autogen: pin v0.8.0-alpha.4.pre.0 release commit

docs/docs/guides/zero-trust-iap-proxy-identity-access-proxy.mdx

@@ -40,7 +40,7 @@ Clone the Ory Kratos repository and fetch the latest images:
 ```shell script
 git clone https://github.com/ory/kratos.git
 cd kratos
-git checkout v0.8.0-alpha.3
+git checkout v0.8.0-alpha.4.pre.0
 
 ```
 

docs/docs/install.md

@@ -11,7 +11,7 @@ binaries, Docker images, and support various package managers.
 We recommend using Docker to run Ory Kratos:
 
 ```shell
-$ docker pull oryd/kratos:v0.8.0-alpha.3
+$ docker pull oryd/kratos:v0.8.0-alpha.4.pre.0
 $ docker run --rm -it oryd/kratos help
 ```
 
@@ -33,7 +33,7 @@ On linux, you can use `bash <(curl ...)` to fetch the latest stable binary
 using:
 
 ```shell
-$ bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -d -b . kratos v0.8.0-alpha.3
+$ bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -d -b . kratos v0.8.0-alpha.4.pre.0
 $ ./kratos help
 ```
 

docs/docs/quickstart.mdx

@@ -126,7 +126,7 @@ Let's clone Ory Kratos and run `docker-compose`:
 ```shell script
 git clone https://github.com/ory/kratos.git
 cd kratos
-git checkout v0.8.0-alpha.3
+git checkout v0.8.0-alpha.4.pre.0
 
 docker-compose -f quickstart.yml -f quickstart-standalone.yml up --build --force-recreate
 # If you have SELinux, run:
@@ -559,23 +559,23 @@ recovery, head over to the
 #### Configuration
 
 You can find all configuration files used for this quickstart guide in
-[`./contrib/quickstart/kratos`](https://github.com/ory/kratos/tree/v0.8.0-alpha.3/contrib/quickstart/kratos/email-password)
+[`./contrib/quickstart/kratos`](https://github.com/ory/kratos/tree/v0.8.0-alpha.4.pre.0/contrib/quickstart/kratos/email-password)
 ,
-[`./quickstart.yml`](https://github.com/ory/kratos/blob/v0.8.0-alpha.3/quickstart.yml),
+[`./quickstart.yml`](https://github.com/ory/kratos/blob/v0.8.0-alpha.4.pre.0/quickstart.yml),
 and
-[`./quickstart-standalone.yml`](https://github.com/ory/kratos/blob/v0.8.0-alpha.3/quickstart-standalone.yml).
+[`./quickstart-standalone.yml`](https://github.com/ory/kratos/blob/v0.8.0-alpha.4.pre.0/quickstart-standalone.yml).
 To understand what each of those configuration files does, consult the other
 chapters of this documentation.
 
 :::note
 
 To get a minimal version of Ory Kratos running, you need to set configuration
 values for
-[`identity.default_schema_url`](https://github.com/ory/kratos/blob/v0.8.0-alpha.3/contrib/quickstart/kratos/email-password/kratos.yml#L75)
+[`identity.default_schema_url`](https://github.com/ory/kratos/blob/v0.8.0-alpha.4.pre.0/contrib/quickstart/kratos/email-password/kratos.yml#L75)
 and
-[`DSN`](https://github.com/ory/kratos/blob/v0.8.0-alpha.3/quickstart.yml#L42).
+[`DSN`](https://github.com/ory/kratos/blob/v0.8.0-alpha.4.pre.0/quickstart.yml#L42).
 You should also configure
-[`selfservice.flows.*.ui_url`](https://github.com/ory/kratos/blob/v0.8.0-alpha.3/contrib/quickstart/kratos/email-password/kratos.yml#L24)
+[`selfservice.flows.*.ui_url`](https://github.com/ory/kratos/blob/v0.8.0-alpha.4.pre.0/contrib/quickstart/kratos/email-password/kratos.yml#L24)
 or else Kratos will use fallback URLs.
 
 :::

docs/versioned_docs/version-v0.8/.static/api.json

@@ -900,7 +900,7 @@
             "type": "string"
           },
           "method": {
-            "enum": ["link_recovery", "password", "totp", "oidc"],
+            "enum": ["link_recovery", "password", "totp", "oidc", "webauthn"],
             "title": "The method used",
             "type": "string"
           }
@@ -1758,7 +1758,7 @@
       "name": "Apache 2.0"
     },
     "title": "Ory Kratos API",
-    "version": "v0.8.0-alpha.2"
+    "version": ""
   },
   "openapi": "3.0.3",
   "paths": {

docs/versioned_docs/version-v0.8/admin/managing-users-identities.mdx

@@ -61,7 +61,10 @@ to use for this user. Similarly, the trait key/values depend on your schema as
 well. The command shown does not create a password for the identity or any other
 type of credential. Instead, we will use another REST call to create a recovery
 link (here "invite link" is probably more appropriate, but the flow uses an
-account recovery link).
+account recovery link). It's possible to generate a link for an account without
+a recovery address via the admin API, but if the recovery link expires the user
+won't be able to reinitiate the flow by himself as long as the recovery address
+has been added.
 
 To create the account recovery link, use:
 

docs/versioned_docs/version-v0.8/concepts/browser-redirect-flow-completion.mdx

@@ -70,27 +70,6 @@ selfservice:
     - https://www.myapp.com/
 ```
 
