print(f\"  - {user.username} ({user.email})\")\n\n    except ApiException as e:\n        print(f\"Exception when calling CoreApi->core_users_list: {e}\")\n    except KeyError as e:\n        print(f\"Environment variable not set: {e}. Please set AUTHENTIK_HOST and AUTHENTIK_ACCESS_TOKEN.\")","lang":"python","description":"This quickstart demonstrates how to initialize the authentik client with an access token (preferably via environment variables) and fetch a list of users using the CoreApi. Replace `YOUR_AUTHENTIK_TOKEN` and `https://your.authentik.instance/api/v3` with your actual authentik instance details and a valid token."},"warnings":[{"fix":"Update custom code to use `User.groups` for accessing group memberships instead of `ak_groups`.","message":"The `ak_groups` attribute has been deprecated in authentik 2026.2. While it continues to function, it will generate configuration warnings. Custom code (e.g., expression policies, property mappings) should be updated to use `User.groups` instead for accessing user group memberships.","severity":"deprecated","affected_versions":">=2026.2"},{"fix":"Review and reconfigure SCIM providers with group filters, as they will be deactivated. Ensure policies are correctly bound to the application for user filtering.","message":"In authentik 2026.2, SCIM group syncing behavior changed significantly. Users are now filtered based on policies bound to the application. If a SCIM provider had a group filter setup, it will be deactivated, requiring manual review and reconfiguration.","severity":"breaking","affected_versions":">=2026.2"},{"fix":"Remove all Redis-related configurations and ensure your PostgreSQL instance is adequately scaled to handle increased connections. If PostgreSQL requires TLS, TLS 1.3 or the Extended Master Secret extension is now required.","message":"With authentik 2025.10, the Redis dependency was entirely removed. All caching, task management, embedded outpost session storage, and WebSocket connections were migrated to PostgreSQL. This change is expected to increase PostgreSQL database connections by approximately 50%. Any Redis-related settings in your authentik configuration should be removed.","severity":"breaking","affected_versions":">=2025.10"},{"fix":"Upgrade to the latest authentik version (2025.10 or newer). If upgrading is not immediately possible, consult authentik documentation or GitHub issues for workarounds or specific configurations for the OAuth client credentials grant.","message":"Prior to fixes in versions around 2024.4/2025.10, authentik's OAuth client credentials grant implementation was reported to be non-standard, causing issues with many tools. While a fix has been implemented, users on older versions or those encountering issues should verify their OAuth client credentials flow.","severity":"gotcha","affected_versions":"<2025.10"},{"fix":"Refer directly to the official authentik documentation website or the GitHub repository (`goauthentik/client-python`) for the most up-to-date and complete API client documentation.","message":"Some documentation links for the Python API client on the PyPI project page were reported as 404s (as of November 2024), making it challenging to find client-specific API documentation directly.","severity":"gotcha","affected_versions":"All versions (documentation access issue)"},{"fix":"Consult community resources, specific integration guides, or seek support if facing difficulties. Focus on understanding core authentik concepts (providers, applications, flows, stages) before attempting complex client integrations.","message":"Some users have reported the overall authentik documentation, including for client integration, as complex and challenging to navigate for beginners, with a steep learning curve for understanding core concepts and setting up integrations.","severity":"gotcha","affected_versions":"All versions (usability/learning curve)"}],"env_vars":null,"last_verified":"2026-04-15T00:00:00.000Z","next_check":"2026-07-14T00:00:00.000Z","problems":[{"fix":"Install the package using 'pip install authentik-client'.","cause":"The 'authentik_client' package is not installed in the Python environment.","error":"ModuleNotFoundError: No module named 'authentik_client'"},{"fix":"Ensure you have the latest version by running 'pip install --upgrade authentik-client'.","cause":"The 'AdminApi' class is not available in the 'authentik_client' module, possibly due to an outdated package version.","error":"ImportError: cannot import name 'AdminApi' from 'authentik_client'"},{"fix":"Refer to the latest authentik-client documentation for the correct usage and available classes.","cause":"The 'Configuration' class is not present in the 'authentik_client' module, likely due to changes in the package's structure.","error":"AttributeError: module 'authentik_client' has no attribute 'Configuration'"},{"fix":"Check the authentik-client documentation for the correct initialization parameters and update your code accordingly.","cause":"The 'host' parameter is not recognized in the 'authentik_client' initialization, indicating a change in the API client's initialization parameters.","error":"TypeError: __init__() got an unexpected keyword argument 'host'"},{"fix":"Ensure that the 'host' parameter is correctly set to the authentik server's URL during client initialization.","cause":"The 'host' parameter is not set or is None, leading to an invalid URL construction.","error":"ValueError: Invalid URL 'None/api/v3': No scheme supplied. Perhaps you meant http://None/api/v3?"}]}