Bot releases are hidden (Show)

hydra - v1.11.0

Published by aeneasr over 2 years ago

Happy new year! We are excited to announce to you the next iteration of Ory Hydra: Version 1.11.0!

This version has significant new features contributed by the awesome Open Source Community - you! But not only that:

Ory Hydra 2.0 is coming!

While a major version, we intend to keep all APIs with as few breaking changes as possible. The efforts focus on some long-standing issues in the persistence layer. In particular, data growth rate and performance improvements are the focus areas! If you are interested to see what is going on, check out PR #2796

And Ory Hydra 2.0 will be available as an API in Ory Cloud! If you are interested in Ory Cloud, apply to Ory Acceleration Program and receive a one-year free subscription for Ory Cloud's Start-Up plan. The Start-Up plan comes with convenient features such as custom domains and unlimited identities/tokens!

More on timelines and Ory Hydra 2.0 plans will follow later this year.

If these changes are not exciting enough already, Ory Hydra now supports loading Private and Public Keys from Hardware Security Modules, a physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, strong authentication, and other cryptographic functions. Thank you @aarmam for this amazing work! For more information, please read the guide.

Next up, Ory Hydra now natively supports the OpenID Connect Dynamic Client Registration and OAuth2 Dynamic Client Registration Protocol which can be enabled (optionally) in the configuration! Thank you @fjvierap for your hard work!

We do not stop there, @Xopek and @jagobagascon added the Support for JSON Web Token (JWT) Profile for OAuth 2.0 Authorization Grants (RFC7523) to Ory Hydra! This major improvement allows Ory Hydra to have an even better integration API than before!

For our Apple users and everyone eyeballing ARM64, we now distributed binaries and Docker Images for all platforms and CPU architectures, including Apple M1, Linux ARM (v6, v7, v8, ARM64), and - this is new - FreeBSD!

Lastly, we resolved a bug in the configuration loading which now allows loading complex configuration keys from environment variables without hassle!

Please notice that this release requires SQL migrations to be applied! As always, please make a backup before applying them!

Breaking Changes

To celebrate this change, we cleaned up the ways you install Ory software. There is now one central brew / bash curl repository:

-brew install ory/hydra/hydra
+brew install ory/tap/hydra

-bash <(curl https://raw.githubusercontent.com/ory/kratos/master/install.sh)
+bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) hydra

Endpoint PUT /clients now returns a 404 error when the OAuth2 Client to be updated does not exist. It returned 401 previously. This change requires you to run SQL migrations!

Co-authored-by: fjviera [email protected]

Please notice that this change requires SQL migrations to be applied! As always, please make a backup before applying them!

Co-authored-by: aeneasr [email protected]
Co-authored-by: Jagoba Gascón [email protected]
Co-authored-by: Gajewski Dmitriy [email protected]

Bug Fixes

Add hiring notice to README (#2893) (0a73d8b)
Bump deps (#2868) (b287287)
Contributors is upper case (5bad542)
Error handling in persister (#2860) (33d75d7)
FreeBSD build issue, env loading, add OTEL tracing (5158faa), closes #2597 #2912:

This fix addresses an issue where configuration values in arrays could not be loaded from environment variables, which is now possible. For more information on how Ory Hydra parses configuration, head over to the documentation!

Additionally, this PR resolves a build issue on FreeBSD - making it now possible to compile Ory Hydra with the FreeBSD target.

Lastly, this change adds OpenTelemetry support!
Missing imports (42fec62)
Missing stack traces (#2858) (1441658)
Patch should not reset client secret (#2872) (895de01), closes #2869
Remove codecov report for internal testhelpers (52a77a3), closes #2871
Remove contributors file (565aa2d)
Update v1.10 installation instructions for linux (#2799) (45afd0d):

The documentation for how to install hydra on linux is still using the old version tags
Use pop/v6 (b284353)
Version info nil on version api endpoint (#2894) (440e0b8)

Code Generation

Pin v1.11.0 release commit (5355a1a)

Documentation

Fix grammar issues and typos (#2830) (49b582c)
ORY -> Ory to follow styleguides (#2941) (5895d03)
Update bash install (5ca99e5)
Update coverage badge (1f89973), closes #2871
Use Ory instead of ORY in the documentation (#2939) (1b2f6a6)

Features

Add list of authors (#2831) (511a668), closes #2829
Add shellcheck to circleci (#2835) (38cbcc0), closes #2832
docs: Opentelemetry tracing (74da7b6)
ES256 for JWK generation (#2828) (5795bc3), closes #2453
Hardware Security Module support (#2625) (7578aa9):

This change introduces support for Hardware Security Modules, a physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, strong authentication, and other cryptographic functions.

If enabled, the Hardware Security Module is used to look up any keys. If no key is found, the software module is used as a fallback for lookup. This allows you to use the HSM for privileged keys, and the software module to manage lifecycle keys (e.g. for Token Exchange).

For more information, please read the guide.

Thank you to aarmam for this great contribution!
Native ARM64 support in Docker and Binaries (abffb09):

This release adds important security updates for the base Docker Images (e.g. Alpine). Additionally, Ory Hydra now has full ARM support have been resolved and the binaries are now downloadable for all major platforms.
OpenID Connect Dynamic Client Registration and OAuth2 Dynamic Client Registration Protocol (#2909) (6a18f62), closes #2568 #2549:

This feature adds first-class support for two IETF RFCs and one OpenID Spec:
To enable this feature, which is disabled by default, set
```
oidc:
  dynamic_client_registration:
    enabled: true
```
in your Ory Hydra configuration. Once enabled, endpoints POST, GET, PUT, and DELETE for /connect/register will be available at the public port!
Support for urn:ietf:params:oauth:grant-type:jwt-bearer grant type RFC 7523 (#2384) (858f2cf), closes #2229:

This change adds support for JSON Web Token (JWT) Profile for OAuth 2.0 Authorization Grants (RFC7523).
Users of Ory Hydra will be able to grant permission for OAuth 2.0 Client to act on behalf of some Resource Owner using JWT Bearer Assertions.

For more information about this feature, please head over to the documentation: https://www.ory.sh/hydra/docs/next/guides/oauth2-grant-type-jwt-bearer

Changelog

b052084e autogen(docs): generate and format documentation
61cef960 autogen(docs): generate and format documentation
04a25b1d autogen(docs): generate and format documentation
bdc365d2 autogen(docs): generate and format documentation
5a4e11c9 autogen(docs): generate and format documentation
7dd428e8 autogen(docs): generate and format documentation
844a5950 autogen(docs): generate and format documentation
31af257a autogen(docs): generate and format documentation
6cb74cbd autogen(docs): generate and format documentation
e8eeb8ea autogen(docs): generate and format documentation
f15f3398 autogen(docs): generate cli docs
9a4d04e3 autogen(docs): generate cli docs
72837a10 autogen(docs): update milestone document
e91e2d1c autogen(docs): update milestone document
ecb841c3 autogen(docs): update milestone document
91b0870e autogen(docs): update milestone document
e03a1fed autogen(docs): update milestone document
3236e31d autogen(docs): update milestone document
e10309c3 autogen(docs): update milestone document
745619f1 autogen(openapi): Regenerate swagger spec and internal client
2d544901 autogen(openapi): Regenerate swagger spec and internal client
41f61871 autogen(openapi): Regenerate swagger spec and internal client
4250f03c autogen(openapi): Regenerate swagger spec and internal client
7da8adf8 autogen: add v1.10.7 to version.schema.json
5355a1ab autogen: pin v1.11.0 release commit
e770afa6 autogen: pin v1.11.0-pre.0 release commit
ef11adf2 chore: bump aline to 3.14.3 (#2856)
50f9dc86 chore: document consent requirement for non-https redirect schemes (#2826)
7a71b2da chore: new goreleaser config
54eb3c8c chore: update docusaurus template
e2915351 chore: update docusaurus template
b75b20ab chore: update docusaurus template
b7ecf2c1 chore: update docusaurus template
d6873662 chore: update docusaurus template (#2838)
ebe46983 chore: update docusaurus template (#2846)
c0942885 chore: update docusaurus template (#2922)
21b470dc chore: update repository templates
4a734a24 chore: update repository templates
c8eb2e26 chore: update repository templates
47ff2b9e ci: bump groreleaser
5895d03a docs: ORY -> Ory to follow styleguides (#2941)
49b582c5 docs: fix grammar issues and typos (#2830)
5ca99e59 docs: update bash install
1f899732 docs: update coverage badge
1b2f6a67 docs: use Ory instead of ORY in the documentation (#2939)
74da7b6b feat(docs): opentelemetry tracing
5795bc3e feat: ES256 for JWK generation (#2828)
7578aa9f feat: Hardware Security Module support (#2625)
6a18f629 feat: OpenID Connect Dynamic Client Registration and OAuth2 Dynamic Client Registration Protocol (#2909)
511a6689 feat: add list of authors (#2831)
38cbcc02 feat: add shellcheck to circleci (#2835)
abffb098 feat: native ARM64 support in Docker and Binaries
858f2cf3 feat: support for urn:ietf:params:oauth:grant-type:jwt-bearer grant type RFC 7523 (#2384)
5158faae fix: FreeBSD build issue, env loading, add OTEL tracing
0a73d8be fix: add hiring notice to README (#2893)
b2872876 fix: bump deps (#2868)
5bad542a fix: contributors is upper case
33d75d79 fix: error handling in persister (#2860)
42fec62c fix: missing imports
14416584 fix: missing stack traces (#2858)
895de012 fix: patch should not reset client secret (#2872)
52a77a3e fix: remove codecov report for internal testhelpers
565aa2d4 fix: remove contributors file
45afd0d8 fix: update v1.10 installation instructions for linux (#2799)
b284353d fix: use pop/v6
440e0b82 fix: version info nil on version api endpoint (#2894)

Artifacts can be verified with cosign using this public key.

hydra - v1.10.6

Published by aeneasr about 3 years ago

Changelog

2f01882f autogen(docs): generate and format documentation
ba9501c8 autogen(docs): generate and format documentation
88890482 autogen(docs): generate and format documentation
3d08e960 autogen(docs): regenerate and update changelog
699c022e autogen(docs): update milestone document
10944a79 autogen: add v1.10.5 to version.schema.json
f1771f13 autogen: pin v1.10.6 release commit
57b41e93 chore: update x/sys to support go 1.17 (#2687)
87f4a58c docs: section for debugging jwks based client errors (#2680)
184a3c45 fix: documentation SYSTEM_SECRET -> SECRETS_SYSTEM (#2686)
df08c7fc fix: typo in errors.go (#2699)

Docker images

docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.10-sqlite
docker pull oryd/hydra:v1.10.6-sqlite
docker pull oryd/hydra:v1.10.6-sqlite
docker pull oryd/hydra:latest-sqlite
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.10
docker pull oryd/hydra:v1.10.6
docker pull oryd/hydra:v1.10.6
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.10-alpine
docker pull oryd/hydra:v1.10.6-alpine
docker pull oryd/hydra:v1.10.6-alpine
docker pull oryd/hydra:latest-alpine

hydra - v1.10.5

Published by aeneasr about 3 years ago

This patch introduces a faster and better janitor (database clean up routine), the ability to filter OAuth2 Clients by owner and name, and resolves a regression when parsing config environment variables.

Changelog

73744313 autogen(docs): generate and format documentation
447451ff autogen(docs): generate and format documentation
6f5c01a7 autogen(docs): generate cli docs
3a48df6d autogen(docs): update milestone document
a8675dd9 autogen(docs): update milestone document
b8085018 autogen(docs): update milestone document
cbf1c976 autogen(openapi): Regenerate swagger spec and internal client
4a66d0c5 autogen: add v1.10.3 to version.schema.json
16381f44 autogen: add v1.10.5-pre.1 to version.schema.json
a5d30aa0 autogen: pin v1.10.4 release commit
0456f54d autogen: pin v1.10.5 release commit
94cda7ac autogen: pin v1.10.5-pre.0 release commit
ba5547a9 autogen: pin v1.10.5-pre.1 release commit
4f74591b chore: adjust CODEOWNERS (#2659)
23bd2f79 chore: update docusaurus template
8d368178 chore: update docusaurus template (#2647)
575dc3fd chore: update docusaurus template (#2655)
a4e94615 chore: update docusaurus template (#2658)
5a811305 chore: update repository templates
a30f9d09 chore: update repository templates (#2656)
7ec39198 chore: update x library (#2674)
4083684b docs: add long flag --grant-types in 5min tutorial (#2650)
ea6fdfd6 feat: add owner/name filter to list clients (#2637)
6ea0bf8f feat: improve delete queries for janitor command (#2540)
564d18b3 fix: docs generator
81ab0af7 style: format

Docker images

docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.10-sqlite
docker pull oryd/hydra:v1.10.5-sqlite
docker pull oryd/hydra:v1.10.5-sqlite
docker pull oryd/hydra:latest-sqlite
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.10
docker pull oryd/hydra:v1.10.5
docker pull oryd/hydra:v1.10.5
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.10-alpine
docker pull oryd/hydra:v1.10.5-alpine
docker pull oryd/hydra:v1.10.5-alpine
docker pull oryd/hydra:latest-alpine

hydra - v1.10.3

Published by aeneasr over 3 years ago

Ory Hydra v0.10.3 brings several bug fixes and configuration features, in particular:

Adding the hydra keys import command;
Passing the client_id in the logout request;
Resolving prometheus cardinality issues;
Moving to go-jose for JSON Web Keys and JSON Web Tokens;
Supporting PKCE discovery in /.well-known/;
Support for Instana tracing.

