Skip to content

v0.11.0
Compare
Choose a tag to compare
@ory-bot ory-bot released this 02 Dec 18:41
· 791 commits to master since this release
v0.11.0
59c30b6

The 2022 winter release of Ory Kratos is here, and we are extremely excited to share with you some of the highlights included:

  • Ory Kratos now supports verification and recovery codes, which replace are now the default strategy and should be used instead of magic links.
  • Import of MD5-hashed passwords is now supported.
  • Ory Kratos can now act as the login app for the Ory Hydra Consent & Login Flow using the oauth2_provider.url configuration value.
  • Ory Kratos' SDK is now released as version 1. Learn more in the upgrade guide.
  • New APIs are available to manage Ory Sessions.
  • Ory Sessions now contain device information.
  • Added all claims to the Social Sign-In data mapper as well as the option to customize admin and public metadata.
  • Add webhooks that can block the request, useful to do some additional validation.
  • Add asynchronous webhooks which do not block the request.
  • A CLI helper to clean up stale data.

Please read the changelog carefully to identify changes which might affect you. Always test upgrading with a copy of your production system before applying the upgrade in production.

Breaking Changes

This patch changes the behavior of the recovery flow. It introduces a new strategy for account recovery that sends out short "one-time passwords" (code) that a user can use to prove ownership of their account and recovery access to it. This PR also updates the default recovery strategy to code.

This patch invalidates recovery flows initiated using the Admin API. Please re-generate any admin-generated recovery flows and tokens.

This is a breaking change, as it removes the courier.message_ttl config key and replaces it with a counter courier.message_retries.

Closes #402
Closes #1598

SDK Method getJsonSchema was renamed to getIdentitySchema.

Bug Fixes

  • Active attribute based off IsActive checks (#2901) (bcbf68e)

  • Add issuerURL for apple id (#2565) (2aeb0a2):

    No issuer url was specified when using the Apple ID provider,
    this forced usersers to manually enter it in the provider config.

    This PR adds the Apple ID issuer url to the provider simplifying the setup.

  • Add missing go.mod to docker build (7c4964e)

  • Add support for verified Graph API calls for facebook oidc provider (#2547) (1ba7c66)

  • Admin recovery CSRF & duplicate form elements (#2846) (de80b7f)

  • Bump docker image (#2594) (071c885)

  • Bump graceful to deal with http header timeouts (9ce2d26)

  • Cache migration status (#2631) (9020738):

    See ory-corp/cloud#2691

  • Check return code of ms graphapi /me request. (#2647) (3f490a3)

  • cli: Dry up code (#2572) (d1b6b40)

  • Codecov (#2879) (e446c5a)

  • Correct name of span on recovery code deletion (#2823) (44f775f)

  • Correctly calculate expired_at timestamp for FlowExpired errors (#2836) (ddde43e)

  • Debugging Docker setup (#2616) (aaabe75)

  • Disappearing title label on verification and recovery flow (#2613) (29aa3b6), closes #2591

  • Distinguish credential types properly when collecting identifiers (#2873) (705f7b1)

  • Do not crash process on invalid smtp url (#2890) (c5d3ebc):

    Closes ory-corp/cloud#3321

  • Do not double-commit webhooks on registration (#2888) (88e75d9)

  • Do not invalidate recovery addr on update (#2699) (1689bb9)

  • docker: Add missing dependencies (#2643) (c589520)

  • docker: Update images (b5f80c1)

  • Duplicate messages in recovery flow (#2592) (43fcc51)

  • Express e2e tests for new account experience (#2708) (84ea0cf)

  • Format (0934def)

  • Format check stage in the CI (#2737) (bbe4463)

  • Gosec false positives (e3e7ed0)

  • Identity sessions list response includes pagination headers (#2763) (0c2efa2), closes #2762

  • identity: Migrate identity_addresses to lower case (#2517) (c058e23), closes #2426

  • Ignore commata in HIBP response (0856bd7)

  • Ignore CSRF for session extension on public route (866b472)

  • Ignore error explicitly (772d596)

  • Improve migration status speed (#2637) (a2e3c41)

  • Include flow id in use recovery token query (#2679) (d56586b):

    This PR adds the selfservice_recovery_flow_id to the query used when "using" a token in the recovery flow.

    This PR also adds a new enum field for identity_recovery_tokens to distinguish the two flows: admin versus self-service recovery.

