Changelog
Table of Contents
- 0.0.0 (2023-05-17)
- 2.1.1 (2023-04-11)
- 2.1.0 (2023-04-06)
- 2.1.0-pre.2 (2023-04-03)
- 2.1.0-pre.1 (2023-04-03)
- 2.1.0-pre.0 (2023-03-31)
- 2.0.3 (2022-12-08)
- 2.0.2 (2022-11-10)
- 2.0.1 (2022-10-27)
- 2.0.0 (2022-10-27)
- 1.11.10 (2022-08-25)
- 1.11.9 (2022-08-01)
- 1.11.8 (2022-05-04)
- 1.11.7 (2022-02-23)
- 1.11.6 (2022-02-23)
- 1.11.5 (2022-02-21)
- 1.11.4 (2022-02-16)
- 1.11.3 (2022-02-15)
- 1.11.2 (2022-02-11)
- 1.11.1 (2022-02-11)
- 1.11.0 (2022-01-21)
- 1.10.7 (2021-10-27)
- 1.10.6 (2021-08-28)
- 1.10.5 (2021-08-13)
- 1.10.3 (2021-07-14)
- 1.10.2 (2021-05-04)
- 1.10.1 (2021-03-25)
- 1.9.2 (2021-01-29)
- 1.9.1 (2021-01-27)
- 1.9.0 (2021-01-12)
- 1.9.0-rc.0 (2021-01-12)
- 1.9.0-alpha.4.pre.0 (2021-01-12)
- 1.9.0-alpha.3 (2020-12-08)
- 1.9.0-alpha.2 (2020-10-29)
- 1.9.0-alpha.1 (2020-10-20)
- 1.8.5 (2020-10-03)
- 1.8.0-pre.1 (2020-10-03)
- 1.8.0-pre.0 (2020-10-02)
- 1.7.4 (2020-08-31)
- 1.7.3 (2020-08-31)
- 1.7.1 (2020-08-31)
- 1.7.0 (2020-08-14)
- 1.6.0 (2020-07-20)
- 1.5.2 (2020-06-23)
- 1.5.1 (2020-06-16)
- 1.5.0 (2020-06-16)
- 1.5.0-beta.5 (2020-05-28)
- 1.5.0-beta.3 (2020-05-23)
- 1.5.0-beta.2 (2020-05-23)
- 1.5.0-beta.1 (2020-04-30)
- 1.4.10 (2020-04-30)
- 1.4.9 (2020-04-25)
- 1.4.8 (2020-04-24)
- 1.4.7 (2020-04-24)
- 1.4.6 (2020-04-17)
- 1.4.5 (2020-04-16)
- 1.4.3 (2020-04-16)
- 1.4.2 (2020-04-03)
- 1.4.1 (2020-04-02)
- 1.4.0 (2020-04-02)
- 1.3.2 (2020-02-17)
- 1.3.1 (2020-02-16)
- 1.3.0 (2020-02-14)
- 1.2.3 (2020-01-31)
- 1.2.2 (2020-01-23)
- 1.2.1 (2020-01-15)
- 1.2.0 (2020-01-08)
- 1.2.0-alpha.3 (2020-01-08)
- 1.2.0-alpha.2 (2020-01-08)
- 1.2.0-alpha.1 (2020-01-07)
- 1.1.1 (2019-12-19)
- 1.1.0 (2019-12-16)
- 1.0.9 (2019-11-02)
- 1.0.8 (2019-10-04)
- 1.0.7 (2019-09-29)
- 1.0.6 (2019-09-29)
- 1.0.5 (2019-09-28)
- 1.0.4 (2019-09-26)
- 1.0.3 (2019-09-23)
- 1.0.2 (2019-09-18)
- 1.0.1 (2019-09-04)
- 1.0.0 (2019-06-24)
- 1.0.0-rc.16 (2019-06-13)
- 1.0.0-rc.15 (2019-06-05)
- 1.0.0-rc.14 (2019-05-18)
- 1.0.0-rc.12 (2019-05-10)
- 0.0.1 (2019-05-08)
- 1.0.0-rc.11 (2019-05-02)
- 1.0.0-rc.10 (2019-04-29)
- 1.0.0-rc.9+oryOS.10 (2019-04-18)
- 1.0.0-rc.8+oryOS.10 (2019-04-03)
- 1.0.0-rc.7+oryOS.10 (2019-04-02)
- 1.0.0-rc.6+oryOS.10 (2018-12-18)
- 1.0.0-rc.5+oryOS.10 (2018-12-13)
- 1.0.0-rc.4+oryOS.9 (2018-12-12)
- 1.0.0-rc.3+oryOS.9 (2018-12-06)
- 1.0.0-rc.2+oryOS.9 (2018-11-21)
- 1.0.0-rc.1+oryOS.9 (2018-11-21)
- 1.0.0-beta.9 (2018-09-01)
- 1.0.0-beta.8 (2018-08-10)
- 1.0.0-beta.7 (2018-07-16)
- 1.0.0-beta.6 (2018-07-11)
- 1.0.0-beta.5 (2018-07-07)
- 1.0.0-beta.4 (2018-06-13)
- 1.0.0-beta.3 (2018-06-13)
- 1.0.0-beta.2 (2018-05-29)
- 1.0.0-beta.1 (2018-05-29)
- 0.11.10 (2018-03-19)
- 0.11.12 (2018-04-08)
- 0.11.9 (2018-03-10)
- 0.11.7 (2018-03-03)
- 0.11.6 (2018-02-07)
- 0.11.10 (2018-03-19)
- 0.11.9 (2018-03-10)
- 0.11.7 (2018-03-03)
- 0.11.6 (2018-02-07)
- 0.11.4 (2018-01-23)