For a full list of changes, please check below!

Bug Fixes

Add RFC 8414 pkce info to OpenID Connect Discovery (#2547) (9693168), closes #2311
Add the missing keys import command (#2521) (c4bc248), closes #2520
Audience should include client ID (#2455) (8c70394)
Build issues (5de255b)
Correct CodeFromRemote syntax (#2626) (d3ee859)
Intro docs (#2602) (bc87822)
No more windows workaround (#2632) (db73b44), closes #2160
oauth2: Enforce assertion check on userinfo aud field (#2524) (c463d9f):

This is so the check on the ok variable is effectual. Prior to this patch the type assertion on the *client.Client was setting the value of ok. Due to the fact the type assertion on *client.Client is already checked and on a false value it exits the func, this value will always be true.
Prometheus URL label (#2503) (f588ec6), closes #2502
README exemplary apps (#2579) (60e7042)
Resolve config parsing regression (58deacf), closes #2518
Resolve sdk build issues (68976f8)
Resolve sdk build issues (1807e89)
Resolve swagger generation issues (#2610) (53a50dd)
Use prebuilt ory cli and bump ory/x (#2605) (0f95e01), closes #2596
Wrong description (#2589) (5553a6f), closes #2587
WWW-Authenticate header in userinfo handler (#2454) (f701b28)

Code Generation

Pin v1.10.3 release commit (ea93158)

Code Refactoring

Integrate with fosite v0.40 (go-jose migration) (#2526) (5bdc4bc)

Documentation

Clearer wording in SPA notice for HTML forms (#2565) (64a332a):

See https://ory-community.slack.com/archives/C012RBW0F18/p1621977892051700
Fix erroneous sidebar commit (94ded27)
Fix typo ('ROCP' to 'ROPC') (#2633) (00e15aa)
Link to correct doc in help command (#2631) (3e5760f), closes #2366
Move api docs to top level (243a617)
New redoc api docs (9fb505f)
Rename sidebar api (f14d2e7)
Replace oryd in examples with ory (#2600) (5796994)

Features

Add custom claims to top-level JWT payload (#2545) (63402de), closes #1974
Add instana as possible tracing provider (#2548) (f74fe90)
Add max_conn_idle_time flag (#2551) (81e0784)
Import keys with a default key id (#2563) (cd3014c)
Pass client in logout request (#2483) (43b391d), closes #2468

Changelog

77d10004 autogen(docs): generate and format documentation
dbdc00cf autogen(docs): generate and format documentation
379f34a5 autogen(docs): generate and format documentation
a27b0575 autogen(docs): generate and format documentation
eddfa2d6 autogen(docs): generate and format documentation
754bb413 autogen(docs): generate and format documentation
64022e88 autogen(docs): generate and format documentation
cc1d698f autogen(docs): generate and format documentation
15581747 autogen(docs): generate and format documentation
2839bc8f autogen(docs): generate cli docs
fdfe7eb5 autogen(docs): generate cli docs
fe63f3fd autogen(docs): regenerate and update changelog
371a9aee autogen(docs): regenerate and update changelog
b98676e1 autogen(docs): update milestone document
6b29f75e autogen(docs): update milestone document
03247394 autogen(docs): update milestone document
8debee76 autogen(openapi): Regenerate swagger spec and internal client
9702d386 autogen(openapi): Regenerate swagger spec and internal client
70cd4a22 autogen(openapi): Regenerate swagger spec and internal client
b597c88e autogen(openapi): Regenerate swagger spec and internal client
02f766c5 autogen(openapi): Regenerate swagger spec and internal client
bdbb775b autogen(openapi): Regenerate swagger spec and internal client
be8de37c autogen(openapi): Regenerate swagger spec and internal client
737685ec autogen(openapi): Regenerate swagger spec and internal client
c07adb6f autogen(openapi): Regenerate swagger spec and internal client
0e9778a1 autogen: add v1.10.2 to version.schema.json
46b438ed autogen: add v1.10.3-pre.1 to version.schema.json
ea931581 autogen: pin v1.10.3 release commit
30b77e69 autogen: pin v1.10.3-pre.1 release commit
2579fe09 autogen: pin v1.10.3-pre.1 release commit
38ba27b4 chore(deps): bump color-string in /test/e2e/oauth2-client (#2592)
f85f5bec chore: bump ory/x and cleanup go.mod Closes #2609 by pulling in upstream fix https://github.com/ory/x/pull/373
e739e63a chore: coc shield
5730436f chore: docs sidebar uniform (#2591)
089fdc1b chore: format
19482e8c chore: update docusaurus template
110f7488 chore: update docusaurus template
52a1a252 chore: update docusaurus template
b48e54d7 chore: update docusaurus template
ef59ab27 chore: update docusaurus template (#2569)
9d5fc15a chore: update docusaurus template (#2590)
a303e9ec chore: update docusaurus template (#2595)
0d9a250e chore: update docusaurus template (#2611)
fc41dbe1 chore: update docusaurus template (#2613)
cb981ecf chore: update docusaurus template (#2615)
e06b8a51 chore: update docusaurus template (#2616)
510456d8 chore: update docusaurus template (#2617)
9cfec9d1 chore: update docusaurus template (#2619)
2ca6de61 chore: update docusaurus template (#2620)
60a14a34 chore: update repository templates
2fca5a4b chore: update repository templates
a347d7b1 chore: update repository templates
8a2b9aaa chore: update repository templates
64f0018c chore: update repository templates
3f88ca3e chore: update repository templates (#2550)
3f059264 chore: update repository templates (#2554)
5ae6fe60 chore: update repository templates (#2601)
06c34823 chore: update repository templates (#2630)
4f8d0bce ci: add codecov reporting
e6ee5b9d ci: explicit go mod cache keys (#2566)
64a332a9 docs: clearer wording in SPA notice for HTML forms (#2565)
94ded27c docs: fix erroneous sidebar commit
00e15aa0 docs: fix typo ('ROCP' to 'ROPC') (#2633)
3e5760f5 docs: link to correct doc in help command (#2631)
243a6173 docs: move api docs to top level
9fb505f2 docs: new redoc api docs
f14d2e71 docs: rename sidebar api
57969942 docs: replace oryd in examples with ory (#2600)
63402dee feat: add custom claims to top-level JWT payload (#2545)
f74fe90d feat: add instana as possible tracing provider (#2548)
81e0784b feat: add max_conn_idle_time flag (#2551)
cd3014cd feat: import keys with a default key id (#2563)
43b391d9 feat: pass client in logout request (#2483)
c463d9f8 fix(oauth2): enforce assertion check on userinfo aud field (#2524)
60e70426 fix: README exemplary apps (#2579)
f701b28e fix: WWW-Authenticate header in userinfo handler (#2454)
96931685 fix: add RFC 8414 pkce info to OpenID Connect Discovery (#2547)
c4bc248b fix: add the missing keys import command (#2521)
8c703945 fix: audience should include client ID (#2455)
5de255b0 fix: build issues
d3ee8598 fix: correct CodeFromRemote syntax (#2626)
bc878224 fix: intro docs (#2602)
db73b441 fix: no more windows workaround (#2632)
f588ec69 fix: prometheus URL label (#2503)
58deacf5 fix: resolve config parsing regression
1807e893 fix: resolve sdk build issues
68976f8f fix: resolve sdk build issues
53a50ddf fix: resolve swagger generation issues (#2610)
0f95e017 fix: use prebuilt ory cli and bump ory/x (#2605)
5553a6f2 fix: wrong description (#2589)
5bdc4bc1 refactor: integrate with fosite v0.40 (go-jose migration) (#2526)

Docker images

docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.10-sqlite
docker pull oryd/hydra:v1.10.3-sqlite
docker pull oryd/hydra:v1.10.3-sqlite
docker pull oryd/hydra:latest-sqlite
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.10
docker pull oryd/hydra:v1.10.3
docker pull oryd/hydra:v1.10.3
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.10-alpine
docker pull oryd/hydra:v1.10.3-alpine
docker pull oryd/hydra:v1.10.3-alpine
docker pull oryd/hydra:latest-alpine

hydra - v1.10.2

Published by aeneasr over 3 years ago

This maintenance release resolves regressions introduced in Ory Hydra v1.10.1. A big change is that Ory Hydra now supports PATCH operations for OAuth2 Clients and is able to handle TLS for admin and public endpoints individually. The breaking changes included in this release address two bugs which are marked as a BREAKING CHANGE. We believe however that these changes do not affect running systems and given the major improvements introduced by the fixes, we decided to mark this as a patch release.

1.10.2 (2021-05-04)

Bug Fixes

CookieStore MaxAge value (#2485) (#2488) (aafc901):

CookieStore MaxAge is set to 86400 * 30 by default. This prevents secure cookies retrieval with expiration > 30 days. MaxAge: 0 disables MaxAge check by SecureCookie, thus allowing sessions lasting > 30 days.
Do not use error_hint anymore (#2450) (ff90c47)
Handled requests respond with 410 Gone and include redirect URL (#2473) (e3d9158), closes #1569
Link in documentation (#2478) (5fdd913)
Login and consent redirect behavior change since 1.9.x (#2457) (2f3a1af), closes #2363:

Allow #fragment in configured url to keep backwards compatibility.
Make token user command work with public clients (#2479) (a033d6a)
Resolve clidoc issues (f6e5958)
Resolve specignore issues (1431167)
Use PublicURL where given (#2441) (eefefd5), closes #2422
Valid JSON response for already handled requests (#2517) (ac61616), closes #2515
Version schema (#2427) (7781215)

Code Refactoring

Move unix socket support helpers into ory/x (#2486) (44fd4e4)

Documentation

Add dotnet sdk (#2431) (014c773)
Add php link sdk page & fix links (#2469) (47cf3c7)
Change forum to discussions readme (#2451) (aa2919d):

same as https://github.com/ory/kratos/pull/1220
Fix uppercase id (8ac186c)
Guide for merging system.secrets (#2448) (5466d4e)

Features

Add the MaxTagValueLength config for jaeger of tracing (#2482) (03c96ee), closes #2447
Enable "nbf" (not before) claim to be optional for Access Token (#2437) (666cd25), closes #1542
Global docs sidebar and added cloud pages (#2495) (7f7362b)
Implement partial client updates (PATCH) with JSON Patch syntax (#2411) (540c89d):

Implements a new endpoint PATCH /clients/{id} which uses JSON Patch syntax to update an OAuth2 client partially. This removes the need to do PUT /clients/{id} with the full OAuth2 Client in the payload.
Split TLS config into admin and public interfaces (#2476) (60704d4), closes #1231 #1962:

Adds the possibility to specify TLS certificates for admin and public endpoints individually. Also improves compatibility for internal networks (e.g. Kubernetes) by removing the need for having TLS termination on admin endpoints. This can be enabled by setting serve.admin.tls.enabled to false.

BREAKING CHANGES

This patch makes it so that already handled consent/login/logout requests respond with 410 Gone instead of 409 Conflict. Additionally, a URL is included that the user should be redirected to!

Co-authored-by: hackerman [email protected]

This patch changes how issuer and public URLs are used. Please be aware that going forward, the public URL is used for redirects. Previously, the issuer URL was used. If no public URL is set, the issuer URL will be used as before.