  • Include metadata_admin in admin identity list response (#2791) (aa698e0), closes #2711

  • Incorrect swagger annotation for getSession (#2891) (797ea68)

  • lint: Fixed lint error causing ci failures (4aab5e0)

  • Make courier.TemplateType an enum (#2875) (65aeb0a)

  • Make hydra consistently localhost (70211a1)

  • Make ID field in VerifiableAddress struct optional (#2507) (0844b47), closes #2506

  • Make servicelocator explicit (4f841da)

  • Make swagger/openapi go 1.19 compatible (fec6772)

  • Mark gosec false positives (13eaddb)

  • Metadata should not be required (05afd68)

  • Migration error detection (a115486)

  • Missing usage to recovery_code_invalid template (#2798) (5ac7553)

  • Not cleared field validation message (#2800) (cdaf68d)

  • Panic (1182278)

  • Patch invalidates credentials (#2721) (c4d95af), closes ory/cloud#148

  • Potentially resolve tx issue in crdb (#2595) (9d22035)

  • Preserve return_to param between flows (#2644) (f002649)

  • Proper annotation for patch (#2784) (0cbfe41)

  • Re-add service to quickstart (8c52c33)

  • Re-issue outdated cookie in /whoami (#2598) (bf6f27e), closes #2562

  • Remove jackc rewrites (#2634) (fe00c5b)

  • Remove jsonnet import support (d708c81)

  • Remove newline sign from email subject (#2576) (ca3d9c2)

  • Remove rust workaround (355ec43)

  • Replace io/util usage by io and os package (e2d805b)

  • Resolve bug where 500s in web hooks are not properly retried (e572e81)

  • Respect more http sources for computing request URL (66a9448)

  • Return browser to 'return_to' when logging in without registered account using oidc. (#2496) (a4194f5), closes #2444

  • Return empty array not null when there are no sessions (#2548) (fffba47)

  • Revert Go 1.19 formatting changes (7fb085b)

  • Revert removal of required field in uiNodeInputAttributes (#2623) (fee154b)

  • sdk: Identity metadata is nullable (#2841) (4c70578):

    Closes ory/sdk#218

  • sdk: Make InputAttributes.Type an enum (ff6190f)

  • sdk: Rust compile issue with required enum (#2619) (8800085)

  • Send out correct verification invalid email in code strategy (#2908) (d2bb67a)

  • Set cache default to false (#2906) (e407f92)

  • Take over return_to param from unauthorized settings to login flow (#2787) (504fb36)

  • Unable to find JSON Schema ID: default (#2393) (f43396b)

  • Use correct download location for golangci-lint (c36ca53)

  • Use errors instead of fatal for serve cmd (02f7e9c)

  • Use full URL for webhook payload (72595ad)

  • Use process-isolated Jsonnet VM (#2869) (9eeedc0)

  • Verification redirect & continue label (#2905) (e1119e8):

    This PR resolves an issue with the redirect after a successful verification, if not specified.

  • Wrap migration error in WithStack (#2636) (4ce9f1e)

  • Wrong config key in admin recovery documentation (#2815) (154b61b)

  • X-forwarded-for header parsing (#2807) (4682afa)

Code Generation

  • Pin v0.11.0 release commit (59c30b6)

Code Refactoring

Documentation

Features

  • Add "success" UITextType (#2900) (2ff34b6)

  • Add admin get api for session (#2855) (1aa1321)

  • Add api endpoint to fetch messages (#2651) (5fddcbf):

    Closes #2639

  • Add autocomplete attributes (#2523) (6284a9a), closes #2396

  • Add cache headers (#2817) (71e2449)

  • Add codecov yaml (90da0bb)

  • Add DingTalk social login (#2494) (7b966bd)

  • Add flow id check to use verification token (#2695) (54c64fc)

  • Add handler with openapi def for admin revoke session (#2867) (2438ca0)

  • Add identity id to "account disabled" error (#2557) (f09b1b3)

  • Add missing config entry (8fe9de6)

  • Add missing cookie headers to SDK methods (#2720) (32e32d1):

    See #2583

  • Add OpenTelemetry span events (#2858) (37b1a3b)

  • Add PATCH to adminUpdateIdentity (#2380) (#2471) (94a3741)

  • Add pre-hooks to settings, verification, recovery (c0ceaf3)

  • Add session cache header feature flag (#2899) (02a92b4), closes ory-corp/cloud#3283

  • Add support for firebase scrypt hashes on identity import and login hash upgrade (#2734) (3852eb4), closes #2422

  • Add verification via code (#2838) (a82ee92), closes #2824:

    The new code strategy is now supported as a verification strategy. If enabled, the strategy sends a code, instead of a magic link to the user's address, which they can use to verify their address.