- 0.11.3 (2018-01-23)
- 0.11.2 (2018-01-22)
- 0.11.1 (2018-01-18)
- 0.11.0 (2018-01-08)
- 0.10.10 (2017-12-16)
- 0.10.9 (2017-12-13)
- 0.10.8 (2017-12-12)
- 0.10.7 (2017-12-09)
- 0.10.6 (2017-12-09)
- 0.10.5 (2017-12-09)
- 0.10.4 (2017-12-09)
- 0.10.3 (2017-12-08)
- 0.10.2 (2017-12-08)
- 0.10.1 (2017-12-08)
- 0.10.0 (2017-12-08)
- 0.10.0-alpha.21 (2017-11-27)
- 0.10.0-alpha.20 (2017-11-26)
- 0.10.0-alpha.19 (2017-11-26)
- 0.10.0-alpha.18 (2017-11-06)
- 0.10.0-alpha.17 (2017-11-06)
- 0.10.0-alpha.16 (2017-11-06)
- 0.10.0-alpha.15 (2017-11-06)
- 0.10.0-alpha.14 (2017-11-06)
- 0.10.0-alpha.13 (2017-11-06)
- 0.10.0-alpha.12 (2017-11-06)
- 0.10.0-alpha.10 (2017-10-26)
- 0.10.0-alpha.9 (2017-10-25)
- 0.10.0-alpha.8 (2017-10-18)
- 0.9.14 (2017-10-06)
- 0.10.0-alpha.7 (2017-10-06)
- 0.10.0-alpha.6 (2017-10-05)
- 0.10.0-alpha.5 (2017-10-05)
- 0.10.0-alpha.4 (2017-10-05)
- 0.10.0-alpha.3 (2017-10-05)
- 0.10.0-alpha.2 (2017-10-05)
- 0.10.0-alpha.1 (2017-10-05)
- 0.9.13 (2017-09-26)
- 0.9.12 (2017-07-06)
- 0.9.11 (2017-06-30)
- 0.9.10 (2017-06-29)
- 0.9.9 (2017-06-17)
- 0.9.8 (2017-06-17)
- 0.9.7 (2017-06-16)
- 0.9.6 (2017-06-15)
- 0.9.5 (2017-06-15)
- 0.9.4 (2017-06-14)
- 0.9.3 (2017-06-14)
- 0.9.2 (2017-06-13)
- 0.9.1 (2017-06-12)
- 0.9.0 (2017-06-07)
- 0.8.7 (2017-06-05)
- 0.8.6 (2017-06-05)
- 0.8.5 (2017-06-01)
- 0.8.4 (2017-05-24)
- 0.8.3 (2017-05-23)
- 0.8.2 (2017-05-10)
- 0.8.1 (2017-05-08)
- 0.8.0 (2017-05-07)
- 0.7.13 (2017-05-03)
- 0.7.12 (2017-04-30)
- 0.7.11 (2017-04-28)
- 0.7.10 (2017-04-14)
- 0.7.9 (2017-04-02)
- 0.7.8 (2017-03-24)
- 0.7.7 (2017-02-11)
- 0.7.6 (2017-02-11)
- 0.7.3 (2017-01-22)
- 0.7.2 (2017-01-02)
- 0.7.1 (2016-12-30)
- 0.7.0 (2016-12-30)
- 0.6.10 (2016-12-26)
- 0.6.9 (2016-12-20)
- 0.6.8 (2016-12-06)
- 0.6.7 (2016-12-04)
- 0.6.6 (2016-12-04)
- 0.6.5 (2016-11-28)
- 0.6.4 (2016-11-22)
- 0.6.3 (2016-11-17)
- 0.6.2 (2016-11-05)
- 0.6.1 (2016-10-26)
- 0.6.0 (2016-10-25)
- 0.5.8 (2016-10-06)
- 0.5.7 (2016-10-04)
- 0.5.6 (2016-10-03)
- 0.5.5 (2016-09-29)
- 0.5.4 (2016-09-29)
- 0.5.3 (2016-09-29)
- 0.5.2 (2016-09-23)
- 0.5.1 (2016-09-22)
- 0.4.3 (2016-09-03)
- 0.4.2-alpha.3 (2016-09-02)
- 0.4.2-alpha.2 (2016-09-01)
- 0.4.2-alpha.1 (2016-09-01)
- 0.4.2-alpha (2016-09-01)
- 0.4.1 (2016-08-18)
- 0.3.1 (2016-08-17)
- 0.3.0 (2016-08-09)
- 0.2.0 (2016-08-09)
0.0.0 (2023-05-17)
Bug Fixes
-
Do not use prepared SQL statements and bump deps (#3506) (31b9e66)
-
sql: Incorrect JWK query (#3499) (13ce0d6):
persister_grant_jwkhad an OR statement without bracket leading to not using the last part of the query.
Documentation
Features
2.1.1 (2023-04-11)
Resolve a regression in looking up access and refresh tokens.
Bug Fixes
Code Generation
- Pin v2.1.1 release commit (6efae7c)
2.1.0 (2023-04-06)
We are excited to share this year's Q1 release of Ory Hydra: v2.1.0!
Highlights:
- Support for Datadog tracing (#3431).