Changelog

5c611f0c autogen(docs): generate and format documentation
09dc7743 autogen(docs): generate and format documentation
4d58f1fa autogen(docs): generate and format documentation
a02ffe9b autogen(docs): generate and format documentation
d8682a99 autogen(docs): generate and format documentation
24f91ab7 autogen(docs): generate and format documentation
2666562a autogen(docs): generate and format documentation
3151706d autogen(docs): generate and format documentation
1c0e8117 autogen(docs): generate and format documentation
7ba4b470 autogen(docs): generate and format documentation
79f3b900 autogen(docs): generate and format documentation
0c7a2add autogen(docs): generate and format documentation
af6beb81 autogen(docs): generate and format documentation
c9b99be2 autogen(docs): generate and format documentation
b6c34e0e autogen(docs): generate and format documentation
c1cc9476 autogen(docs): generate and format documentation
e0ccaf3c autogen(docs): generate and format documentation
40b09cdf autogen(docs): generate cli docs
bfa14a53 autogen(docs): regenerate and update changelog
3dbcf87b autogen(docs): update milestone document
db4eb720 autogen(docs): update milestone document
5d0d69e0 autogen(docs): update milestone document
598de159 autogen(docs): update milestone document
00a57bd0 autogen(docs): update milestone document
d33a4904 autogen(openapi): Regenerate swagger spec and internal client
3e37546a autogen(openapi): Regenerate swagger spec and internal client
fcc0dd20 autogen(openapi): Regenerate swagger spec and internal client
17cfc781 autogen(openapi): Regenerate swagger spec and internal client
4e6aebe8 autogen: add v1.10.1 to version.schema.json
1da2f24c autogen: pin v1.10.2 release commit
e8c3a06e autogen: pin v1.10.2 release commit
3bb0bb9a chore: bump base alpine images (#2439)
b8bac7f8 chore: bump ory/x
638562c7 chore: bump ory/x and gogo/protobuf (#2434)
73c99317 chore: fix links (#2481)
bd90f3e8 chore: fix sdk links (#2433)
380fc94d chore: format and cleanup
ddb34c1f chore: update docusaurus template
d99f2136 chore: update docusaurus template
6b01fa9d chore: update docusaurus template
cf2fe0c9 chore: update docusaurus template
eaa3f870 chore: update docusaurus template
c3d705d4 chore: update docusaurus template (#2493)
69a87a55 chore: update docusaurus template (#2494)
a76bf401 chore: update repository templates (#2443)
9a484fc0 chore: update vulnerable jwt-go
3d48259a ci: run conformity on PRs
014c773d docs: add dotnet sdk (#2431)
47cf3c76 docs: add php link sdk page & fix links (#2469)
aa2919dc docs: change forum to discussions readme (#2451)
8ac186c2 docs: fix uppercase id
5466d4e3 docs: guide for merging system.secrets (#2448)
03c96ee2 feat: add the MaxTagValueLength config for jaeger of tracing (#2482)
666cd258 feat: enable "nbf" (not before) claim to be optional for Access Token (#2437)
7f7362b4 feat: global docs sidebar and added cloud pages (#2495)
540c89d6 feat: implement partial client updates (PATCH) with JSON Patch syntax (#2411)
60704d49 feat: split TLS config into admin and public interfaces (#2476)
aafc901e fix: CookieStore MaxAge value (#2485) (#2488)
ff90c47f fix: do not use error_hint anymore (#2450)
e3d9158a fix: handled requests respond with 410 Gone and include redirect URL (#2473)
5fdd9130 fix: link in documentation (#2478)
2f3a1afb fix: login and consent redirect behavior change since 1.9.x (#2457)
a033d6a7 fix: make token user command work with public clients (#2479)
f6e59589 fix: resolve clidoc issues
14311673 fix: resolve specignore issues
eefefd51 fix: use PublicURL where given (#2441)
ac616163 fix: valid JSON response for already handled requests (#2517)
77812158 fix: version schema (#2427)
44fd4e42 refactor: move unix socket support helpers into ory/x (#2486)

Docker images

docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.10-sqlite
docker pull oryd/hydra:v1.10.2-sqlite
docker pull oryd/hydra:v1.10.2-sqlite
docker pull oryd/hydra:latest-sqlite
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.10
docker pull oryd/hydra:v1.10.2
docker pull oryd/hydra:v1.10.2
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.10-alpine
docker pull oryd/hydra:v1.10.2-alpine
docker pull oryd/hydra:v1.10.2-alpine
docker pull oryd/hydra:latest-alpine

hydra - v1.10.1

Published by aeneasr over 3 years ago

We are excited to announce Ory Hydra v1.10.0!

This release adds significant data management improvements. As such, we introduce the new "hydra janitor" command which cleans up stale data and can be run, for example, as a (Kubernetes) CronJob.

The new janitor command is able to clean up invalid and expired access and refresh tokens as well as login and consent requests. This solves issues observed in installations with lots of traffic.

This patch refactors the internal file embed system by migrating to Go 1.16, simplifying and speeding up the build process.

To follow OAuth2 best-practice, refresh tokens will now invalidate the whole access and refresh token chain if reused.

1.10.1 (2021-03-25)

Bug Fixes

Add docs/node_modules make target (b302501)
Add network specific error message to avoid confusion (#2367) (56d71e6), closes #2338
Adds sqa section to config.schema.json (#2360) (89df8d7), closes #2358:

Move from viper to koanf caused env vars without corresponding
paths in config.schema.json to be ignored. This commit adds
missing sqa section, so the SQA_OPT_OUT env var has effect again.
Adopt new cli renderer pipeline (02483ce)
Better http resiliency and sqlite updates (883a84f)
Improve cache and update CI images to go 1.16 (#2388) (7803202)
Increase conformance test timeout (e9bd064)
Record cypress videos (c9d0a26)
Resolve clidoc issues (8257cb2)
Resolve docs build issues (6612099)
Resolve e2e test issues (4812f54)
Resolve migrator duplicate files (b1f63ff)
Resolve migrator regression issues (cdfc03d)
Revert mode default and maximum values (#2349) (b20fc48):

I made a mistake in previous pull request, these socket mode values are in decimal, not octal format. Sorry.
Update janitor help (b7965c6)
Use appropriate migrations with precedence (b61d05c)
Use gelf windows hotfix (0cac0f1)
Use go 1.16 in conformity suite (3fbda05)

Documentation

Faq custom data (#2334) (471e85d)
Fix basic examples for the golang SDK (#2399) (6806865)
Fix subject identifier algorithms to match configuration (#2400) (dd19b86):

On https://www.ory.sh/hydra/docs/reference/configuration/ under 'subject identifiers' the name for defining which subject identifier algorithms are supported it is called "supported_types", not "enabled" as in these pages.
Improve readme tests section (#2380) (277afe9)
Quickstart config (#2328) (f20f645)
Update config.schema.json default values (#2348) (8494822):

Updated wrong config schema values
Update examples to new helm install command format (#2369) (f006556):

Tried example with helm 3.5.2 and it does not support --name flag. So I moved name and repository to first line of commands.

Features

Add --no-shutdown flag to "hydra token user" to prevent auto-termination (#2382) (#2386) (a17d10e)
Add front/backchannel logout params to client cli (#2387) (055f801), closes #1487
Flush inactive/expired login and consent requests (#2381) (f039ebb), closes #1574:

This patch resolves various table growth issues caused by expired/inactive login and consent flows never being purged from the database.

You may now use the new hydra janitor command to remove access & refresh tokens and login & consent requests which are no longer valid or used. The command follows the notAfter safe-guard approach to ensure records needed to be kept are not deleted.

To learn more, please use hydra help janitor.

This patch phases out the /oauth2/flush endpoint as the janitor is better suited for background tasks, is easier to run in a targeted fashion (e.g. as a singleton job), and does not cause HTTP timeouts.
Flush refresh tokens for service oauth2/flush (#2373) (b46a14c), closes /github.com/ory/hydra/issues/1574#issuecomment-736684327
Move to go 1.16 and static embed files (6fa591c)
Refresh token reuse detection (#2383) (bc349f1), closes #2022:

This patch adds support for Refresh Token reuse Detection introduced by https://github.com/ory/fosite/pull/567. Ory Hydra's persister no longer deletes refresh tokens when using them, but instead deactivates them - similar to how authorization codes work.

Tests

Bump cypress to newer version and add resilience (c76309c)
Bump ory/x and resolve regressions (1a03c07)
Fix record arg (b248406)
Improve e2e script and add record option (9d4764d)
Resolve flaky cypress tests (356b05f)
Resolve migration regression (e59e2bc)
Use cypress fetchers (2aa0980)
Use go 1.16 in conformity (ccd983d)

Unclassified

Do not send 404 on revoke consent / delete login (#2397) (854b9ee)
Resolve oidc conformity regression (1049602)

Changelog

ce7ee75c autogen(docs): generate and format documentation
74bfe9ce autogen(docs): generate and format documentation
ec93526e autogen(docs): generate and format documentation
4cc80123 autogen(docs): generate and format documentation
21c62857 autogen(docs): generate and format documentation
67d9b387 autogen(docs): generate and format documentation
dc97559d autogen(docs): generate and format documentation
a11527f1 autogen(docs): generate and format documentation
e18e9669 autogen(docs): generate and format documentation
9ad9c1d3 autogen(docs): generate and format documentation
d3697cd9 autogen(docs): generate cli docs
83f8ebd0 autogen(docs): generate cli docs
7731121d autogen(docs): generate cli docs
d6c82091 autogen(docs): generate cli docs
8f939da6 autogen(docs): generate cli docs
5005c9a7 autogen(docs): regenerate and update changelog
48b75ab7 autogen(docs): regenerate and update changelog
97e3f80f autogen(docs): regenerate and update changelog
69e7bef3 autogen(docs): regenerate and update changelog
003a6820 autogen(docs): regenerate and update changelog
c1e9b38a autogen(docs): regenerate and update changelog
eb5c5305 autogen(docs): regenerate and update changelog
5210a0fd autogen(docs): regenerate and update changelog
4eafcfe1 autogen(docs): regenerate and update changelog
c84fcdf4 autogen(docs): update milestone document
d4d243ff autogen(docs): update milestone document
1cce525e autogen(docs): update milestone document
ac95a335 autogen(openapi): Regenerate swagger spec and internal client
f6ef7514 autogen(openapi): Regenerate swagger spec and internal client
cc7a8e46 autogen(openapi): Regenerate swagger spec and internal client
b660fa39 autogen(openapi): Regenerate swagger spec and internal client
72a2e2f3 autogen(openapi): Regenerate swagger spec and internal client
756f19fc autogen(openapi): Regenerate swagger spec and internal client
f5b993a2 autogen(openapi): Regenerate swagger spec and internal client
577ad1bc autogen(openapi): Regenerate swagger spec and internal client
582aca38 autogen(openapi): Regenerate swagger spec and internal client
27dc147a autogen: add v1.9.2 to version.schema.json
ed096e92 autogen: add v1.9.3-pre.5 to version.schema.json
bf8f805f autogen: pin v1.10.0 release commit
60b2434e autogen: pin v1.10.0 release commit
2287ac59 autogen: pin v1.10.1 release commit
c3833af2 autogen: pin v1.10.1-pre.1 release commit
01af32f3 autogen: pin v1.10.1-pre.2 release commit
440d171d autogen: pin v1.9.3-pre.0 release commit
38b6317a autogen: pin v1.9.3-pre.1 release commit
149db769 autogen: pin v1.9.3-pre.2 release commit
26615cbb autogen: pin v1.9.3-pre.3 release commit
bf652999 autogen: pin v1.9.3-pre.4 release commit
be012b6d autogen: pin v1.9.3-pre.5 release commit
d2aecf88 chore(deps): bump pug-code-gen in /test/e2e/oauth2-client (#2376)
d0ef3e37 chore: fix go mod
ab06db3e chore: fix link (#2359)
4b595e87 chore: update docusaurus template
15653367 chore: update docusaurus template (#2424)
785e743e chore: update package lock
f4ed887a chore: update repository templates
96627651 chore: update repository templates
cb64d68d chore: update repository templates
1d314105 chore: update repository templates (#2362)
a3295561 chore: update repository templates (#2378)
e3d60323 ci: add trailing slash to prettier check (#2389)
e819e7b5 ci: adopt new swagger ignorepkgs
0afd9fc0 ci: bump orbs
7f806e55 ci: fix yaml syntax error
0326699f ci: link to cypress project
d8ad323f ci: reorder e2e execution
94593db5 ci: run e2e tests in one container (#2391)
d17f5050 ci: use nancy command instead of job (#2390)
854b9eed consent: do not send 404 on revoke consent / delete login (#2397)
471e85d2 docs: faq custom data (#2334)
68068651 docs: fix basic examples for the golang SDK (#2399)
dd19b86b docs: fix subject identifier algorithms to match configuration (#2400)
277afe9d docs: improve readme tests section (#2380)
f20f6459 docs: quickstart config (#2328)
84948220 docs: update config.schema.json default values (#2348)
f006556f docs: update examples to new helm install command format (#2369)
a17d10e7 feat: add --no-shutdown flag to "hydra token user" to prevent auto-termination (#2382) (#2386)
055f801e feat: add front/backchannel logout params to client cli (#2387)
f039ebbd feat: flush inactive/expired login and consent requests (#2381)
b46a14cd feat: flush refresh tokens for service oauth2/flush (#2373)
6fa591c8 feat: move to go 1.16 and static embed files
bc349f1f feat: refresh token reuse detection (#2383)
b302501b fix: add docs/node_modules make target
56d71e67 fix: add network specific error message to avoid confusion (#2367)
89df8d7b fix: adds sqa section to config.schema.json (#2360)
02483ce4 fix: adopt new cli renderer pipeline
883a84f8 fix: better http resiliency and sqlite updates
78032026 fix: improve cache and update CI images to go 1.16 (#2388)
e9bd0642 fix: increase conformance test timeout
c9d0a262 fix: record cypress videos
8257cb29 fix: resolve clidoc issues
6612099b fix: resolve docs build issues
4812f549 fix: resolve e2e test issues
b1f63fff fix: resolve migrator duplicate files
cdfc03d8 fix: resolve migrator regression issues
b20fc48d fix: revert mode default and maximum values (#2349)
b7965c6f fix: update janitor help
b61d05ce fix: use appropriate migrations with precedence
0cac0f1e fix: use gelf windows hotfix
3fbda05a fix: use go 1.16 in conformity suite
c76309cf test: bump cypress to newer version and add resilience
1a03c077 test: bump ory/x and resolve regressions
b248406d test: fix record arg
9d4764d8 test: improve e2e script and add record option
356b05f6 test: resolve flaky cypress tests
e59e2bc9 test: resolve migration regression
2aa09804 test: use cypress fetchers
ccd983d7 test: use go 1.16 in conformity
10496024 tests: resolve oidc conformity regression

Docker images

docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.10-sqlite
docker pull oryd/hydra:v1.10.1-sqlite
docker pull oryd/hydra:v1.10.1-sqlite
docker pull oryd/hydra:latest-sqlite
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.10
docker pull oryd/hydra:v1.10.1
docker pull oryd/hydra:v1.10.1
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.10-alpine
docker pull oryd/hydra:v1.10.1-alpine
docker pull oryd/hydra:v1.10.1-alpine
docker pull oryd/hydra:latest-alpine

hydra - v1.9.2

Published by aeneasr over 3 years ago

This release adds more telemetry data to the prometheus exporter.