-It's possible to add domain wildcards to our configuration.
-As an example, we're adding all subdomains of `myapp.com` to the whitelist, thus
-we can now specify a dynamic subdomain return url like so
-`?return_to=https://foo.myapp.com` or `?return_to=https://bar.myapp.com`.
-
-```yaml file="path/to/my/kratos.config.yml"
-selfservice:
-  whitelisted_return_urls:
-    - https://*.myapp.com/
-```
-
-Please remember that adding wildcards for top level domains is blocked (to prevent
-Open Redirect Attacks).If we try to add a wild card for a top level domain we'll get
-an error: `Ignoring wildcard ...`. So adding something like this won't work:
-
-```yaml file="path/to/my/kratos.config.yml"
-selfservice:
-  whitelisted_return_urls:
-    - https://*.com/
-```
-
 ### Post-Login Redirection
 
 Post-login redirection considers the following configuration keys:

docs/versioned_docs/version-v0.8/concepts/email-sms.md

@@ -94,23 +94,42 @@ courier:
   template_override_path: /conf/courier-templates
 ```
 
+Ory Kratos comes with built-in templates. If you wish to define your own, custom
+templates, you should define `template_override_path`, as shown above, to
+indicate where your custom templates are located. This will become the
+`<template-root>` for your custom templates, as indicated below.
+
 `email.subject.gotmpl`, `email.body.gotmpl` and `email.body.plaintext.gotmpl`
-are common template file names expected in remainder directories corresponding
-to respective methods for filling E-mail subject and body.
-
-> Templates use the engine golang text template for text/html email rendering:
-> https://golang.org/pkg/text/template
-
-- recovery: recovery email templates root directory
-  - valid: sub directory containing templates with variables `To` and
-    `RecoveryURL` for validating a recovery
-  - invalid: sub directory containing templates with variables `To` for
-    invalidating a recovery
-- verification: verification email templates root directory
-  - valid: sub directory containing templates with variables `To` and
-    `VerificationURL` for validating a verification
-  - invalid: sub directory containing templates with variables `To` for
-    invalidating a verification
+are common template file names expected in the sub directories of the root
+directory, corresponding to the respective methods for filling e-mail subject
+and body.
+
+> Templates use the golang template engine in the `text/template` package for
+> rendering the `email.subject.gotmpl` and `email.body.plaintext.gotmpl`
+> templates, and the `html/template` package for rendering the
+> `email.body.gotmpl` template: https://pkg.go.dev/text/template >
+> https://pkg.go.dev/html/template
+>
+> Templates can use the [Sprig](https://github.com/Masterminds/sprig) library,
+> which provides more than 100 commonly used template functions:
+> http://masterminds.github.io/sprig/
+
+- **recovery**: recovery email templates directory, expected to be located in
+  `<root_directory>/recovery`
+  - valid: sub directory, expected to be located in
+    `<template-root>/recovery/valid`, containing templates with variables `To`,
+    `RecoveryURL` and `Identity` for validating a recovery
+  - invalid: sub directory, expected to be located in
+    `<template-root>/recovery/invalid`, containing templates with variables `To`
+    for invalidating a recovery
+- **verification**: verification email templates directory, expected to be
+  located in `<root_directory>/verification`
+  - valid: sub directory, expected to be located in
+    `<template-root>/verification/valid`, containing templates with variables
+    `To`, `VerificationURL` and `Identity` for validating a verification
+  - invalid: sub directory, expected to be located in
+    `<template-root>/verification/invalid`, containing templates with variables
+    `To` for invalidating a verification
 
 For example:
 [`https://github.com/ory/kratos/blob/master/courier/template/courier/builtin/templates/verification/valid/email.body.gotmpl`](https://github.com/ory/kratos/blob/master/courier/template/courier/builtin/templates/verification/valid/email.body.gotmpl)
@@ -125,6 +144,57 @@ Hi, please verify your account by clicking the following link:
 Hi, please verify your account by clicking the following link: {{ .VerificationURL }}
 ```
 