- Ability to skip consent for trusted clients (#3451).
- Setting access token type in the OAuth2 Client is now possible (#3446).
- Revoke login sessions by SessionID (#3450).
- Session lifespan extended on session refresh (#3464).
- Token request hooks added for all grant types (#3427).
- Reduced SQL tracing noise (#3481).
Don't want to run the upgrade yourself? Switch to Ory Network!
Bug Fixes
Code Generation
- Pin v2.1.0 release commit (3649832)
2.1.0-pre.2 (2023-04-03)
autogen: pin v2.1.0-pre.2 release commit
Code Generation
- Pin v2.1.0-pre.2 release commit (3b1d87e)
2.1.0-pre.1 (2023-04-03)
autogen: pin v2.1.0-pre.1 release commit
Code Generation
- Pin v2.1.0-pre.1 release commit (2289e6b)
2.1.0-pre.0 (2023-03-31)
autogen: pin v2.1.0-pre.0 release commit
Bug Fixes
- Append /v2 to module path (f56e5fa)
- Broken OIDC compliance images (#3454) (50bc1b4)
- Clean up unused code (488f930)
- Ensure RSA key length fullfills 4096bit requirement (#2905) (#3402) (a663927)
- Migration typo (#3453) (ed27c10)
- No longer use separate public and private keys in HSM key manager (#3401) (375bd5a)
- Pin nancy (0156556)
- Release issue (115da11)
- Support allowed_cors_origins with client_secret_post (#3457) (ffe4943), closes #3456
- Use correct default value (#3469) (2796d53), closes #3420
Code Generation
- Pin v2.1.0-pre.0 release commit (61f342c)
Documentation
Features
-
Add ability to revoke login sessions by SessionID (#3450) (b42482b), closes #3448:
API
revokeOAuth2LoginSessionscan now revoke a single session by a SessionID (sidclaim in the id_token) and execute an OpenID Connect Back-channel logout. -
Add session cookie path configuration (#3475) (af9fa81), closes #3473
-
Add token request hooks for all grant types (#3427) (9bdf225), closes #3244:
Added a generic token hook that is called for all grant types and includes
payloadwith a single allowed value -assertionto cover thejwt-bearergrant type customization.The existing
refresh token hookis left unchanged and is considered to be deprecated in favor of the new hook logic. Therefresh token hookwill at some point be removed. -
Allow setting access token type in client (#3446) (a6beed4):
The access token type (
jwtoropaque) can now be set in the client configuration. The value set here will overwrite the global value for all flows concerning that client. -
Allow skipping consent for trusted clients (#3451) (4f65365):
This adds a new boolean parameter
skip_consentto the admin APIs of the OAuth clients. This parameter will be forwarded to the consent app asclient.skip_consent.It is up to the consent app to act on this parameter, but the canonical implementation accepts the consent on the user's behalf, similar to when
skipis set. -
Extend session lifespan on session refresh (#3464) (7511436), closes #1690 #1557 #2246 #2848:
It is now possible to extend session lifespans when accepting login challenges.