1.9.2 (2021-01-29)

Features

Enable emittance of response time metrics (#2323) (c1f1ba5)

Changelog

8a415d92 autogen(docs): generate and format documentation
eb6f682f autogen(docs): regenerate and update changelog
fcd80d16 autogen(docs): regenerate and update changelog
0b4673ec autogen: add v1.9.1 to version.schema.json
f0580e25 autogen: pin v1.9.2 release commit
c1f1ba5c feat: enable emittance of response time metrics (#2323)

Docker images

docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.9
docker pull oryd/hydra:v1.9.2
docker pull oryd/hydra:v1.9.2
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.9-alpine
docker pull oryd/hydra:v1.9.2-alpine
docker pull oryd/hydra:v1.9.2-alpine
docker pull oryd/hydra:latest-alpine
docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.9-sqlite
docker pull oryd/hydra:v1.9.2-sqlite
docker pull oryd/hydra:v1.9.2-sqlite
docker pull oryd/hydra:latest-sqlite

hydra - v1.9.1

Published by aeneasr over 3 years ago

This release makes Dart and Rust SDKs available for Ory Hydra!

1.9.1 (2021-01-27)

Documentation

Add faq items (8d31cb3):

Added two items to the FAQ that were sitting in meta/tmp.
Add link endings. (#2313) (1316cc0), closes #38
Add Rust and Dart SDKs (c4b4f73):

We now support for Rust and Dart SDKs!
Fix npm links (#2303) (341f3ed)
Quickstart cleanup (#2324) (a8ad705)
Reorg faq sidebar (#2318) (4fdb7f1)
Update before oauth2.mdx (#2299) (d2ee4f6), closes #2295
Update javascript documentation (a2b3a49):

Closes https://github.com/ory/sdk/issues/22
Update npm package name (#2302) (d05d82e):

Changed npm client package from @oryd/hydra-client to @ory/hydra-client

Changelog

efa4c4ce autogen(docs): generate and format documentation
ea5edb39 autogen(docs): generate cli docs
7e162f65 autogen(docs): generate cli docs
10b5d594 autogen(docs): generate cli docs
994d4d4d autogen(docs): regenerate and update changelog
97c664bd autogen(docs): regenerate and update changelog
2a0c1d06 autogen(docs): regenerate and update changelog
8d5c8b18 autogen(docs): regenerate and update changelog
7e546aa0 autogen(docs): regenerate and update changelog
3027833e autogen(docs): regenerate and update changelog
bdf79911 autogen(docs): update milestone document
1921e54c autogen: add v1.9.0 to version.schema.json
5cedc9e2 autogen: pin v1.9.1 release commit
68cb6670 chore: bump gjson (#2298)
183d421a chore: update repository templates (#2301)
c4b4f73e docs: add Rust and Dart SDKs
8d31cb34 docs: add faq items
1316cc00 docs: add link endings. (#2313)
341f3ede docs: fix npm links (#2303)
a8ad7052 docs: quickstart cleanup (#2324)
4fdb7f1c docs: reorg faq sidebar (#2318)
d2ee4f6c docs: update before oauth2.mdx (#2299)
a2b3a49e docs: update javascript documentation
d05d82e9 docs: update npm package name (#2302)

Docker images

docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.9
docker pull oryd/hydra:v1.9.1
docker pull oryd/hydra:v1.9.1
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.9-alpine
docker pull oryd/hydra:v1.9.1-alpine
docker pull oryd/hydra:v1.9.1-alpine
docker pull oryd/hydra:latest-alpine
docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.9-sqlite
docker pull oryd/hydra:v1.9.1-sqlite
docker pull oryd/hydra:v1.9.1-sqlite
docker pull oryd/hydra:latest-sqlite

hydra - v1.9.0

Published by aeneasr almost 4 years ago

Today, we are very excited to announce the stable release of ORY Hydra 1.9! This release contains significant internal code refactoring, making ORY Hydra more reliable, lightweight, and even more scalable! Also, for the first time ever, ORY Hydra handled over 13.3 billion API requests in December 2020 in over 23.000 production environments around the globe.

Let's talk features - in a TL;DR overview:

Completely replacing the existing DBAL and switching to gobuffalo/pop.
Support for SQLite, an embedded database, which can be used for testing and tiny deployments.
Deprecating the existing configuration system spf13/viper and moving to knadh/koanf.
Adding OpenID Connect Conformity Test Suite to the CI, guaranteeing that every code change is fully OpenID Connect compliant.
Support for the OpenID Connect response_mode=form_post Response Mode.
Compatibility with MITREid, allowing easy migration from MITREid to ORY Hydra.
The TypeScript SDK moved from @oryd/hydra-client to @ory/hydra-client. Please update your dependencies!

If you wish to get into ORY Hydra, check out the new YouTube tutorial:

See you on slack, signed HACKERMAN.

ORY Kratos

We would like to take a bit of your time and introduce you to ORY Kratos. ORY Kratos implements all the hard things related to users: login, registration, customizable profile fields, multi-factor authentication scheduled for v0.6, secure account recovery, email and SMS verification, profile management, session and device management, user administration, social sign in and sign up, and much, much more! Everything works with proven and ORY-hardened protocols in the same lightweight fashion you are used to from our other products. And it natively targets mobile, desktop, web, and robots! ORY Kratos is essentially an open-source alternative to Auth0, Okta, and Google Firebase with the added benefit of avoiding the complexity of implementing OAuth2 and OpenID Connect for your first-party apps just to get login to work. So if you are wondering whether you really need OAuth2, this is worth your time!

To get a feeling for ORY Kratos, check out our exemplary React Native app (available on GitHub, Android and iOS) demonstrating user registration, login, and profile management. It uses APIs from ORY Cloud, which will be publicly announced this year. If you are interested in becoming an early adopter, get in touch now! We have more super exciting stuff planned!

Changes in-depth

Let's break down the most significant changes in more detail:

The configuration system has been reworked

Configuration sourcing works from all sources (file, env, cli flags) with validation against the configuration schema. This makes changing or updating configuration much easier.
Configuration reloading is improved and works on Kubernetes.
Performance gains remove the need for a cache layer between the configuration system and ORY Hydra.
Loading of several config files is now possible using the --config flag.
Configuration values are now sent to the tracer (e.g. Jaeger) if tracing is enabled.

Please be aware that deprecated configuration flags have been removed with this change. It is also possible that ORY Hydra might complain about an invalid configuration due to a significantly improved validation process.

The OpenID Connect Conformity Test Suite is now part of the ORY Hydra CI pipeline.

This means every PR and change will be checked for OpenID Connect Compliance. As part of these tests, we uncovered some regression issues which have since been resolved. Please be aware that fields error_hint and error_debug will no longer be sent. You can re-enable those legacy fields by setting oauth2.include_legacy_error_fields to true.

Supporting response_mode=form_post

Support OpenID Connect flows response_mode=form_post was added and has been tested with the OpenID Connect Conformity Test Suite, making it ready for production.

Compatibility with MITREid

Adds an option that allows granting the OAuth2 Client's authorized scope when performing a client_credentials flow without specifying a scope. This enables compatibility with MITREid and allows migrating from MITREid to ORY Hydra.

Refactoring the internal DBAL

We completely refactored the internal database abstraction layer (DBAL). We have been using gobuffalo/pop successfully in ORY Kratos and decided to move the ORY Hydra DBAL to gobuffalo/pop as well. As part of this refactoring, ORY Hydra now supports SQLite for both in-memory as well as on-disk databases, de-duplicating the codebase and allowing for quick and easy persistence in test environments.

Changelog 1.9.0 (2021-01-12)

Bug Fixes

Add 400 as possible reply to /oauth2/token (24daede), closes #2260
Bump ory/x and update config usage (#2248) (4937a00)
Do not require unset pairwise (4136aaf)
Improve version regex (17d9599), closes #2255
Update schema reference for subject_identifiers.supported_types (0e14a08), closes #2270
Add encrypt_at_rest option to config schema (3219c16)
Add required aud, jti claims to userinfo response (d0697fa)
Add standardized client registration errors (02a9137):

Adds new errors to fully comply with the OpenID Connect Dynamic Client Registration specification.
Allow all request object signing algs per default (edc54c2):

This patch resolves an issue where RS256 would be the only allowed request object signing algorithm. The spec however mandates that all algorithms are allowed if the client does not explicitly set the request object signing algorithm.
Allow lower bcrypt values and add tests (812a21c)
Document describe error (#2208) (b59bdf8)
Ensure consistent auth_time in session handling (e973ffe)
Increase parallelism to 4 (ae02706)
Mark false gosec positive (206d1ee)
Nonce is not required for hybrid flows (c708ada)
Quickstart yml (5ebd984)
Remove session from store on logout (4495f56):

This patch resolves an issue where the session would not be purged from the store when performing an RP-initiated logout request from a client, if said client does not purge the authentication session properly because the client does not have access to it or because the client misbehaves.
Remove unrelated quickstart entry (#2214) (a583d78), closes #2213
Request_id should not be unique (a8ca333):

This patch resolves an issue where certain OpenID Connect Hybrid flows would error with a UNIQUE violation. The cause of this issue was an incorrect UNIQUE constraint on the request_id field of the access, refresh, pkce, and other, similar tables.
Resolve broken quickstart (95a1dfb)
Update deprecated config in quickstart (1c1433a)
Update invalid quickstart config (8d076a5)
Update package lock (18bfc96)
Update schema to support new koanf (29763c8)
Add support for tracing to SQL (b3dda7c)
Address pop inconsistencies and update tests (8f3462f)
CGO build issues on Windows and Go 1.15+ (1c1fe19)
Do not require sqlite and CGO for other databases (8069205)
Do not run migrations in background (308edb9)
Explicitly set pwd in makefile (aeb1090)
Goreleaser add docker images (7a81908)
Improve cli flags and add -c config flag (bf3be84)
Improve schema typing for tracing (4cc25c3)
Improve tests and pop adapter (1354611)
Remove explicit cve allowlist (90caeda), closes #2117
Remove obsolete makefile targets (dc5d37f)
Remove unnecessary transactions (1df50ec)
Remove websocket direct dep (d525983), closes #2111
Run tests only once (4e1d0f6)
Set context in connection getter (644967a)
Update docker and quickstart examples (b01c246)
Update format to goimports (c4438b0)
Use context in transaction creator (db0ac86)
Use sqlite for standalone (e5b7147)
Add docs format to make format (cfa50fe)
Client update breaks primary key (#2150) (7662917), closes #2148
Explicitly use no-CGO images for non-SQLite (1ec2d1d)
Force brew install statement (0252b5a)
Update install script (c614c0b)

Documentation

Add note about mounting the config file when using docker (#2235) (766e8f1), closes #2231
Change deprecated fallback url (#2275) (0bf61aa), closes #2254
Client api upper bound on limit parameter (#2277) (bc2bbd2), closes #2267
Corrected a link within the docs (#2257) (0dd4e64)
Fix incorrect version replacements (70a6b8f)
Fix typo (#2264) (82ba2df)
OAUTH2_ERROR_URL -> URLS_ERROR (#2263) (f9b8205)
Oidc.subject_identifiers config key change (#2232) (2172f25):

oidc.subject_identifiers.enabled is now oidc.subject_identifiers.supported_types. Docs should get updated.
Update install from source instructions (bcfd9b7)
Add config debug section (c53f036)
Add contributing to sidebar (#2209) (21f3b1f):

Added Contributing Guidelines to the introduction menu point on the sidebar.
I think it should be as obvious as possible.
Another good solution would be to add them to the top bar?