  • Adding admin session listing api (#2818) (59588d2)

  • Adding device information to the session (#2715) (82bc9ce):

    Closes #2091
    See ory-corp/cloud#3011

    Co-authored-by: Patrik zepatrik@users.noreply.github.com

  • Allow importing scrypt hashing algorithm (#2689) (3e3b59e), closes #2422:

    It is now possible to import scrypt-hashed passwords.

  • Allow setting public and admin metadata with the jsonnet data mapper (#2569) (aa6eb13), closes #2552

  • Automatic TLS certificate reloading (#2744) (09751e6)

  • Change code length to 6 numbers (#2894) (56feb07)

  • cli: Helper for cleaning up stale records (#2406) (29d6376), closes #952

  • Forward parsed request cookies to webhook Jsonnet snippet (#2917) (70ed068):

    Request cookies were already available in raw form in
    the ctx.request_headers top-level argument to the Jsonnet snippet.
    Parsing cookies in Jsonnet is tedious and error-prone, though, so
    we parse them internally for convenience.

  • Handler for update API with credentials (#2423) (561187d), closes #2334

  • Immutable cookie session values (#2761) (a6f2793), closes #2701

  • Implement blocking webhooks (#1585) (e48e9fa), closes #1724 #1483

  • Improve cache handling (6e8579b)

  • Improve state generation logic (546ee3d)

  • Ingest hydra bugfix (3c11216)

  • OAuth2 integration (#2804) (7c6eb2a):

    This feature allows Ory Kratos to act as a login provider for Ory Hydra using the oauth2_provider.url configuration value.

    Closes #273
    Closes #2293
    See ory/kratos-selfservice-ui-node#50
    See ory/kratos-selfservice-ui-node#68
    See ory/kratos-selfservice-ui-node#108
    See ory/kratos-selfservice-ui-node#111
    See ory/kratos-selfservice-ui-node#149
    See ory/kratos-selfservice-ui-node#170
    See ory/kratos-selfservice-ui-node#198
    See ory/kratos-selfservice-ui-node#207

  • Parse all id token claims into raw_claims (#2765) (1da0cf6), closes #2528:

    All ID Token claims resulting from the Social Sign In flow are now available in raw_claims and can be used in the Social Sign In JsonNet Mapper.

  • Replace magic links with one time codes in recovery flow (#2645) (a1532ba), closes #1451:

    This feature introduces a new code strategy to recover an account.

    Currently, if a user needs to initiate a recovery flow to recover a lost password/MFA/etc., they’ll receive an email containing a “magic link”. This link contains a flow_id and a recovery_token. This is problematic because some antivirus software opens links in emails to check for malicious content, etc.

    Instead of the magic link, we send an 8-digit code that is clearly displayed in the email or SMS. A user can now copy/paste or type it manually into the text-field that is shown after the user clicks “submit” on the initiate flow page.

  • Replace message_ttl with static max retry count (#2638) (b341756):

    This PR replaces the courier.message_ttl configuration option with a courier.message_retries option to limit how often the sending of a message is retried before it is marked as abandoned.

  • Standardize license headers (#2790) (8406eaf)

  • Support ip exceptions (de46c08)

  • Support md5 hash import (#2725) (d1b4e17)

  • Trace WebHooks (#2911) (665605b):

    Previously the context was not propagated to the http client. As a result the (instrumented) client did not find the existing span and the sapns for outgoing http request have been orphains.

    With this simple Fix they are now children of the corresponding webhook spans.

  • Update for the Ory Network (#2814) (3e09e58)

  • Upgrade hydra to v2 (fdb108f)

Reverts

  • Revert "autogen(openapi): regenerate swagger spec and internal client" (24eddfb):

    This reverts commit 4159b93.