-
Render complete config schema during CI (#3433) (ae3e781):
-
chore: bump ory/x
-
chore: script to render the complete config
-
2.0.3 (2022-12-08)
Bugfixes for migration and pagination regressions and a new endpoint.
Bug Fixes
-
Add
client_idandclient_secrettorevokeOAuth2Token(#3373) (93bac07) -
Docker build (48217bd)
-
Invalidate tokens with inconsistent state (#3385) (542ea77), closes #3346:
This patch includes SQL migrations targeting environments which have not yet migrated to Ory Hydra 2.0. It removes inconsistent records which resolves issues during the migrations process. Please be aware that some users might be affected by this change. They might need to re-authorize certain apps. However, most active records should not be affected by this.
Installations already on Ory Hydra 2.0 will not be affected by this change.
-
No longer auto-generate system secret (c5fe043):
This patch changes Ory Hydra's behavior to no longer auto-generate a temporary secret when no global secret was set. The APIs now return an error instead.
See ory/network#185
-
Prevent multiple redirections to post logout url (#3366) (50666b9), closes #3342
Code Generation
- Pin v2.0.3 release commit (16831c5)
Features
2.0.2 (2022-11-10)
This release resolves bugs and SDK publishing issues.
Bug Fixes
-
Correct migration file name (01f80a8)
-
Incorrect consent removal on authentication revokation (ccf2388):
This patch resolves a regression where, in a certain condition, an accepted consent could be incorrectly deleted when the related authentication session was removed.
-
Isolate transactions for crdb (f22046f)
-
Scope type should be string instead of int (#3337) (f59f1c6):
Closes ory/sdk#223
Code Generation
- Pin v2.0.2 release commit (ce96826)
Documentation
- Add refresh token grant type (c752125)
- Fix typo (dcfd11f)
- Standardize license headers (#3216) (d768cf6)
- Update README link (6184b6a)
Features
Tests
2.0.1 (2022-10-27)
Resolves an issues with post-release steps and adds the introspect command to the Ory Hydra CLI.
Bug Fixes
- Add missing introspect command (c43aba3)
- Bump quickstart images to 2.0.0 (8c763ad)
- Post-release steps with yq (b6300e3)
Code Generation
- Pin v2.0.1 release commit (403223c)
Documentation
2.0.0 (2022-10-27)
This milestone release impacts most of Ory’s installed base. While we are thrilled to unveil Ory Hydra 2.0, we would strongly suggest reading this document carefully and to the end.
Open Source software is not easy. Besides the community version Ory Hydra 2.0, Ory now provides the Ory OAuth2 & OpenID service on the Ory Network making this release a major event for Ory and the entire Ory Community.
Ory Hydra 2.0 is available now. Install the Ory CLI for the best developer experience.
bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -b . ory
sudo mv ./ory /usr/local/bin/
brew install ory/tap/clicreate a new project (you may also use Docker)
ory create project --name "Ory Hydra 2.0 Example"
project_id="{set to the id from output}"
and follow the quick & easy steps below.
Create an OAuth 2.0 Client, and run the OAuth 2.0 Client Credentials flow:
ory create oauth2-client --project $project_id \
--name "Client Credentials Demo" \
--grant-type client_credentials
client_id="{set to client id from output}"
client_secret="{set to client secret from output}"
ory perform client-credentials --client-id=$client_id --client-secret=$client_secret --project $project_id
access_token="{set to access token from output}"
ory introspect token $access_token --project $project_idTry out the OAuth 2.0 Authorize Code grant right away!