If this is merged, I will do the same changes for Kratos/Oathkeeper/Keto.
Add newsletter banner (5b63aa4)
Add quickstart video (#2220) (d4aa981)
Bcrypt reference config (#2161) (e7eece2), closes #2077
Deps are installed automagically and make deps was removed (#2157) (25e96e2), closes #2154
Fix omissions in consent flow description (#2194) (d9d719a)
Minor improvements to the concepts/consent page (#2168) (1128cfc)
Update links and fix typos (#2169) (409f2f4)
Update toc (#2158) (ee4a9ed), closes #2153
Use codefromremote for consent samples (51c0874)
Add hypnoglow terraform provider (7ed8870), closes #1304
Correct port (#2101) (487e733), closes #2100
Correct port (#2102) (7aca301), closes #2100
Fix typo (71a4495)
Remove obsolete doc section (443a225)
Swagger route headline capitalization (4540ece), closes #2015
Update code listings and image tags (3cd22c4)
Update sql instructions (bfed7f2)
Updates kubernetes helm chart url (6d63a73)
Add missing trailing slash (97bc47d)
Replace dex with keycloak (fa877d7), closes #2128
Version bash-curl script (71b0592), closes #2145

Code Refactoring

Deprecate driver semantics (8fc3e2e)
Move oauth2 cors to own package (3beddbd)
Rename token_type to token_use in introspection (152fd5d), closes #1762
Replace viper with koanf config management (8c12b27)
Move Dockerfiles to .docker directory (5508f2a)
Use gobuffalo/pop for SQL abstraction (#2059) (56bce67), closes #1730:

This patch replaces the existing SQL and memory managers with a pop based persister. Existing SQL migrations are compatible as they have been migrated to the new SQL abstraction in version 1.7.x. As a goodie, ORY Hydra now supports SQLite for both in-memory as well as on-disk (useful for development and very small deployments) databases!

Features

Add ability to override oidc discovery urls (bb8b982):

Added config options webfinger.oidc_discovery.token_url, webfinger.oidc_discovery.auth_url, webfinger.oidc_discovery.jwks_url.
Add new request_object_signing_alg_values_supported to oidc discovery (4220959)
Add oidc conformity tests (651f424)
Add support for ElasticAPM tracing (#2155) (7792715)
Improve and clean up error handling (b727367)
Improve error responses for consent handler (44ab747)
Improve error stack trace wrapping (fdf142c)
Only set state-param if it was passed (#2183) (568434a):

Using state in the logout flow is optional, so state can be empty. In order to avoid an ugly /post-logout-redirect-uri?state= URI, the state should only be appended if it is not empty.
Remove legacy error fields unless configured to do so (e2a7135)
Support OpenID Connect's response_mode=form_post (8ab9eff), closes #1621:

This patch adds support for the response_mode parameter as defined in OAuth 2.0 Form Post Response Mode. Additionally, values fragment and query are supported as defined in OAuth 2.0 Multiple Response Type Encoding Practices.
Support pkger (07a360e)
Add configuration option to grant default client_credential scope when no scope is requested (#2144) (0b1de34), closes #2141:

Adds an option which allows granting the OAuth2 Client's authorized scope when performing a client_credentials flow without specifying a scope. This enables compatibility with MITREid.
Implement docker for quickstart (8e64202)
Re-enable freebsd (2f19837), closes #2116 #2115
Support sqlite in goreleaser (e946487)

Tests

Add timeout to wait (90dfaf5)
Completely refactor consent tests (defc063)
Fix jwt e2e tests (1b480d8)
Improve github action conformity tests (1015e49)
Improve TestClientCredentialsGrantAllScopes (19409b4)
Increase timeout for conformity (a65d289)
Oidc conformity tests should run as workflow dispatch (5b8fa0a)
Refactor client credential tests (b74cffa)
Refactor consent logout tests and add failing case (ef12c06)
Refactor oauth2 auth code tests (c376473)
Resolve conformity test suite concurrency issues (ef312c3)
Resolve e2e startup issues (5af4cef)
Resolve e2e test failures (03f5e8e)
Resolve failing rotation key tests (8e8b943)
Resolve flaky test issue (e17a074)
Resolve incorrect retry loop (ef141c2)
Retry conformity failures (409ae42)
Retry interrupted tests (c72367b)
Skip preloading in migration tests (14272f2)
Update config to pass validation (6931461)
Use 16 workers for conformance (9cf0e65)
Use correct test context (45bc907)
Use prebuilt images for conformity testing (4dd7a62)
Fix confusing expected/got (#2135) (14b6db2):

And fixed assert.EqualError params in right order in TestStrategyLoginConsent
Move tests to persistence (46d0571)
Remove unused expectSession variable (#2134) (eda8532)
Write migrate logs to file (9a1fbd8)
Fix misused id field (#2152) (511e8d2)

Unclassified

Format (5f08ff2)

BREAKING CHANGES

After battling with spf13/viper for several years we finally found a viable alternative with knadh/koanf. The complete internal configuration infrastructure has changed, with several highlights:

Configuration sourcing works from all sources (file, env, cli flags) with validation against the configuration schema, greatly improving developer experience when changing or updating configuration.
Configuration reloading has improved significantly and works flawlessly on Kubernetes.
Performance increased dramatically, completely removing the need for a cache layer between the configuration system and ORY Hydra.
It is now possible to load several config files using the --config flag.
Configuration values are now sent to the tracer (e.g. Jaeger) if tracing is enabled.

Please be aware that deprecated configuration flags have finally been removed with this change. It is also possible that ORY Hydra might complain about an invalid configuration, because the validation process has improved significantly.

This patch requires running SQL Migrations. Please be aware that a NOT NULL column is being dropped which could require a lot of time when the authentication_session table contains a lot of data.
This patch removes error_hint and error_debug fields from OAuth2 responses. These are now all merged into error_description which is according to the OAuth2 and OpenID Connect specification. If you wish to keep the old behavior around, set oauth2.include_legacy_error_fields to true in your ORY Hydra configuration.
Applying this patch requires running SQL migrations. The SQL migrations will remove a UNIQUE constraint and add new INDEX to several tables which should speed up certain operations. Please be aware that this might cause certain databases to lock which could be problematic if there are many rows affected.
This changes the OAuth2 Token Introspection response to ensure compliance with the OAuth2 Token Introspection specification. Previously, token_type would return access_token or refresh_token. The specification however mandates that token_type is always Bearer. This patch resolves that issue. The previous behaviour of token_type has now been moved to token_use which can be access_token or refresh_token.

Docker images

docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.9
docker pull oryd/hydra:v1.9.0
docker pull oryd/hydra:v1.9.0
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.9-alpine
docker pull oryd/hydra:v1.9.0-alpine
docker pull oryd/hydra:v1.9.0-alpine
docker pull oryd/hydra:latest-alpine
docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.9-sqlite
docker pull oryd/hydra:v1.9.0-sqlite
docker pull oryd/hydra:v1.9.0-sqlite
docker pull oryd/hydra:latest-sqlite

hydra - v1.9.0-alpha.3

Published by aeneasr almost 4 years ago

We are excited to present the next big step towards ORY Hydra 1.9! In this release we completely refactored the configuration internals and moved from spf13/viper to knadh/koanf:

Configuration sourcing works from all sources (file, env, cli flags) with validation against the configuration schema, greatly improving the developer experience when changing or updating configuration.
Configuration reloading has improved significantly and works excellently on Kubernetes.
Performance gains that remove the need for a cache layer between the configuration system and ORY Hydra.
Loading of several config files using the --config flag now possible.
Configuration values are now sent to the tracer (e.g. Jaeger) if tracing is enabled.

Please be aware that deprecated configuration flags have finally been removed with this change. It is also possible that ORY Hydra might complain about an invalid configuration due to a significantly improved validation process.

In addition, this release includes the new OpenID Connect Conformity Test Suite as part of the ORY Hydra CI pipeline. This means every PR and change will be checked for OpenID Connect Compliance. As part of these tests, we uncovered some regression issues which have since been resolved. Please be aware that fields error_hint and error_debug will no longer be sent. You can re-enable those legacy fields by setting oauth2.include_legacy_error_fields to true.

Furthermore, support for OpenID Connect flows response_mode=form_post was added and has been tested with the OpenID Connect Conformity Test Suite, making it ready for production.

Several other bugs have been resolved and we have completely overhauled the tests, deprecating test tables in favor of test suites. This greatly improves the readability of our tests and allows new contributors to more easily understand what is going on!

If you wish to get into ORY Hydra, check out the newly published YouTube tutorial:

1.9.0-alpha.3 (2020-12-08)

Bug Fixes

Add encrypt_at_rest option to config schema (3219c16)
Add required aud, jti claims to userinfo response (d0697fa)
Add standardized client registration errors (02a9137):

Adds new errors to fully comply with the OpenID Connect Dynamic Client Registration specification.
Allow all request object signing algs per default (edc54c2):

This patch resolves an issue where RS256 would be the only allowed request object signing algorithm. The spec however mandates that all algorithms are allowed if the client does not explicitly set the request object signing algorithm.
Allow lower bcrypt values and add tests (812a21c)
Document describe error (#2208) (b59bdf8)
Ensure consistent auth_time in session handling (e973ffe)
Increase parallelism to 4 (ae02706)
Mark false gosec positive (206d1ee)
Nonce is not required for hybrid flows (c708ada)
Quickstart yml (5ebd984)
Remove session from store on logout (4495f56):

This patch resolves an issue where the session would not be purged from the store when performing an RP-initiated logout request from a client, if said client does not purge the authentication session properly because the client does not have access to it or because the client misbehaves.
Remove unrelated quickstart entry (#2214) (a583d78), closes #2213
Request_id should not be unique (a8ca333):

This patch resolves an issue where certain OpenID Connect Hybrid flows would error with a UNIQUE violation. The cause of this issue was an incorrect UNIQUE constraint on the request_id field of the access, refresh, pkce, and other, similar tables.
Resolve broken quickstart (95a1dfb)
Update deprecated config in quickstart (1c1433a)
Update invalid quickstart config (8d076a5)
Update package lock (18bfc96)
Update schema to support new koanf (29763c8)

Code Refactoring

Deprecate driver semantics (8fc3e2e)
Move oauth2 cors to own package (3beddbd)
Rename token_type to token_use in introspection (152fd5d), closes #1762
Replace viper with koanf config management (8c12b27)

Documentation

Add config debug section (c53f036)
Add contributing to sidebar (#2209) (21f3b1f):

Added Contributing Guidelines to the introduction menu point on the sidebar.
I think it should be as obvious as possible.
Another good solution would be to add them to the top bar?

If this is merged, I will do the same changes for Kratos/Oathkeeper/Keto.
Add newsletter banner (5b63aa4)
Add quickstart video (#2220) (d4aa981)
Bcrypt reference config (#2161) (e7eece2), closes #2077
Deps are installed automagically and make deps was removed (#2157) (25e96e2), closes #2154
Fix omissions in consent flow description (#2194) (d9d719a)
Minor improvements to the concepts/consent page (#2168) (1128cfc)
Update links and fix typos (#2169) (409f2f4)
Update toc (#2158) (ee4a9ed), closes #2153
Use codefromremote for consent samples (51c0874)

Features

Add ability to override oidc discovery urls (bb8b982):

Added config options webfinger.oidc_discovery.token_url, webfinger.oidc_discovery.auth_url, webfinger.oidc_discovery.jwks_url.
Add new request_object_signing_alg_values_supported to oidc discovery (4220959)
Add oidc conformity tests (651f424)
Add support for ElasticAPM tracing (#2155) (7792715)
Improve and clean up error handling (b727367)
Improve error responses for consent handler (44ab747)
Improve error stack trace wrapping (fdf142c)
Only set state-param if it was passed (#2183) (568434a):

Using state in the logout flow is optional, so state can be empty. In order to avoid an ugly /post-logout-redirect-uri?state= URI, the state should only be appended if it is not empty.
Remove legacy error fields unless configured to do so (e2a7135)
Support OpenID Connect's response_mode=form_post (8ab9eff), closes #1621:

This patch adds support for the response_mode parameter as defined in OAuth 2.0 Form Post Response Mode. Additionally, values fragment and query are supported as defined in OAuth 2.0 Multiple Response Type Encoding Practices.
Support pkger (07a360e)

Tests

Add timeout to wait (90dfaf5)
Completely refactor consent tests (defc063)
Fix jwt e2e tests (1b480d8)
Improve github action conformity tests (1015e49)
Improve TestClientCredentialsGrantAllScopes (19409b4)
Increase timeout for conformity (a65d289)
Oidc conformity tests should run as workflow dispatch (5b8fa0a)
Refactor client credential tests (b74cffa)
Refactor consent logout tests and add failing case (ef12c06)
Refactor oauth2 auth code tests (c376473)
Resolve conformity test suite concurrency issues (ef312c3)
Resolve e2e startup issues (5af4cef)
Resolve e2e test failures (03f5e8e)
Resolve failing rotation key tests (8e8b943)
Resolve flaky test issue (e17a074)
Resolve incorrect retry loop (ef141c2)
Retry conformity failures (409ae42)
Retry interrupted tests (c72367b)
Skip preloading in migration tests (14272f2)
Update config to pass validation (6931461)
Use 16 workers for conformance (9cf0e65)
Use correct test context (45bc907)
Use prebuilt images for conformity testing (4dd7a62)

Unclassified

Format (5f08ff2)

BREAKING CHANGES

After battling with spf13/viper for several years we finally found a viable alternative with knadh/koanf. The complete internal configuration infrastructure has changed, with several highlights:

Configuration sourcing works from all sources (file, env, cli flags) with validation against the configuration schema, greatly improving developer experience when changing or updating configuration.
Configuration reloading has improved significantly and works flawlessly on Kubernetes.
Performance increased dramatically, completely removing the need for a cache layer between the configuration system and ORY Hydra.
It is now possible to load several config files using the --config flag.
Configuration values are now sent to the tracer (e.g. Jaeger) if tracing is enabled.