Tests

  • e2e: Add typescript (37018c0)
  • e2e: Fix flaky assertions (21a8487)
  • e2e: Fix issuer config (32454d2)
  • e2e: Fix webauthn regression (26001e7)
  • e2e: Improve webauthn test reliability (4d323d0)
  • e2e: Migrate to cypress 10.x (317fab0)
  • e2e: Resolve flaky hydra configuration (d8c82da)
  • e2e: Resolve max-age and issuer regression (0ee4cf0)
  • e2e: Resolve max-age regression (904f75d)
  • e2e: Use correct dir (907dbe3)
  • Fix broken assertions (e5f1311)
  • Fix oidc test regression (6c14b68)
  • Improve e2e tooling (390ccaa)
  • Parallelize and speed up config tests (#2611) (d8dea01)
  • Resolve builder regression (934c30d)
  • Try and recover from allocated port error (3b5ac5f)
  • Update snapshots (#2877) (cbaaceb)

Unclassified

Changelog

  • 1515b83 Remove empty script (#2739)
  • 24eddfb Revert "autogen(openapi): regenerate swagger spec and internal client"
  • d612612 Revert "refactor: use gotemplates for command usage (#2770)" (#2778)
  • d74c3ff autogen(docs): generate and bump docs
  • 995bd0a autogen(docs): regenerate and update changelog
  • 5d1ff10 autogen(docs): regenerate and update changelog
  • 26f2618 autogen(docs): regenerate and update changelog
  • 930a475 autogen(docs): regenerate and update changelog
  • 57e569e autogen(docs): regenerate and update changelog
  • 659cf57 autogen(docs): regenerate and update changelog
  • b6c212c autogen(docs): regenerate and update changelog
  • c8805b6 autogen(docs): regenerate and update changelog
  • 9d64033 autogen(docs): regenerate and update changelog
  • 8fa14ec autogen(docs): regenerate and update changelog
  • 2d46209 autogen(docs): regenerate and update changelog
  • 573bd16 autogen(docs): regenerate and update changelog
  • 585c26b autogen(docs): regenerate and update changelog
  • 782d829 autogen(docs): regenerate and update changelog
  • 1fbca13 autogen(docs): regenerate and update changelog
  • bdc3797 autogen(docs): regenerate and update changelog
  • 99a198d autogen(docs): regenerate and update changelog
  • 6f7889d autogen(docs): regenerate and update changelog
  • d75927e autogen(docs): regenerate and update changelog
  • e17064d autogen(docs): regenerate and update changelog
  • a318778 autogen(docs): regenerate and update changelog
  • ba3cf23 autogen(docs): regenerate and update changelog
  • 40e2258 autogen(docs): regenerate and update changelog
  • 3c00b66 autogen(docs): regenerate and update changelog
  • 5bce0b9 autogen(docs): regenerate and update changelog
  • e746c33 autogen(docs): regenerate and update changelog
  • 0815d43 autogen(docs): regenerate and update changelog
  • 9de4705 autogen(docs): regenerate and update changelog
  • 8c8833e autogen(docs): regenerate and update changelog
  • 3b640ca autogen(docs): regenerate and update changelog
  • 14c79b4 autogen(docs): regenerate and update changelog
  • 6424352 autogen(docs): regenerate and update changelog
  • 0c8263b autogen(docs): regenerate and update changelog
  • 411cd79 autogen(docs): regenerate and update changelog
  • 7ec3fe3 autogen(docs): regenerate and update changelog
  • ac847bb autogen(docs): regenerate and update changelog
  • 1cd2672 autogen(docs): regenerate and update changelog
  • 2b25376 autogen(docs): regenerate and update changelog
  • de363c6 autogen(docs): regenerate and update changelog
  • 60fed3c autogen(docs): regenerate and update changelog
  • fa4b59b autogen(docs): regenerate and update changelog
  • bc2dfd3 autogen(docs): regenerate and update changelog
  • f5c4cca autogen(docs): regenerate and update changelog
  • 6bf5d93 autogen(docs): regenerate and update changelog
  • 26d43c1 autogen(docs): regenerate and update changelog
  • 7299c86 autogen(docs): regenerate and update changelog
  • e126586 autogen(docs): regenerate and update changelog
  • 15f5b1b autogen(docs): regenerate and update changelog