+### The Identity attribute
+
+To be able to customize the content of templates based on the identity of the
+recipient of the e-mail, the identity has been made available as `Identity`.
+This object is a map containing all the attributes of an identity, such as `id`,
+`state`, `recovery_addresses`, `verifiable_addresses` and `traits`.
+
+### Nested templates
+
+You can use nested templates to render `email.subject.gotmpl`,
+`email.body.gotmpl` and `email.body.plaintext.gotmpl` templates.
+
+#### Example: i18n customization
+
+Using nested templates, you can either use in-line template definitions, or as
+in this example, use separate templates. In this example, we will define the
+email body for recovery e-mails. Assuming that we have an attribute named `lang`
+that contains the required language in the `traits` of the identity, we can
+define our templates as indicated below.
+
+```txt file="<template-root>/recovery/valid/email.body.gotmpl"
+
+{{- if eq .Identity.traits.language "de" -}}
+{{ template "email.body.de.gotmpl" . }}
+{{- else -}}
+{{ template "email.body.en.gotmpl" . }}
+{{- end -}}
+<a href="{{ .RecoveryURL }}">{{.RecoveryURL }}</a>
+```
+
+```txt file="<template-root>/recovery/valid/email.body.de.gotmpl"
+
+Hallo {{ upper .Identity.traits.firstName }},
+
+Um Ihr Konto wiederherzustellen, klicken Sie bitte auf den folgenden Link:
+```
+
+```txt file="<template-root>/recovery/valid/email.body.en.gotmpl"
+
+
+Hello {{ upper .Identity.traits.firstName }},
+
+to recover your account, please click on the link below:
+```
+
+As indicated by the example, we need a root template, which is the
+`email.body.gotmpl` template, and then we define sub templates that conform to
+the following pattern: `email.body*`. You can also see that the `Identity` of
+the user is available in all templates, and that you can use Sprig functions
+also in the nested templates.
+
 ### Custom Headers
 
 You can configure custom SMTP headers. For example, if integrating with AWS SES

docs/versioned_docs/version-v0.8/concepts/ui-user-interface.mdx

@@ -1504,6 +1504,16 @@ will be overwritten!
 }
 ```
 
+###### Email (1070007)
+
+```json
+{
+  "id": 1070007,
+  "text": "Email",
+  "type": "info"
+}
+```
+
 ###### {reason} (4000001)
 
 ```json
@@ -1549,8 +1559,8 @@ will be overwritten!
   "text": "\"{value}\" is not valid \"{format}\"",
   "type": "error",
   "context": {
-    "actual_value": "{value}",
-    "expected_format": "{format}"
+    "expected_format": "{format}",
+    "actual_value": "{value}"
   }
 }
 ```

docs/versioned_docs/version-v0.8/debug/csrf.mdx

@@ -84,9 +84,13 @@ to the SecureApp's Dashboard. Alternatively you can use piping in your app as we
 do in the Quickstart guide.
 
 We do not recommend running them on separate subdomains, e.g.
-`https://kratos.my-website/` and `https://secureapp.my-website/`).
+`https://kratos.my-website/` and `https://secureapp.my-website/`.
 
-Running the apps on different TLDs will not work at all, e.g. e.g.
+To allow cookies to work across subdomains, make sure to set the domain name in
+the Kratos config file under
+[`session.cookie.domain`](https://www.ory.sh/kratos/docs/next/guides/configuring-cookies/#session-cookies).
+
+Running the apps on different TLDs will not work at all, e.g.
 `https://kratos-my-website/` and `https://secureapp-my-website/`.
 
 Running the services on different ports however is ok, if the domain stays the

docs/versioned_docs/version-v0.8/guides/zero-trust-iap-proxy-identity-access-proxy.mdx

@@ -40,7 +40,7 @@ Clone the Ory Kratos repository and fetch the latest images:
 ```shell script
 git clone https://github.com/ory/kratos.git
 cd kratos
-git checkout v0.8.0-alpha.3
+git checkout v0.8.0-alpha.4.pre.0
 
 ```
 

docs/versioned_docs/version-v0.8/install.md

@@ -11,7 +11,7 @@ binaries, Docker images, and support various package managers.
 We recommend using Docker to run Ory Kratos:
 
 ```shell
-$ docker pull oryd/kratos:v0.8.0-alpha.3
+$ docker pull oryd/kratos:v0.8.0-alpha.4.pre.0
 $ docker run --rm -it oryd/kratos help
 ```
 
@@ -23,7 +23,6 @@ You can find more detailed information on the official Kratos docker images
 You can install Ory Kratos using [homebrew](https://brew.sh/) on macOS:
 
 ```shell
-$ brew tap ory/tap
 $ brew install ory/tap/kratos
 $ kratos help
 ```
@@ -34,7 +33,7 @@ On linux, you can use `bash <(curl ...)` to fetch the latest stable binary
 using:
 
 ```shell
-$ bash <(curl https://raw.githubusercontent.com/ory/kratos/v0.8.0-alpha.3/install.sh) -b . v0.8.0-alpha.3
+$ bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -d -b . kratos v0.8.0-alpha.4.pre.0
 $ ./kratos help
 ```
 
@@ -51,7 +50,7 @@ You can install Ory Kratos using [scoop](https://scoop.sh) on Windows
 (Powershell is required):
 
 ```shell
-> scoop bucket add ory-kratos https://github.com/ory/scoop-kratos.git
+> scoop bucket add ory https://github.com/ory/scoop.git
 > scoop install kratos
 > kratos help
 ```