This patch requires running SQL Migrations. Please be aware that a NOT NULL column is being dropped which could require a lot of time when the authentication_session table contains a lot of data.
This patch removes error_hint and error_debug fields from OAuth2 responses. These are now all merged into error_description which is according to the OAuth2 and OpenID Connect specification. If you wish to keep the old behavior around, set oauth2.include_legacy_error_fields to true in your ORY Hydra configuration.
Applying this patch requires running SQL migrations. The SQL migrations will remove a UNIQUE constraint and add new INDEX to several tables which should speed up certain operations. Please be aware that this might cause certain databases to lock which could be problematic if there are many rows affected.
This changes the OAuth2 Token Introspection response to ensure compliance with the OAuth2 Token Introspection specification. Previously, token_type would return access_token or refresh_token. The specification however mandates that token_type is always Bearer. This patch resolves that issue. The previous behaviour of token_type has now been moved to token_use which can be access_token or refresh_token.

Changelog

d849bd50 autogen(docs): generate and format documentation
eb0baa20 autogen(docs): generate and format documentation
2d54c1e7 autogen(docs): generate and format documentation
14577a0c autogen(docs): generate and format documentation
450d69b8 autogen(docs): generate and format documentation
af4b0115 autogen(docs): generate and format documentation
a84a34cc autogen(docs): generate and format documentation
a45b64d2 autogen(docs): generate and format documentation
f7bed354 autogen(docs): generate and format documentation
876cd963 autogen(docs): generate and format documentation
6529d512 autogen(docs): generate and format documentation
b569aca2 autogen(docs): generate and format documentation
7390886d autogen(docs): generate and format documentation
23d6a028 autogen(docs): generate and format documentation
2be52835 autogen(docs): generate and format documentation
f267f722 autogen(docs): generate and format documentation
c56ff713 autogen(docs): generate and format documentation
a0db388b autogen(docs): generate and format documentation
ddee4eab autogen(docs): generate and format documentation
97b16632 autogen(docs): generate cli docs
05be6b81 autogen(docs): regenerate and update changelog
7a4d972f autogen(docs): regenerate and update changelog
45674ca3 autogen(docs): regenerate and update changelog
c4591ca9 autogen(docs): regenerate and update changelog
e46b9d0a autogen(docs): regenerate and update changelog
fd5729da autogen(docs): regenerate and update changelog
81076b9d autogen(docs): regenerate and update changelog
84230bf5 autogen(docs): update milestone document
1d7e7a2a autogen(docs): update milestone document
6da7cf42 autogen(docs): update milestone document
95e41ca5 autogen(docs): update milestone document
3f8ea204 autogen(docs): update milestone document
ec237ab7 autogen(docs): update milestone document
de0db909 autogen(docs): update milestone document
c345b419 autogen(docs): update milestone document
7b5d6132 autogen(docs): update milestone document
6d0861c3 autogen(docs): update milestone document
c2e6251e autogen(docs): update milestone document
de5d09a2 autogen(docs): update milestone document
906ad87a autogen(docs): update milestone document
94c937cf autogen(openapi): Regenerate swagger spec and internal client
91e0396f autogen: add v1.9.0-alpha.2 to version.schema.json
05809d25 autogen: pin v1.9.0-alpha.3 release commit
e602dcf8 autogen: pin v1.9.0-alpha.3.pre.0 release commit
b6f49cd0 autogen: pin v1.9.0-alpha.3.pre.1 release commit
959aa93c autogen: pin v1.9.0-alpha.3.pre.2 release commit
eff69fb4 autogen: pin v1.9.0-alpha.3.pre.3 release commit
ec7d9877 autogen: pin v1.9.0-alpha.3.pre.4 release commit
e972bcbc chore: apply ory-prettier-styles to cypress tests (#2179)
ee1f3cbe chore: clean up code base
3e6c8d23 chore: clean up test code
428df22c chore: clean up viper mentions
755b12d0 chore: format docs according to upgraded prettier styles
2c883f6f chore: style and install
2dd80fe8 chore: update docusaurus template
f5291a8b chore: update docusaurus template
ddfcd27a chore: update docusaurus template (#2162)
caa11170 chore: update docusaurus template (#2174)
775c8c71 chore: update docusaurus template (#2177)
88ddd906 chore: update docusaurus template (#2178)
71ca67be chore: update docusaurus template (#2185)
1169bd52 chore: update docusaurus template (#2186)
9f037ac8 chore: update docusaurus template (#2189)
99ca5158 chore: update docusaurus template (#2196)
1fc4f433 chore: update docusaurus template (#2198)
781201f5 chore: update docusaurus template (#2201)
e28d99bc chore: update docusaurus template (#2202)
697f4f8b chore: update docusaurus template (#2203)
7f073239 chore: update docusaurus template (#2205)
d37c1edc chore: update docusaurus template (#2210)
cebdd4a4 chore: update docusaurus template (#2212)
2ecb2d8b chore: update docusaurus template (#2219)
415a2792 chore: update docusaurus template (#2221)
dee7fe43 chore: update docusaurus template (#2223)
6f4b26e4 chore: update docusaurus template (#2225)
396ca19c chore: update package locks
8b4628e2 chore: update repository templates (#2176)
2dc526d9 chore: update repository templates (#2190)
ccfbf965 chore: update repository templates (#2197)
f6d02228 chore: update repository templates (#2199)
76e31f15 ci: do not require validation
c9cc7d4a ci: improve docs release config
3c696c4d ci: increase parallelism
98d1a8cd ci: pin exact prettier version
c53f0364 docs: add config debug section
21f3b1f1 docs: add contributing to sidebar (#2209)
5b63aa4b docs: add newsletter banner
d4aa9814 docs: add quickstart video (#2220)
e7eece2d docs: bcrypt reference config (#2161)
25e96e27 docs: deps are installed automagically and make deps was removed (#2157)
d9d719af docs: fix omissions in consent flow description (#2194)
1128cfc5 docs: minor improvements to the concepts/consent page (#2168)
409f2f4b docs: update links and fix typos (#2169)
ee4a9edf docs: update toc (#2158)
51c0874c docs: use codefromremote for consent samples
568434ac feat: Only set state-param if it was passed (#2183)
bb8b9824 feat: add ability to override oidc discovery urls
4220959c feat: add new request_object_signing_alg_values_supported to oidc discovery
651f4244 feat: add oidc conformity tests
77927158 feat: add support for ElasticAPM tracing (#2155)
b7273676 feat: improve and clean up error handling
44ab7472 feat: improve error responses for consent handler
fdf142cc feat: improve error stack trace wrapping
e2a7135f feat: remove legacy error fields unless configured to do so
8ab9eff6 feat: support OpenID Connect's response_mode=form_post
07a360e3 feat: support pkger
3219c16d fix: add encrypt_at_rest option to config schema
d0697fab fix: add required aud, jti claims to userinfo response
02a91370 fix: add standardized client registration errors
edc54c25 fix: allow all request object signing algs per default
812a21cf fix: allow lower bcrypt values and add tests
b59bdf85 fix: document describe error (#2208)
e973ffe0 fix: ensure consistent auth_time in session handling
ae027064 fix: increase parallelism to 4
206d1eee fix: mark false gosec positive
c708adad fix: nonce is not required for hybrid flows
5ebd984f fix: quickstart yml
4495f56f fix: remove session from store on logout
a583d78d fix: remove unrelated quickstart entry (#2214)
a8ca333b fix: request_id should not be unique
95a1dfb2 fix: resolve broken quickstart
1c1433ab fix: update deprecated config in quickstart
8d076a5e fix: update invalid quickstart config
18bfc96f fix: update package lock
29763c8f fix: update schema to support new koanf
8fc3e2e3 refactor: deprecate driver semantics
3beddbda refactor: move oauth2 cors to own package
152fd5d4 refactor: rename token_type to token_use in introspection
8c12b27a refactor: replace viper with koanf config management
9ccf762f style: format
0a801dcb style: format
251f9dc9 style: format cypress files
5f08ff2a styles: format
90dfaf56 test: add timeout to wait
defc063e test: completely refactor consent tests
1b480d82 test: fix jwt e2e tests
19409b4d test: improve TestClientCredentialsGrantAllScopes
1015e49e test: improve github action conformity tests
a65d2892 test: increase timeout for conformity
5b8fa0ae test: oidc conformity tests should run as workflow dispatch
b74cffa8 test: refactor client credential tests
ef12c068 test: refactor consent logout tests and add failing case
c376473c test: refactor oauth2 auth code tests
ef312c39 test: resolve conformity test suite concurrency issues
5af4cef9 test: resolve e2e startup issues
03f5e8e5 test: resolve e2e test failures
8e8b943c test: resolve failing rotation key tests
e17a0747 test: resolve flaky test issue
ef141c28 test: resolve incorrect retry loop
409ae424 test: retry conformity failures
c72367b0 test: retry interrupted tests
14272f2a test: skip preloading in migration tests
69314615 test: update config to pass validation
9cf0e653 test: use 16 workers for conformance
45bc9072 test: use correct test context
4dd7a621 test: use prebuilt images for conformity testing

Docker images

docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.9-alpine
docker pull oryd/hydra:v1.9.0-alpine
docker pull oryd/hydra:v1.9.0-alpha.3-alpine
docker pull oryd/hydra:latest-alpine
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.9
docker pull oryd/hydra:v1.9.0
docker pull oryd/hydra:v1.9.0-alpha.3
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.9-sqlite
docker pull oryd/hydra:v1.9.0-sqlite
docker pull oryd/hydra:v1.9.0-alpha.3-sqlite
docker pull oryd/hydra:latest-sqlite

hydra - v1.9.0-alpha.2

Published by aeneasr almost 4 years ago

This release addresses an issue in the update routine of OAuth2 Clients (see kratos#2148) and adds an option which makes ORY Hydra compatible with MITREid.

1.9.0-alpha.2 (2020-10-29)

Bug Fixes

Add docs format to make format (cfa50fe)
Client update breaks primary key (#2150) (7662917), closes #2148
Explicitly use no-CGO images for non-SQLite (1ec2d1d)
Force brew install statement (0252b5a)
Update install script (c614c0b)

Documentation

Add missing trailing slash (97bc47d)
Replace dex with keycloak (fa877d7), closes #2128
Version bash-curl script (71b0592), closes #2145

Features

Add configuration option to grant default client_credential scope when no scope is requested (#2144) (0b1de34), closes #2141:

Adds an option which allows granting the OAuth2 Client's authorized scope when performing a client_credentials flow without specifying a scope. This enables compatibility with MITREid.

Tests

Fix misused id field (#2152) (511e8d2)

Changelog

0f0c5095 autogen(docs): generate and format documentation
26ede918 autogen(docs): generate and format documentation
c1887396 autogen(docs): generate and format documentation
92bc86c2 autogen(docs): regenerate and update changelog
f79ae296 autogen(docs): update milestone document
7df5ea35 autogen(docs): update milestone document
90d311b0 autogen(docs): update milestone document
c654010f autogen: add v1.9.0-alpha.1 to version.schema.json
1a7fe913 autogen: pin v1.9.0-alpha.2 release commit
702b0f5d chore: update docusaurus template
12d4eb3d ci: fix replacer script
97bc47d6 docs: add missing trailing slash
fa877d76 docs: replace dex with keycloak
71b05923 docs: version bash-curl script
0b1de34a feat: add configuration option to grant default client_credential scope when no scope is requested (#2144)
cfa50fe0 fix: add docs format to make format
76629170 fix: client update breaks primary key (#2150)
1ec2d1df fix: explicitly use no-CGO images for non-SQLite
0252b5a2 fix: force brew install statement
c614c0b9 fix: update install script
7289f308 style: format
511e8d27 test: fix misused id field (#2152)

Docker images

docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.9
docker pull oryd/hydra:v1.9.0
docker pull oryd/hydra:v1.9.0-alpha.2
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.9-alpine
docker pull oryd/hydra:v1.9.0-alpine
docker pull oryd/hydra:v1.9.0-alpha.2-alpine
docker pull oryd/hydra:latest-alpine
docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.9-sqlite
docker pull oryd/hydra:v1.9.0-sqlite
docker pull oryd/hydra:v1.9.0-alpha.2-sqlite
docker pull oryd/hydra:latest-sqlite

hydra - v1.9.0-alpha.1

Published by aeneasr almost 4 years ago

This release focuses on a complete refactor of the internal database abstraction layer (DBAL). We have been using gobuffalo/pop successfully in ORY Kratos and decided to move the ORY Hydra DBAL to gobuffalo/pop as well. As part of this refactoring, ORY Hydra now supports SQLite for both in-memory as well as on-disk databases, de-duplicating the codebase and allowing for quick and easy persistence in test environments.

This is an alpha release as we want to gather feedback from the community regarding performance and other potential issues before tagging the v1.9.0 version branch as stable.