By accepting permissions openid and offline_access at the consent screen, Ory refreshes and OpenID Connect ID token,
ory create oauth2-client --project $project_id \
--name "Authorize Code with OpenID Connect Demo" \
--grant-type authorization_code \
--response-type code \
--redirect-uri ttp://127.0.0.1:4446/callback
code_client_id="{set to client id from output}"
code_client_secret="{set to client secret from output}"
ory perform authorization-code \
--project $project_id \
--client-id $code_client_id \
--client-secret $code_client_secret
code_access_token="{set to access token from output}"
ory introspect token $code_access_token --project $project_idWhat's changed in Ory Hydra 2.0?
OAuth 2.0 Token Exchange (RFC8693) is now fully supported, including the JSON Web Token profile!
Ory Identities is now compatible with the Ory OAuth2 Login and Consent Flow. This means, for example, that Ory Kratos can be the login provider for Ory Hydra with a bit of configuration.
The Ory Network enables has this integration as a default.
Ory Hydra 2.0 now natively supports key types such as ES256 for signing ID Tokens and OAuth 2.0 Access Tokens in JWT format.
Additionally, the key naming mechanism was updated to conform with industry best practices.
Ory Hydra 2.0 ships a complete refactoring of the internal database structure, reducing database storage at scale and optimizing query performance.
All primary keys are now UUIDs to avoid hotspots in distributed systems. Please note that as part of this change it is no longer possible to choose the OAuth 2.0 Client ID. Instead, Ory chooses the best-performing ID format for the petabyte scale.
Ory chose to denormalize tables that had a negative performance impact due to excessive JOIN statements.
Using BCrypt as the primary hashing algorithm for OAuth 2.0 Client Secrets creates excessive CPU consumption at scale. OAuth 2.0 Client Secrets are auto-generated in Ory Hydra 2.x, removing the need for excessive hashing costs.
The new PKBDF2 hasher can be fine-tuned to support hashing at scale without a significant threat model impact.
This section only applies in scenarios where Ory Hydra is working in a do-it-yourself fashion e.g. on Docker. An Ory Hydra 2.0 compatible service is already available on the Ory Network.
The database schema changed significantly from the previous structure. Please be aware that there might be a period where the database tables will be locked for writes while the upgrade runs.
A full backup of the database before upgrading is essential! We recommend trying out the upgrade on a copy of a production database first.
To run the SQL migrations using:
hydra migrate sql $DSN
Ory Hydra 1.x is a crucial service at Ory. Version 2.0 streamlines the APIs and SDKs to follow Ory API’s semantics and specification.
To better support TB-scale environments, the OAuth2 Client HTTP API's query
parameters for pagination have changed from limit and offset to page_token
and page_size. The page_token is an opaque string contained in the HTTP
Link Header, which expresses the next, previous, first, and last page.
Administrative endpoints now have an /admin prefix (e.g. POST /admin/keys instead of POST /keys). Existing administrative endpoints will redirect to this new prefixed path for backward compatibility.
HTTP endpoint /oauth2/flush, used to flush inactive access tokens was deprecated and has been removed. Please use hydra janitor instead.
To conform with the Ory V1 SDK, several SDK methods and payloads were renamed. Please check the CHANGELOG for a complete list of changes.
The iss (issuer) value no longer appends a trailing slash but instead uses the raw value set in the config.
Setting
urls:
self:
issuer: https://auth.example.comhas changed
- "iss": "https://auth.example.com/"
+ "iss": "https://auth.example.com"To set a trailing slash make sure to set it in the config value:
urls:
self:
issuer: https://auth.example.com/Flags --dangerous-allow-insecure-redirect-url and --dangerous-force-http have been removed. Use the --dev flag instead to denote a development environment with reduced security restrictions.