  • d9e6a7c autogen(docs): regenerate and update changelog
  • 4e5aac2 autogen(docs): regenerate and update changelog
  • db8c345 autogen(docs): regenerate and update changelog
  • 1787e68 autogen(docs): regenerate and update changelog
  • 5c140ce autogen(docs): regenerate and update changelog
  • bcf2bbd autogen(docs): regenerate and update changelog
  • 15d72d9 autogen(docs): regenerate and update changelog
  • ed99539 autogen(docs): regenerate and update changelog
  • a0d2bfb autogen(openapi): regenerate swagger spec and internal client
  • d7ce190 autogen(openapi): regenerate swagger spec and internal client
  • b8b8cfc autogen(openapi): regenerate swagger spec and internal client
  • 8b791b9 autogen(openapi): regenerate swagger spec and internal client
  • 4eef5d9 autogen(openapi): regenerate swagger spec and internal client
  • 576f9c0 autogen(openapi): regenerate swagger spec and internal client
  • 037c095 autogen(openapi): regenerate swagger spec and internal client
  • 00cd096 autogen(openapi): regenerate swagger spec and internal client
  • 5cc3201 autogen(openapi): regenerate swagger spec and internal client
  • 0860ef3 autogen(openapi): regenerate swagger spec and internal client
  • f0bd67e autogen(openapi): regenerate swagger spec and internal client
  • f040c9d autogen(openapi): regenerate swagger spec and internal client
  • 04111f8 autogen(openapi): regenerate swagger spec and internal client
  • 60f4a2c autogen(openapi): regenerate swagger spec and internal client
  • 39bb84d autogen(openapi): regenerate swagger spec and internal client
  • 1969b76 autogen(openapi): regenerate swagger spec and internal client
  • a9f6b7f autogen(openapi): regenerate swagger spec and internal client
  • bd4af9a autogen(openapi): regenerate swagger spec and internal client
  • 02b9100 autogen(openapi): regenerate swagger spec and internal client
  • 816b029 autogen(openapi): regenerate swagger spec and internal client
  • 1b67773 autogen(openapi): regenerate swagger spec and internal client
  • 2b8a4f5 autogen(openapi): regenerate swagger spec and internal client
  • ec70a30 autogen(openapi): regenerate swagger spec and internal client
  • 3e1c444 autogen(openapi): regenerate swagger spec and internal client
  • 4159b93 autogen(openapi): regenerate swagger spec and internal client
  • e03a2b3 autogen(openapi): regenerate swagger spec and internal client
  • 1a397ac autogen(openapi): regenerate swagger spec and internal client
  • 182ed14 autogen(openapi): regenerate swagger spec and internal client
  • cf63a1c autogen: add v0.10.1 to version.schema.json
  • 59c30b6 autogen: pin v0.11.0 release commit
  • 624e1f0 autogen: pin v0.11.0-alpha.0.pre.2 release commit
  • bfe46af chore(sdk): update order of arguments (#2840)
  • fcba023 chore: add additional files to gitignore
  • 7e7e58b chore: add node version check to test/e2e/run.sh (#2745)
  • aa83e46 chore: broken link in API docs (#2534)
  • 8d92425 chore: bump go to 1.19
  • b1ff220 chore: bump ory/x (#2882)
  • e314968 chore: consolidate .gitignore files (#2881)
  • 8102178 chore: debugf (#2842)
  • e55d22f chore: delete semantic.yml (#2554)
  • 0dcf073 chore: deprecate coupon (#2597)
  • a46cef6 chore: dry up code (#2541)
  • 77c53fd chore: fix formatting (#2753)
  • ae4a72e chore: fix golangci/lint version to v1.47.3
  • 9346c18 chore: fix package-lock.json (#2861)
  • bad43a8 chore: format
  • de77771 chore: format
  • cae5baa chore: format
  • 20fdfe8 chore: format using Make (#2736)
  • 1ff40ae chore: format using Make (#2748)
  • fc95730 chore: go 1.19 format
  • 5e8c184 chore: improve package-lock.json package.json (#2712)
  • f3c4aba chore: license checker (#2851)
  • 30262cb chore: list contributors in file (#2878)
  • b3dca56 chore: remove .only from test (#2893)
  • 8e01e61 chore: remove dead code (#2769)
  • 1736d80 chore: remove double-tabs in Makefile (#2747)