1.9.0-alpha.1 (2020-10-20)

Bug Fixes

Add support for tracing to SQL (b3dda7c)
Address pop inconsistencies and update tests (8f3462f)
CGO build issues on Windows and Go 1.15+ (1c1fe19)
Do not require sqlite and CGO for other databases (8069205)
Do not run migrations in background (308edb9)
Explicitly set pwd in makefile (aeb1090)
Goreleaser add docker images (7a81908)
Improve cli flags and add -c config flag (bf3be84)
Improve schema typing for tracing (4cc25c3)
Improve tests and pop adapter (1354611)
Remove explicit cve allowlist (90caeda), closes #2117
Remove obsolete makefile targets (dc5d37f)
Remove unnecessary transactions (1df50ec)
Remove websocket direct dep (d525983), closes #2111
Run tests only once (4e1d0f6)
Set context in connection getter (644967a)
Update docker and quickstart examples (b01c246)
Update format to goimports (c4438b0)
Use context in transaction creator (db0ac86)
Use sqlite for standalone (e5b7147)

Code Refactoring

Move Dockerfiles to .docker directory (5508f2a)
Use gobuffalo/pop for SQL abstraction (#2059) (56bce67), closes #1730:

This patch replaces the existing SQL and memory managers with a pop based persister. Existing SQL migrations are compatible as they have been migrated to the new SQL abstraction in version 1.7.x. As a goodie, ORY Hydra now supports SQLite for both in-memory as well as on-disk (useful for development and very small deployments) databases!

Documentation

Add hypnoglow terraform provider (7ed8870), closes #1304
Correct port (#2101) (487e733), closes #2100
Correct port (#2102) (7aca301), closes #2100
Fix typo (71a4495)
Remove obsolete doc section (443a225)
Swagger route headline capitalization (4540ece), closes #2015
Update code listings and image tags (3cd22c4)
Update sql instructions (bfed7f2)
Updates kubernetes helm chart url (6d63a73)

Features

Implement docker for quickstart (8e64202)
Re-enable freebsd (2f19837), closes #2116 #2115
Support sqlite in goreleaser (e946487)

Tests

Fix confusing expected/got (#2135) (14b6db2):

And fixed assert.EqualError params in right order in TestStrategyLoginConsent
Move tests to persistence (46d0571)
Remove unused expectSession variable (#2134) (eda8532)
Write migrate logs to file (9a1fbd8)

Changelog

f3056f6c autogen(docs): generate and format documentation
afde5c63 autogen(docs): generate and format documentation
6f517027 autogen(docs): generate and format documentation
c326ae8b autogen(docs): generate and format documentation
f5441d6d autogen(docs): generate and format documentation
8f87c1f1 autogen(docs): generate and format documentation
243adeba autogen(docs): generate and format documentation
d56bfb19 autogen(docs): generate and format documentation
8ff756c6 autogen(docs): generate and format documentation
849ead0c autogen(docs): generate and format documentation
049c4157 autogen(docs): generate and format documentation
d560807b autogen(docs): generate cli docs
4734c883 autogen(docs): generate cli docs
ec71cd9a autogen(docs): generate cli docs
1dee4e35 autogen(docs): generate cli docs
878bd97e autogen(docs): generate cli docs
a8c33bc2 autogen(docs): regenerate and update changelog
3e011f63 autogen(docs): regenerate and update changelog
7b604726 autogen(docs): regenerate and update changelog
bb041f2c autogen(docs): update milestone document
1d45dec9 autogen(docs): update milestone document
e3f71d3f autogen(docs): update milestone document
434a3b1b autogen(docs): update milestone document
0ee3c10c autogen(openapi): Regenerate swagger spec and internal client
0eba003c autogen: add v1.8.5 to version.schema.json
0382fea6 autogen: add v1.9.0-alpha.0.pre.2 to version.schema.json
dc19f4a5 autogen: pin v1.9.0-alpha.0.pre.2 release commit
a270e4ca autogen: pin v1.9.0-alpha.1 release commit
edb221c6 autogen: pin v1.9.0-pre.0 release commit
4fbf3575 autogen: pin v1.9.0-pre.1 release commit
4062f77b chore(deps): bump cci orbs (#2132)
3e259c43 chore(docs): format
3f8f2d7d chore(docs): remove unneeded files (#2121)
1a23377b chore: add schema to gitignore
2fad6048 chore: bump datadog dependency
75cc527f chore: bump gobuffalo/pop
eeb45763 chore: bump gobuffalo/pop
8ee09966 chore: bump gobuffalo/pop and integrate new tracing fixes
f83f662e chore: update Docker Images to golang 1.15.2, alpine 3.12 (#2127)
cf358c55 chore: update docusaurus template (#2104)
4e248246 chore: update docusaurus template (#2137)
92a207b7 chore: update repository templates
70c79980 ci: add docs format checking (#2099)
02edf377 ci: force changelog generation
fda87cf3 ci: remove mysql parameters which are set automatically
51d93902 ci: revert multiStatements removal
7ed88703 docs: add hypnoglow terraform provider
487e7335 docs: correct port (#2101)
7aca301a docs: correct port (#2102)
71a4495d docs: fix typo
443a2257 docs: remove obsolete doc section
4540ece1 docs: swagger route headline capitalization These should be the last places, therefore closes #2015
3cd22c4d docs: update code listings and image tags
bfed7f22 docs: update sql instructions
6d63a730 docs: updates kubernetes helm chart url
8e64202f feat: implement docker for quickstart
2f198370 feat: re-enable freebsd
e946487a feat: support sqlite in goreleaser
1c1fe192 fix: CGO build issues on Windows and Go 1.15+
b3dda7c8 fix: add support for tracing to SQL
8f3462ff fix: address pop inconsistencies and update tests
80692052 fix: do not require sqlite and CGO for other databases
308edb99 fix: do not run migrations in background
aeb10903 fix: explicitly set pwd in makefile
7a81908a fix: goreleaser add docker images
bf3be849 fix: improve cli flags and add -c config flag
4cc25c34 fix: improve schema typing for tracing
13546110 fix: improve tests and pop adapter
90caedae fix: remove explicit cve allowlist
dc5d37ff fix: remove obsolete makefile targets
1df50ec0 fix: remove unnecessary transactions
d525983c fix: remove websocket direct dep
4e1d0f6f fix: run tests only once
644967a8 fix: set context in connection getter
b01c2467 fix: update docker and quickstart examples
c4438b0e fix: update format to goimports
db0ac861 fix: use context in transaction creator
e5b7147a fix: use sqlite for standalone
5508f2ab refactor: move Dockerfiles to .docker directory
56bce678 refactor: use gobuffalo/pop for SQL abstraction (#2059)
6b2ad6b7 style: format and cleanup
5257f73d style: update tracing docker-compose definition
14b6db20 test: fix confusing expected/got (#2135)
46d0571e test: move tests to persistence
eda8532e test: remove unused expectSession variable (#2134)
9a1fbd80 test: write migrate logs to file

Docker images

docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.9
docker pull oryd/hydra:v1.9.0
docker pull oryd/hydra:v1.9.0-alpha.1
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.9-alpine
docker pull oryd/hydra:v1.9.0-alpine
docker pull oryd/hydra:v1.9.0-alpha.1-alpine
docker pull oryd/hydra:latest-alpine
docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.9-sqlite
docker pull oryd/hydra:v1.9.0-sqlite
docker pull oryd/hydra:v1.9.0-alpha.1-sqlite
docker pull oryd/hydra:latest-sqlite

hydra - v1.8.5

Published by aeneasr about 4 years ago

This is a security-focused release with fixes for CVE-2020-15234, CVE-2020-15223, CVE-2020-15233. Additionally, several system dependencies (e.g. Golang) have been upgraded.

A few things have changed as part of these patches:

OAuth 2.0 Redirection URL error parameters error_hint, error_debug have been deprecated and are now part of error_description. The parameters are still included for compatibility reasons but will be removed in a future release.
OAuth 2.0 Error revocation_client_mismatch was not standardized and has been removed. Instead, you will now receive unauthorized_client with a description explaining why the flow failed.

Additionally, the TypeScript SDK generator has changed from OpenAPI's typescript-node to typescript-axios making the SDK compatible with both browser as well as node environments, which was not the case previously. Please be aware that some of the SDK's API signatures - especially responses - have changed and check your TypeScript output for instructions on upgrading. You may still use an older version of the SDK as none of ORY Hydra's HTTP APIs have changed.

Due to several complex CI issues and regressions, build versions v1.8.0 - v1.8.4 failed. v1.8.5 the first and only stable release in the current 1.8.x branch.

Docker images

docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.8
docker pull oryd/hydra:v1.8.5
docker pull oryd/hydra:v1.8.5
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.8-alpine
docker pull oryd/hydra:v1.8.5-alpine
docker pull oryd/hydra:v1.8.5-alpine
docker pull oryd/hydra:latest-alpine

hydra - v1.8.0-pre.1

Published by aeneasr about 4 years ago

autogen: pin v1.8.0-pre.1 release commit

1.8.0-pre.1 (2020-10-03)

Bug Fixes

Resolve gosec issues and false positives (0832138)

Features

Bump golangci-lint and add lint job (5ea6fb6)

Changelog

fe8fdc5f autogen(docs): generate and format documentation
ed6360b0 autogen(docs): generate cli docs
0c9ef69d autogen(docs): update milestone document
861fdb7d autogen: pin v1.8.0-pre.1 release commit
bb39d287 chore: bump ory/cli
89abc15e chore: bump ory/x
3e60cbfd ci: bump circleci orbs
24062c12 ci: remove freebsd build due to DataDog build error
5ea6fb65 feat: bump golangci-lint and add lint job
08321381 fix: resolve gosec issues and false positives
5b651002 style: make format

Docker images

docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.8
docker pull oryd/hydra:v1.8.0
docker pull oryd/hydra:v1.8.0-pre.1
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.8-alpine
docker pull oryd/hydra:v1.8.0-alpine
docker pull oryd/hydra:v1.8.0-pre.1-alpine
docker pull oryd/hydra:latest-alpine

hydra - v1.7.4

Published by aeneasr about 4 years ago

This release resolves several minor bugs and one slow query. Please be aware that applying this version requires running SQL migrations.

1.7.4 (2020-08-31)

Bug Fixes

Update e2e docker image (2ce0f14)

Changelog

7e2b6cb9 autogen(docs): generate and format documentation
28b31a7c autogen(docs): regenerate and update changelog
ff980e6d autogen: pin v1.7.4 release commit
2ce0f14f fix: update e2e docker image

Docker images

docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.7
docker pull oryd/hydra:v1.7.4
docker pull oryd/hydra:v1.7.4
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.7-alpine
docker pull oryd/hydra:v1.7.4-alpine
docker pull oryd/hydra:v1.7.4-alpine
docker pull oryd/hydra:latest-alpine

hydra - v1.7.0

Published by aeneasr about 4 years ago

The new SameSite attribute is now enforced on Google Chrome and may cause issues with your current ORY Hydra deployment:

SameSite=None no longer works without secure flag cookies. If you are using the --dangerous-force-http flag and have not configured SameSite=Lax your users will no longer be able to perform OAuth2 flows.

The next FireFox release will follow this implementation as well. To prevent your users from experiencing issues:

Remove --dangerous-force-http from your deployment. This flag should never be set outside of local development machines anyways!
Set environment variable SERVE_COOKIES_SAME_SITE_MODE=Lax or configuration value serve.cookies.same_site_mode = Lax.

By applying this release, the above recommendations will be set per default, for example using Lax when --dangerous-force-http is set.

Many of you reached out in the past asking about managed / SaaS offerings from ORY, for more support, automated updates, and automated fixes for issues like the SameSite behavior above. We would like to invite those interested in that kind of an offering and service to engage in a dialogue to better help us understand how you are using ORY, what requirements your businesses have and how we can better help and service you. Together, we can shape some of this journey together. If you like to be part of this conversation please send an email to [email protected] so we can get in touch directly and begin talking about what an ideal and fully supported offering from ORY would look like for you.

This patch additionally includes a breaking API change for the "Revoke Consent Sessions API endpoint" - please check the breaking changes below. Bugfixes are included in this release as well - such as pretty JSON format logging, fixes to Jaeger configuration, and more!

1.7.0 (2020-08-14)

Bug Fixes

Add json_pretty to possible log.format values (cc96359)
Add uri to jaeger's local_agent_address (#1982) (4d5df3e), closes #1956
Bump clidoc (7800049)
Remove duplicate html tags (#1960) (819fe6c)
Send total item count in X-Total-Count header (#1983) (5f9f294), closes #1666
Use SameSite=Lax for dev environments per default (534203c)
Use SameSite=Lax for quickstart (379f5f0), closes #1988 #1981

Code Refactoring

Cleanup the code for CORS handling (#1959) (5a53d28), closes #1754

Documentation

Access token time config (#1966) (f066cc1):

Adds a short guide how to configure access token expiration time.
Add expiry-time sidebar item (#1967) (5f8e58b):

Adds token-expiration to sidebar.
Add sdk samples for tls termination and tls verify skip (#1968) (6619e59)
Add section on oauth2 limitations at beginning (4254363)
Adopt new sidebar.json (8faf070)
Clarify secure flag in chrome (f01ac17)
Clarify when to use oauth2 (4c58601)
Document SameSite woes on Chrome (921f8c2)
Fix broken links (b3c6c5a)
Fix invalid links (3838cdc)
Fix typos (#1964) (83ce657)
Fixed link (#1969) (ba1f14b)
Update oauth2 limitation section (62e6fdf)
Update TLS example to quote strings not spawn a subshell (#1961) (0e6ed29)

Features

Add audit and debug logs for cookies (08813b3)
Add clidoc task and program (e44d256)
Revoke consent sessions of a subject only if explicitly requested (#1952) (fb925cf), closes #1951:

This patch adds query parameter all to /oauth2/auth/sessions/consent. If all=true, then all consent sessions of a certain subject will be revoked.