We now recommend using the Ory CLI to manage OAuth2 resources. As part of this restructuring, some of the commands were renamed. Here are some examples:
- hydra client create
+ ory create oauth2-client
- hydra clients list
+ ory list oauth2-clientsAdditionally, array arguments now use the singular form:
hydra create client \
- --redirect-uris foo --redirect-uris bar \
+ --redirect-uri foo --redirect-uri bar \
- --grant-types foo --grant-types bar \
+ --grant-type foo --grant-type bar \
- --response-types foo --response-types bar \
+ --response-type foo --response-type bar \
- --allowed-cors-origins foo --allowed-cors-origins bar \
+ --allowed-cors-origin foo --allowed-cors-origin bar \
- --post-logout-callbacks foo --post-logout-callbacks bar \
+ --post-logout-callback foo --post-logout-callback barTo manage resources in a do-it-yourself installation, continue using the hydra CLI.
Please check the CHANGELOG for a complete list of changes.
Ory Hydra 2.0 ships with support for OpenTelemetry. The previous telemetry solution using OpenTracing format is deprecated with this release.
Breaking Changes
SDK naming has changed for the following operations:
ory.
- V0alpha2Api.AdminDeleteOAuth2Token(context.Background()).
+ OAuth2Api.DeleteOAuth2Token(context.Background()).
ClientId("foobar").Execute()
ory.
- V0alpha2Api.RevokeOAuth2Token(
+ OAuth2Api.RevokeOAuth2Token(
context.WithValue(context.Background(), sdk.ContextBasicAuth, sdk.BasicAuth{
UserName: clientID,
Password: clientSecret,
})).Token(token).Execute()
ory.
- V0alpha2Api.AdminIntrospectOAuth2Token(context.Background()).
+ OAuth2Api.IntrospectOAuth2Token(context.Background()).
Token(token).
Scope("foo bar")).Execute()SDK naming has changed for the following operations:
ory.
- V0alpha2Api.DiscoverJsonWebKeys(context.Background()).
+ WellknownApi.DiscoverJsonWebKeys(context.Background()).
Execute()
ory.
- V0alpha2Api.AdminGetJsonWebKeySet(context.Background(), setID).
+ JwkApi.GetJsonWebKeySet(context.Background(), setID).
Execute()
ory.
- V0alpha2Api.AdminGetJsonWebKey(context.Background(), setID, keyID).
+ JwkApi.GetJsonWebKey(context.Background(), setID, keyID).
Execute()
ory.
- V0alpha2Api.AdminCreateJsonWebKeySet(context.Background(), setID).
- AdminCreateJsonWebKeySetBody(hydra.AdminCreateJsonWebKeySetBody{
- Alg: "RS256",
- Use: "sig",
+ JwkApi.CreateJsonWebKeySet(context.Background(), setID).
+ CreateJsonWebKeySet(hydra.CreateJsonWebKeySet{
+ Alg: "RS256",
+ Use: "sig",
}).Execute()
ory.
- V0alpha2Api.AdminUpdateJsonWebKey(context.Background(), setID, keyID).
+ JwkApi.SetJsonWebKey(context.Background(), setID, keyID).
JsonWebKey(jsonWebKey).Execute()
ory.
- V0alpha2Api.AdminUpdateJsonWebKeySet(context.Background(), setID).
+ JwkApi.SetJsonWebKeySet(context.Background(), setID).
JsonWebKeySet(jsonWebKeySet).Execute()
ory.
- V0alpha2Api.AdminDeleteJsonWebKey(context.Background(), setID, keyID).
JwkApi.DeleteJsonWebKey(context.Background(), setID, keyID).
Execute()
ory.
- V0alpha2Api.AdminDeleteJsonWebKeySet(context.Background(), setID).
JwkApi.DeleteJsonWebKeySet(context.Background(), setID).
Execute()SDK naming has changed for the following operations:
ory.
- V0alpha2Api.DiscoverJsonWebKeys(context.Background()).
+ WellknownApi.DiscoverJsonWebKeys(context.Background()).
Execute()
ory.
- V0alpha2Api.AdminGetJsonWebKeySet(context.Background(), setID).
+ JwkApi.GetJsonWebKeySet(context.Background(), setID).
Execute()
ory.
- V0alpha2Api.AdminGetJsonWebKey(context.Background(), setID, keyID).
+ JwkApi.GetJsonWebKey(context.Background(), setID, keyID).
Execute()
ory.
- V0alpha2Api.AdminCreateJsonWebKeySet(context.Background(), setID).
- AdminCreateJsonWebKeySetBody(hydra.AdminCreateJsonWebKeySetBody{
- Alg: "RS256",
- Use: "sig",
+ JwkApi.CreateJsonWebKeySet(context.Background(), setID).