  • b553f50 chore: remove ioutil from open api templates
  • 4a8f151 chore: remove legacy codedoc
  • 70976e6 chore: remove listx dependency (#2752)
  • af2747b chore: remove obsolete header (#2857)
  • 6226177 chore: update ory-prettier-styles (#2749)
  • 8fceadc chore: update ory/x (#2871)
  • af32ba8 chore: update repository templates
  • 191cee8 chore: update repository templates
  • b7e2816 chore: update repository templates
  • e25c886 chore: update repository templates
  • 8dbf04d chore: update repository templates
  • aa6ef6d chore: update repository templates
  • 6e3fdb7 chore: update repository templates
  • 49540dd chore: update repository templates
  • bd86783 chore: update repository templates
  • e581ec6 chore: update repository templates
  • ad23053 chore: update repository templates
  • dd75378 chore: update repository templates
  • e1e08d3 chore: update repository templates
  • e573255 chore: update repository templates
  • 439f015 chore: update repository templates to ory/meta@19eed81
  • 8043371 chore: update repository templates to ory/meta@23d918a
  • 2a6fd20 chore: update repository templates to ory/meta@47569d9
  • 93d4bf5 chore: update repository templates to ory/meta@4a68ca0
  • 8cebb8b chore: update repository templates to ory/meta@4ef1342
  • 53bf4d0 chore: update repository templates to ory/meta@6ab5ce6
  • 968bf6b chore: update repository templates to ory/meta@852a1ae
  • b024e09 chore: update repository templates to ory/meta@935cc04
  • ddecb89 chore: update repository templates to ory/meta@9f57fec
  • 2b42ddb2 chore: update repository templates to ory/meta@a2fba7e
  • 8ef7cd5 chore: update repository templates to ory/meta@b41b1ee
  • ae6fbb8 chore: update repository templates to ory/meta@d3f8710
  • 5af2c0a chore: update x/sys for M1
  • b2b0eb0 ci: add CVE-2022-30065 to trivy ignore
  • 01abc2c ci: add sdk scope to conventional commits
  • 1d7381a ci: add issues and PRs to board
  • 9391d68 ci: add moreutils and gettext
  • 4e8a8c1 ci: additional types and scopes for conventional commits (#2626)
  • d2d4321 ci: bump dockle action
  • 28ccc01 ci: bump hydra
  • 5a8a484 ci: delete semantic.yml (#2627)
  • 34543f3 ci: fix codecov config
  • e00a976 ci: fix to Go 1.18
  • 169e410 ci: fix version
  • bad3418 ci: ignore busybox cve
  • 73ed192 ci: ignore schema YAMLs
  • 37ff495 ci: remove deprecated linters (replaced by unused)
  • 09c5cc9 ci: shorten label (#2514)
  • 8012a3e ci: update hydra
  • 98edbfb ci: update project action
  • f89d279 docs(sdk): identifier is actually required (#2593)
  • ac6c4cc docs(sdk): incorrect URL (#2521)
  • db9a95b docs: cleanup v0alpha2 endpoint summaries
  • d8514b5 docs: cypress on arm based mac (#2795)
  • 8f52e8b docs: enable 2FA methods in docker-compose quickstart setup (#2828)
  • dbb7506 docs: fix badge
  • 4e8b5cf docs: importing credentials supported
  • 5da4c6b docs: update README
  • 7136e94 docs: update readme badges
  • 3d8cf38 docs: write messages as single json document (#2519)
  • 29d6376 feat(cli): helper for cleaning up stale records (#2406)
  • 7c6eb2a feat: OAuth2 integration (#2804)
  • 2ff34b6 feat: add "success" UITextType (#2900)
  • 7b966bd feat: add DingTalk social login (#2494)
  • 37b1a3b feat: add OpenTelemetry span events (#2858)
  • 94a3741 feat: add PATCH to adminUpdateIdentity (#2380) (#2471)
  • 1aa1321 feat: add admin get api for session (#2855)
  • 5fddcbf feat: add api endpoint to fetch messages (#2651)
  • 6284a9a feat: add autocomplete attributes (#2523)
  • 71e2449 feat: add cache headers (#2817)
  • 90da0bb feat: add codecov yaml
  • 54c64fc feat: add flow id check to use verification token (#2695)
  • 2438ca0 feat: add handler with openapi def for admin revoke session (#2867)
  • f09b1b3 feat: add identity id to "account disabled" error (#2557)
  • 8fe9de6 feat: add missing config entry