Unclassified

Whitelist new session cookies and set log level to trace (6e75638)
Add 1.5 notes to UPGRADING.md (270b89a)

BREAKING CHANGES

Previously, '/oauth2/auth/sessions/consent?subject=[email protected]' would revoke all consent sessions of that user. This may be problematic in cases where the caller forgot to specify the client ID as all tokens for that user are revoked. To prevent that, a "failsave" all=true is now required to make this explicit: '/oauth2/auth/sessions/consent?subject=[email protected]&all=true'.

Changelog

270b89a3 Add 1.5 notes to UPGRADING.md
69d4af78 Merge branch 'master' into fix-e2e-cookie
cd765249 Merge pull request #1990 from ory/fix-e2e-cookie
5821d7e4 autogen(docs): generate and format documentation
38b83680 autogen(docs): generate and format documentation
e7f38ebe autogen(docs): generate and format documentation
cf909196 autogen(docs): generate and format documentation
1208827d autogen(docs): generate and format documentation
8772df07 autogen(docs): generate and format documentation
109c2d86 autogen(docs): generate and format documentation
6aec75fc autogen(docs): generate and format documentation
853fa94f autogen(docs): generate and format documentation
d91a0e84 autogen(docs): generate and format documentation
e5f7511a autogen(docs): generate and format documentation
a65919b5 autogen(docs): generate and format documentation
b81fd79a autogen(docs): generate and format documentation
5cb4bb41 autogen(docs): generate and format documentation
2fb6102a autogen(docs): generate and format documentation
2b446142 autogen(docs): generate cli docs
6811eec0 autogen(docs): generate cli docs
e3a3005a autogen(docs): generate cli docs
9e491faf autogen(docs): generate cli docs
11176dc1 autogen(docs): generate cli docs
1c8b31de autogen(docs): regenerate and update changelog
3927ca2c autogen(docs): regenerate and update changelog
6060cb0a autogen(openapi): Regenerate swagger spec and internal client
ff4b81ef autogen: pin v1.7.0 release commit
53f3645f chore: add cypress screenshots to gitignore
dd485581 chore: bump ory/x
6ffa84af chore: clean up RootCmd
9dcaaf10 chore: fix editorconfig ident size
912eae7e chore: update .dockerignore
04fa732f chore: update docusaurus template
e681c8cb chore: update docusaurus template
2bdc31bb chore: update docusaurus template (#1972)
4b1be800 chore: update docusaurus template (#1985)
1ef032d6 ci: add docs/cli task
1f6d49ad ci: bump ci versions
5494e415 ci: disable legacy migrations
2d472246 ci: fix goreleaser config
f066cc12 docs: access token time config (#1966)
5f8e58be docs: add expiry-time sidebar item (#1967)
6619e59d docs: add sdk samples for tls termination and tls verify skip (#1968)
42543630 docs: add section on oauth2 limitations at beginning
8faf070a docs: adopt new sidebar.json
f01ac170 docs: clarify secure flag in chrome
4c586012 docs: clarify when to use oauth2
921f8c23 docs: document SameSite woes on Chrome
b3c6c5ad docs: fix broken links
3838cdc5 docs: fix invalid links
83ce6578 docs: fix typos (#1964)
ba1f14b3 docs: fixed link (#1969)
0e6ed291 docs: update TLS example to quote strings not spawn a subshell (#1961)
62e6fdfc docs: update oauth2 limitation section
08813b31 feat: add audit and debug logs for cookies
e44d2562 feat: add clidoc task and program
fb925cf8 feat: revoke consent sessions of a subject only if explicitly requested (#1952)
cc963595 fix: add json_pretty to possible log.format values
4d5df3eb fix: add uri to jaeger's local_agent_address (#1982)
7800049e fix: bump clidoc
819fe6cd fix: remove duplicate html tags (#1960)
5f9f294f fix: send total item count in X-Total-Count header (#1983)
534203c5 fix: use SameSite=Lax for dev environments per default
379f5f08 fix: use SameSite=Lax for quickstart
5a53d28f refactor: cleanup the code for CORS handling (#1959)
00bfa09c style: go format
6e756389 tests: whitelist new session cookies and set log level to trace

Docker images

docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.7
docker pull oryd/hydra:v1.7.0
docker pull oryd/hydra:v1.7.0
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.7-alpine
docker pull oryd/hydra:v1.7.0-alpine
docker pull oryd/hydra:v1.7.0-alpine
docker pull oryd/hydra:latest-alpine

hydra - v1.6.0

Published by aeneasr about 4 years ago

We focused on reworking the ORY Hydra documentation in this release.

Even though no breaking changes were introduced with this release, we decided
to bump to the next minor (1.6) version to signal the significance of the
documentation changes.

We also refactored the NodeJS example implementation to use lightweight
TypeScript and the official TypeScript SDK.

1.6.0 (2020-07-20)

Bug Fixes

Correct hydra-login-consent-node image (2bc777d), closes #1955
Improve nancy pipeline with nancy-ignore and bump ci (aaabb6f)
Improve structured logging (#1935) (82c5302), closes #1683
Logout error hint (#1949) (2f1f832)
SDK generation at Makefile (#1954) (e7a8322)
Use correct assertion in test (9a5593b)

Documentation

Add scaling hydra section (e812bfa)
Annotate code samples (c6099ec)
Clean up concept section (13c593c)
Improve csrf debug help (48e50da)
Move helm chart docs from ory/k8s (5185368)
Refactor documentation (2b23437)
Remove duplicate heading (74cb812)
Update openid certification (5f8c0d4)

Unclassified

Exclude health endpoints (#1932) (7bf91c2), closes #1924

Changelog

793a9e2f autogen(docs): generate and format documentation
06fde373 autogen(docs): generate and format documentation
cdcaee6b autogen(docs): generate and format documentation
b1933d7d autogen(docs): generate and format documentation
fc6727ec autogen(docs): generate and format documentation
ce1f99e5 autogen(docs): generate and format documentation
70f9fb4d autogen(docs): generate and format documentation
d95315c8 autogen(docs): generate and format documentation
5f556f01 autogen(docs): generate and format documentation
6c4bc77f autogen(docs): generate and format documentation
c2e7f2f2 autogen(docs): generate and format documentation
69ac6b9c autogen(docs): regenerate and update changelog
90faa60c autogen: pin v1.6.0 release commit
523307e0 chore: bump ci tools
4780c69e chore: bump fosite to 0.32.2 (#1936)
384f7ff2 chore: optimize CircleCI workflow (#1919)
519e07e9 chore: update docusaurus template
79c14425 chore: update docusaurus template
fcbbdf55 chore: update docusaurus template
f71d740a chore: update docusaurus template (#1945)
e812bfa8 docs: add scaling hydra section
c6099ecc docs: annotate code samples
13c593c0 docs: clean up concept section
48e50daa docs: improve csrf debug help
51853681 docs: move helm chart docs from ory/k8s
2b234370 docs: refactor documentation
74cb8126 docs: remove duplicate heading
5f8c0d4b docs: update openid certification
e7a83229 fix: SDK generation at Makefile (#1954)
2bc777d8 fix: correct hydra-login-consent-node image
aaabb6ff fix: improve nancy pipeline with nancy-ignore and bump ci
82c5302f fix: improve structured logging (#1935)
2f1f8328 fix: logout error hint (#1949)
9a5593b6 fix: use correct assertion in test
7bf91c22 tracing: exclude health endpoints (#1932)

Docker images

docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.6
docker pull oryd/hydra:v1.6.0
docker pull oryd/hydra:v1.6.0
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.6-alpine
docker pull oryd/hydra:v1.6.0-alpine
docker pull oryd/hydra:v1.6.0-alpine
docker pull oryd/hydra:latest-alpine

hydra - v1.5.2

Published by aeneasr over 4 years ago

This release contains mostly minor bug fixes and allows more granular control
for listening on unix sockets.

1.5.2 (2020-06-23)

Bug Fixes

Bump pop to v5.2 (#1922) (5097805), closes #1892
Do not log error at login/consent cancelation (#1914) (379eed3), closes #1912
Improve Makefile dependency management (#1918) (5359276), closes #1916:

This install dependencies only when you make a target that needs it.

This also removes the check that certain system dependencies (e.g. go)
are installed. Instead, we simply let the target fail. This ensures we
only test for the desired dependencies.

Features

Allow modifying unix socket permissions (#1915) (b19b7cf):
This allows the reverse proxy to actually read the unix socket, since
- The default permissions are 0755
- Hydra is usually run as a user different than the reverse proxy
- One needs read and write permissions to connect to the socket
With the commit, one can set the group to be a group that contains the
reverse proxy user and permissions to 0770

Changelog

dca89f9c autogen(docs): generate and format documentation
54d610d9 autogen(docs): generate and format documentation
f4f84fc7 autogen(docs): generate and format documentation
17c2fe07 autogen(docs): generate and format documentation
8d94004c autogen(docs): regenerate and update changelog
4d2cd48e autogen: pin v1.5.2 release commit
2bf781f5 chore: bump docker-compose hydra version
4603c5ac chore: bump ory/x to v0.0.132 (#1923)
b19b7cfd feat: allow modifying unix socket permissions (#1915)
50978054 fix: bump pop to v5.2 (#1922)
379eed3d fix: do not log error at login/consent cancelation (#1914)
5359276a fix: improve Makefile dependency management (#1918)

Docker images

docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.5
docker pull oryd/hydra:v1.5.2
docker pull oryd/hydra:v1.5.2
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.5-alpine
docker pull oryd/hydra:v1.5.2-alpine
docker pull oryd/hydra:v1.5.2-alpine
docker pull oryd/hydra:latest-alpine

hydra - v1.5.1

Published by aeneasr over 4 years ago

The 1.5.1 release includes several big changes to the internal code base and introduces exciting new features! It combines several beta releases that have been battle-tested by the community. Please use the 1.5.1 release instead of the 1.5.0 release which had issues with the CI pipeline! This release

changes how migrations work internally. It does not contain breaking changes but please run hydra migrate sql once you have backed up the database;
improves CockroachDB ZigZag query performance;
OAuth2 clients are now able to use other token_endpoint_auth_signing_algorithms than RS256
introduces Zipkin tracing support;
improves the documentation in several locations;
greatly improves structured logging output;
supports unix sockets in the ORY Hydra CLI;
uses the new ORY CLI as part of the toolchain;
and resolves several other bugs and issues!

We would like to thank our amazing community and all contributors that have helped in making this release possible (in no particular order):

If you haven't yet, consider joining our Slack family!

1.5.1 (2020-06-16)

No significant changes have been made for this release.

Changelog

d2a94d6a autogen(docs): generate and format documentation
af8d7a69 autogen: pin v1.5.1 release commit
16c7ec16 ci: bump orbs and wait for docs build on release

Docker images

docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.5
docker pull oryd/hydra:v1.5.1
docker pull oryd/hydra:v1.5.1
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.5-alpine
docker pull oryd/hydra:v1.5.1-alpine
docker pull oryd/hydra:v1.5.1-alpine
docker pull oryd/hydra:latest-alpine

hydra - v1.5.0-beta.5

Published by aeneasr over 4 years ago

Adds offline_access to the scope list in OpenID Connect Discovery, makes it possible to enforce PKCE for public clients, improves structured logging, and bumps several dependencies.

1.5.0-beta.5 (2020-05-28)

Bug Fixes

Add offline_access to discovery supported scoped (#1870) (73464e1), closes #1866
Resolve dependency issues and adopt logrusx logger (fdb3231)

Documentation

Move sdk to top level directory (#1876) (13ee97d)
Update repository templates (04b2c22)
Use central banner repo for README (ff0b990)

Features

Configure pkce enforcement for public clients (#1874) (d1907d6)

Changelog

576e6f16 autogen(docs): generate and format documentation
f557c9ab autogen(docs): generate and format documentation
6706f77f autogen(docs): regenerate and update changelog
a9f770b2 autogen(docs): regenerate and update changelog
37e70245 autogen(docs): regenerate and update changelog
40b15569 autogen(docs): regenerate and update changelog
33e30df7 autogen(docs): regenerate and update changelog
21a7f6a8 autogen(docs): regenerate and update changelog
ddacd11d autogen(openapi): Regenerate swagger spec and internal client
d6cfecdf chore: bump deps
a0fbe809 chore: pin v1.5.0-beta.5 release commit
9ca3e372 chore: update docusaurus template (#1878)
f3bdda77 ci: make test independent from Nancy (#1877)
13ee97dc docs: move sdk to top level directory (#1876)
04b2c22d docs: update repository templates
ff0b990c docs: use central banner repo for README
d1907d67 feat: configure pkce enforcement for public clients (#1874)
73464e1c fix: add offline_access to discovery supported scoped (#1870)
fdb3231e fix: resolve dependency issues and adopt logrusx logger