authentik-client

2026.2.1 · active · verified Wed Apr 15

authentik is an open-source Identity Provider (IdP) for modern SSO, supporting SAML, OAuth2/OIDC, LDAP, RADIUS, and more. This Python package, currently version 2026.2.1, is an automatically generated API client designed to interact with the authentik API from Python. Releases generally occur every two months, shifting to a three-month cycle starting with version 2026.5.

Common errors

```
ModuleNotFoundError: No module named 'authentik_client'
```
cause The 'authentik_client' package is not installed in the Python environment.

fix Install the package using 'pip install authentik-client'.
```
ImportError: cannot import name 'AdminApi' from 'authentik_client'
```
cause The 'AdminApi' class is not available in the 'authentik_client' module, possibly due to an outdated package version.

fix Ensure you have the latest version by running 'pip install --upgrade authentik-client'.
```
AttributeError: module 'authentik_client' has no attribute 'Configuration'
```
cause The 'Configuration' class is not present in the 'authentik_client' module, likely due to changes in the package's structure.

fix Refer to the latest authentik-client documentation for the correct usage and available classes.
```
TypeError: __init__() got an unexpected keyword argument 'host'
```
cause The 'host' parameter is not recognized in the 'authentik_client' initialization, indicating a change in the API client's initialization parameters.

fix Check the authentik-client documentation for the correct initialization parameters and update your code accordingly.
```
ValueError: Invalid URL 'None/api/v3': No scheme supplied. Perhaps you meant http://None/api/v3?
```
cause The 'host' parameter is not set or is None, leading to an invalid URL construction.

fix Ensure that the 'host' parameter is correctly set to the authentik server's URL during client initialization.

Warnings

deprecated The `ak_groups` attribute has been deprecated in authentik 2026.2. While it continues to function, it will generate configuration warnings. Custom code (e.g., expression policies, property mappings) should be updated to use `User.groups` instead for accessing user group memberships.
Fix: Update custom code to use `User.groups` for accessing group memberships instead of `ak_groups`.
breaking In authentik 2026.2, SCIM group syncing behavior changed significantly. Users are now filtered based on policies bound to the application. If a SCIM provider had a group filter setup, it will be deactivated, requiring manual review and reconfiguration.
Fix: Review and reconfigure SCIM providers with group filters, as they will be deactivated. Ensure policies are correctly bound to the application for user filtering.
breaking With authentik 2025.10, the Redis dependency was entirely removed. All caching, task management, embedded outpost session storage, and WebSocket connections were migrated to PostgreSQL. This change is expected to increase PostgreSQL database connections by approximately 50%. Any Redis-related settings in your authentik configuration should be removed.
Fix: Remove all Redis-related configurations and ensure your PostgreSQL instance is adequately scaled to handle increased connections. If PostgreSQL requires TLS, TLS 1.3 or the Extended Master Secret extension is now required.
gotcha Prior to fixes in versions around 2024.4/2025.10, authentik's OAuth client credentials grant implementation was reported to be non-standard, causing issues with many tools. While a fix has been implemented, users on older versions or those encountering issues should verify their OAuth client credentials flow.
Fix: Upgrade to the latest authentik version (2025.10 or newer). If upgrading is not immediately possible, consult authentik documentation or GitHub issues for workarounds or specific configurations for the OAuth client credentials grant.
gotcha Some documentation links for the Python API client on the PyPI project page were reported as 404s (as of November 2024), making it challenging to find client-specific API documentation directly.
Fix: Refer directly to the official authentik documentation website or the GitHub repository (`goauthentik/client-python`) for the most up-to-date and complete API client documentation.
gotcha Some users have reported the overall authentik documentation, including for client integration, as complex and challenging to navigate for beginners, with a steep learning curve for understanding core concepts and setting up integrations.
Fix: Consult community resources, specific integration guides, or seek support if facing difficulties. Focus on understanding core authentik concepts (providers, applications, flows, stages) before attempting complex client integrations.

Install

pip install authentik-client Install latest version

Imports

authentik_client
```
import authentik_client
```

ApiException

from authentik_client.rest import ApiException

CoreApi
```
from authentik_client import CoreApi
```

Configuration

from authentik_client import Configuration

Quickstart

This quickstart demonstrates how to initialize the authentik client with an access token (preferably via environment variables) and fetch a list of users using the CoreApi. Replace `YOUR_AUTHENTIK_TOKEN` and `https://your.authentik.instance/api/v3` with your actual authentik instance details and a valid token.

import authentik_client
from authentik_client.rest import ApiException
import os

# Configure API key authorization: authentik
# For machine-to-machine authentication, typically an application-specific token is used.
# Set AUTHENTIK_HOST and AUTHENTIK_ACCESS_TOKEN environment variables.
configuration = authentik_client.Configuration(
    host=os.environ.get("AUTHENTIK_HOST", "https://your.authentik.instance/api/v3"),
    access_token=os.environ.get("AUTHENTIK_ACCESS_TOKEN", "YOUR_AUTHENTIK_TOKEN")
)

# Create an instance of the API class
with authentik_client.ApiClient(configuration) as api_client:
    # Create an instance of the Core API (or any other API you need)
    core_api = authentik_client.CoreApi(api_client)

    try:
        # Example: Get a list of users
        # For a full list of available APIs and models, refer to the client's documentation.
        users_page = core_api.core_users_list()
        print("Successfully fetched users:")
        for user in users_page.results:
            print(f"  - {user.username} ({user.email})")

    except ApiException as e:
        print(f"Exception when calling CoreApi->core_users_list: {e}")
    except KeyError as e:
        print(f"Environment variable not set: {e}. Please set AUTHENTIK_HOST and AUTHENTIK_ACCESS_TOKEN.")

view raw JSON →