  • 32e32d1 feat: add missing cookie headers to SDK methods (#2720)
  • c0ceaf3 feat: add pre-hooks to settings, verification, recovery
  • 02a92b4 feat: add session cache header feature flag (#2899)
  • 3852eb4 feat: add support for firebase scrypt hashes on identity import and login hash upgrade (#2734)
  • a82ee92 feat: add verification via code (#2838)
  • 59588d2 feat: adding admin session listing api (#2818)
  • 82bc9ce feat: adding device information to the session (#2715)
  • 3e3b59e feat: allow importing scrypt hashing algorithm (#2689)
  • aa6eb13 feat: allow setting public and admin metadata with the jsonnet data mapper (#2569)
  • 09751e6 feat: automatic TLS certificate reloading (#2744)
  • 56feb07 feat: change code length to 6 numbers (#2894)
  • 70ed068 feat: forward parsed request cookies to webhook Jsonnet snippet (#2917)
  • 561187d feat: handler for update API with credentials (#2423)
  • a6f2793 feat: immutable cookie session values (#2761)
  • e48e9fa feat: implement blocking webhooks (#1585)
  • 6e8579b feat: improve cache handling
  • 546ee3d feat: improve state generation logic
  • 3c11216 feat: ingest hydra bugfix
  • 1da0cf6 feat: parse all id token claims into raw_claims (#2765)
  • a1532ba feat: replace magic links with one time codes in recovery flow (#2645)
  • b341756 feat: replace message_ttl with static max retry count (#2638)
  • 8406eaf feat: standardize license headers (#2790)
  • de46c08 feat: support ip exceptions
  • d1b4e17 feat: support md5 hash import (#2725)
  • 665605b feat: trace WebHooks (#2911)
  • 3e09e58 feat: update for the Ory Network (#2814)
  • fdb108f feat: upgrade hydra to v2
  • d1b6b40 fix(cli): dry up code (#2572)
  • c589520 fix(docker): add missing dependencies (#2643)
  • b5f80c1 fix(docker): update images
  • c058e23 fix(identity): migrate identity_addresses to lower case (#2517)
  • 4aab5e0 fix(lint): fixed lint error causing ci failures
  • 4c70578 fix(sdk): identity metadata is nullable (#2841)
  • ff6190f fix(sdk): make InputAttributes.Type an enum
  • 8800085 fix(sdk): rust compile issue with required enum (#2619)
  • bcbf68e fix: active attribute based off IsActive checks (#2901)
  • 2aeb0a2 fix: add issuerURL for apple id (#2565)
  • 7c4964e fix: add missing go.mod to docker build
  • 1ba7c66 fix: add support for verified Graph API calls for facebook oidc provider (#2547)
  • de80b7f fix: admin recovery CSRF & duplicate form elements (#2846)
  • 071c885 fix: bump docker image (#2594)
  • 9ce2d26 fix: bump graceful to deal with http header timeouts
  • 9020738 fix: cache migration status (#2631)
  • 3f490a3 fix: check return code of ms graphapi /me request. (#2647)
  • e446c5a fix: codecov (#2879)
  • 44f775f fix: correct name of span on recovery code deletion (#2823)
  • ddde43e fix: correctly calculate expired_at timestamp for FlowExpired errors (#2836)
  • aaabe75 fix: debugging Docker setup (#2616)
  • 29aa3b6 fix: disappearing title label on verification and recovery flow (#2613)
  • 705f7b1 fix: distinguish credential types properly when collecting identifiers (#2873)
  • c5d3ebc fix: do not crash process on invalid smtp url (#2890)
  • 88e75d9 fix: do not double-commit webhooks on registration (#2888)
  • 1689bb9 fix: do not invalidate recovery addr on update (#2699)
  • 43fcc51 fix: duplicate messages in recovery flow (#2592)
  • 84ea0cf fix: express e2e tests for new account experience (#2708)
  • 0934def fix: format
  • bbe4463 fix: format check stage in the CI (#2737)
  • e3e7ed0 fix: gosec false positives
  • 0c2efa2 fix: identity sessions list response includes pagination headers (#2763)
  • 866b472 fix: ignore CSRF for session extension on public route
  • 0856bd7 fix: ignore commata in HIBP response
  • 772d596 fix: ignore error explicitly
  • a2e3c41 fix: improve migration status speed (#2637)