+ CreateJsonWebKeySet(hydra.CreateJsonWebKeySet{
+ Alg: "RS256",
+ Use: "sig",
}).Execute()
ory.
- V0alpha2Api.AdminUpdateJsonWebKey(context.Background(), setID, keyID).
+ JwkApi.SetJsonWebKey(context.Background(), setID, keyID).
JsonWebKey(jsonWebKey).Execute()
ory.
- V0alpha2Api.AdminUpdateJsonWebKeySet(context.Background(), setID).
+ JwkApi.SetJsonWebKeySet(context.Background(), setID).
JsonWebKeySet(jsonWebKeySet).Execute()
ory.
- V0alpha2Api.AdminDeleteJsonWebKey(context.Background(), setID, keyID).
JwkApi.DeleteJsonWebKey(context.Background(), setID, keyID).
Execute()
ory.
- V0alpha2Api.AdminDeleteJsonWebKeySet(context.Background(), setID).
JwkApi.DeleteJsonWebKeySet(context.Background(), setID).
Execute()SDK naming has changed for the following operations:
ory.
- V0alpha2Api.AdminRevokeOAuth2ConsentSessions(cmd.Context()).
+ OAuth2Api.RevokeOAuth2ConsentSessions(context.Background()).
Client(clientId).Execute()
ory.
- V0alpha2Api.AdminListOAuth2SubjectConsentSessions(cmd.Context(), id).
+ OAuth2Api.RevokeOAuth2ConsentSessions(context.Background()).
Client(clientId).Execute()
ory.
- V0alpha2Api.AdminListOAuth2SubjectConsentSessions(context.Background()).
+ OAuth2Api.ListOAuth2ConsentSessions(context.Background()).
Subject(subjectId).Execute()
ory.
- V0alpha2Api.AdminRevokeOAuth2LoginSessions(context.Background()).
+ OAuth2Api.RevokeOAuth2LoginSessions(context.Background()).
Subject(subjectId).Execute()
ory.
- V0alpha2Api.AdminGetOAuth2LoginRequest(context.Background()).
+ OAuth2Api.GetOAuth2LoginRequest(context.Background()).
LoginChallenge(challenge).Execute()
ory.
- V0alpha2Api.AdminAcceptOAuth2LoginRequest(context.Background()).
+ OAuth2Api.AcceptOAuth2LoginRequest(context.Background()).
AcceptOAuth2LoginRequest(body).
LoginChallenge(challenge).Execute()
ory.
- V0alpha2Api.AdminRejectOAuth2LoginRequest(context.Background()).
+ OAuth2Api.RejectOAuth2LoginRequest(context.Background()).
RejectOAuth2Request(body).
LoginChallenge(challenge).Execute()
ory.
- V0alpha2Api.AdminGetOAuth2ConsentRequest(context.Background()).
+ OAuth2Api.GetOAuth2ConsentRequest(context.Background()).
ConsentChallenge(challenge).Execute()
ory.
- V0alpha2Api.AdminAcceptOAuth2ConsentRequest(context.Background()).
+ OAuth2Api.AcceptOAuth2ConsentRequest(context.Background()).
AcceptOAuth2ConsentRequest(body).
ConsentChallenge(challenge).Execute()
ory.
- V0alpha2Api.AdminRejectOAuth2ConsentRequest(context.Background()).
+ OAuth2Api.RejectOAuth2ConsentRequest(context.Background()).
RejectOAuth2Request().
ConsentChallenge(challenge).Execute()
ory.
- V0alpha2Api.AdminAcceptOAuth2LogoutRequest(context.Background()).
+ OAuth2Api.AcceptOAuth2LogoutRequest(context.Background()).
LogoutChallenge(challenge).
Execute()
ory.
- V0alpha2Api.AdminRejectOAuth2LogoutRequest(context.Background()).
+ OAuth2Api.RejectOAuth2LogoutRequest(context.Background()).
LogoutChallenge(challenge).
Execute()
ory.
V0alpha2Api.AdminGetOAuth2LogoutRequest(context.Background()).
+ OAuth2Api.GetOAuth2LogoutRequest(context.Background()).
LogoutChallenge(challenge).