  • d56586b fix: include flow id in use recovery token query (#2679)
  • aa698e0 fix: include metadata_admin in admin identity list response (#2791)
  • 797ea68 fix: incorrect swagger annotation for getSession (#2891)
  • 0844b47 fix: make ID field in VerifiableAddress struct optional (#2507)
  • 65aeb0a fix: make courier.TemplateType an enum (#2875)
  • 70211a1 fix: make hydra consistently localhost
  • 4f841da fix: make servicelocator explicit
  • fec6772 fix: make swagger/openapi go 1.19 compatible
  • 13eaddb fix: mark gosec false positives
  • 05afd68 fix: metadata should not be required
  • a115486 fix: migration error detection
  • 5ac7553 fix: missing usage to recovery_code_invalid template (#2798)
  • cdaf68d fix: not cleared field validation message (#2800)
  • 1182278 fix: panic
  • c4d95af fix: patch invalidates credentials (#2721)
  • 9d22035 fix: potentially resolve tx issue in crdb (#2595)
  • f002649 fix: preserve return_to param between flows (#2644)
  • 0cbfe41 fix: proper annotation for patch (#2784)
  • 8c52c33 fix: re-add service to quickstart
  • bf6f27e fix: re-issue outdated cookie in /whoami (#2598)
  • fe00c5b fix: remove jackc rewrites (#2634)
  • d708c81 fix: remove jsonnet import support
  • ca3d9c2 fix: remove newline sign from email subject (#2576)
  • 355ec43 fix: remove rust workaround
  • e2d805b fix: replace io/util usage by io and os package
  • e572e81 fix: resolve bug where 500s in web hooks are not properly retried
  • 66a9448 fix: respect more http sources for computing request URL
  • a4194f5 fix: return browser to 'return_to' when logging in without registered account using oidc. (#2496)
  • fffba47 fix: return empty array not null when there are no sessions (#2548)
  • 7fb085b fix: revert Go 1.19 formatting changes
  • fee154b fix: revert removal of required field in uiNodeInputAttributes (#2623)
  • d2bb67a fix: send out correct verification invalid email in code strategy (#2908)
  • e407f92 fix: set cache default to false (#2906)
  • 504fb36 fix: take over return_to param from unauthorized settings to login flow (#2787)
  • f43396b fix: unable to find JSON Schema ID: default (#2393)
  • c36ca53 fix: use correct download location for golangci-lint
  • 02f7e9c fix: use errors instead of fatal for serve cmd
  • 72595ad fix: use full URL for webhook payload
  • 9eeedc0 fix: use process-isolated Jsonnet VM (#2869)
  • e1119e8 fix: verification redirect & continue label (#2905)
  • 4ce9f1e fix: wrap migration error in WithStack (#2636)
  • 154b61b fix: wrong config key in admin recovery documentation (#2815)
  • 4682afa fix: x-forwarded-for header parsing (#2807)
  • 8dc2ecf refactor(sdk): rename getJsonSchema to getIdentitySchema (#2606)
  • 11f9d30 refactor: SDK v1 naming
  • b0d8f38 refactor: hot reloading
  • e9aa21f refactor: make embedding easier with internal sdk
  • baa84c6 refactor: use gotemplates for command usage
  • 1d22b23 refactor: use gotemplates for command usage (#2770)
  • 37018c0 test(e2e): add typescript
  • 21a8487 test(e2e): fix flaky assertions
  • 32454d2 test(e2e): fix issuer config
  • 26001e7 test(e2e): fix webauthn regression
  • 4d323d0 test(e2e): improve webauthn test reliability
  • 317fab0 test(e2e): migrate to cypress 10.x
  • d8c82da test(e2e): resolve flaky hydra configuration
  • 0ee4cf0 test(e2e): resolve max-age and issuer regression
  • 904f75d test(e2e): resolve max-age regression
  • 907dbe3 test(e2e): use correct dir
  • e5f1311 test: fix broken assertions
  • 6c14b68 test: fix oidc test regression
  • 390ccaa test: improve e2e tooling
  • d8dea01 test: parallelize and speed up config tests (#2611)
  • 934c30d test: resolve builder regression
  • 3b5ac5f test: try and recover from allocated port error
  • cbaaceb test: update snapshots (#2877)

Artifacts can be verified with cosign using this public key.

Assets 40