Execute()
- var AlreadyHandledError HandledOAuth2LoginRequest
+ var AlreadyHandledError ErrorOAuth2LoginRequestAlreadyHandled
- var AlreadyHandledError HandledOAuth2LoginRequest
+ var AlreadyHandledError ErrorOAuth2ConsentRequestAlreadyHandled
- var OAuth2SuccessResponse SuccessfulOAuth2RequestResponse
+ var OAuth2SuccessResponse OAuth2RedirectToError models in the generated SDK have been renamed:
- oAuth2ApiError
+ errorOAuth2The SDK API for the following has changed:
// Go example
ory.
- V0alpha2Api.AdminUpdateOAuth2Client(cmd.Context(), id)
+ Oauth2Api.SetOAuth2Client(cmd.Context(), id).
OAuth2Client(client).Execute()
ory.
- V0alpha2Api.AdminGetOAuth2Client(cmd.Context(), id).
+ Oauth2Api.GetOAuth2Client(cmd.Context(), id).
Execute()
ory.
- V0alpha2Api.AdminDeleteOAuth2Client(cmd.Context(), id).
+ Oauth2Api.DeleteOAuth2Client(cmd.Context(), id).
Execute()
ory.
- V0alpha2Api.AdminCreateOAuth2Client(cmd.Context()).
+ Oauth2Api.CreateOAuth2Client(cmd.Context()).
OAuth2Client(client).Execute()
ory.
- V0alpha2Api.DynamicClientRegistrationGetOAuth2Client(cmd.Context(), id).
+ OidcApi.GetOidcDynamicClient(cmd.Context(), id).
Execute()
ory.
- V0alpha2Api.DynamicClientRegistrationGetOAuth2Client(cmd.Context()).
+ OidcApi.CreateOidcDynamicClient(cmd.Context()).
OAuth2Client(client).Execute()
ory.
- V0alpha2Api.DynamicClientRegistrationDeleteOAuth2Client(cmd.Context()).
+ OidcApi.DeleteOidcDynamicClient(cmd.Context()).
OAuth2Client(client).Execute()
ory.
- V0alpha2Api.DynamicClientRegistrationUpdateOAuth2Client(cmd.Context(), id).
+ OidcApi.SetOidcDynamicClient(cmd.Context(), id).
Execute()We removed compatibility with unsupported database versions (e.g. MySQL 5.6). Ory Hydra v2.x is now compatible with MySQL 8.0.13+, PostgreSQL 11.8+, CockroachDB v22.1.2+.
Configuration keys have changed:
serve: {
public: {
- access_log: {
+ request_log: {
disable_for_health: true
},
},
admin: {
- access_log: {
+ request_log: {
disable_for_health: true
},
}
}Rename SDK method from deleteOAuth2Token to adminDeleteOAuth2Token.
Rename SDK method from oauth2Token to performOAuth2TokenFlow.
Rename SDK method from introspectOAuth2Token to adminIntrospectOAuth2Token.
Rename SDK method from userinfo to getOidcUserInfo.
Rename SDK method from discoverOpenIDConfiguration to discoverOidcConfiguration.
Rename SDK method from listTrustedJwtGrantIssuers to adminListTrustedOAuth2JwtGrantIssuers.
Rename SDK method from deleteTrustedJwtGrantIssuer to adminDeleteTrustedOAuth2JwtGrantIssuer.
Rename SDK method from getTrustedJwtGrantIssuer to adminGetTrustedOAuth2JwtGrantIssuer.
Rename SDK method from trustJwtGrantIssuer to adminTrustOAuth2JwtGrantIssuer.
Rename SDK method from rejectLogoutRequest to adminRejectOAuth2LogoutRequest.
Rename SDK method from rejectConsentRequest to rejectOAuth2ConsentRequest.
Rename SDK method from acceptConsentRequest to adminAcceptOAuth2ConsentRequest.
Rename SDK method from getOAuth2ConsentRequest to adminGetOAuth2ConsentRequest.
Rename SDK method from rejectLoginRequest to rejectOAuth2LoginRequest.
Rename SDK method from acceptLoginRequest to adminAcceptOAuth2LoginRequest.
Rename SDK method from getLoginRequest to adminGetOAuth2LoginRequest.
Rename SDK method from revokeAuthenticationSession to adminRevokeOAuth2LoginSessions.
Rename SDK method from adminListSubjectConsentSessions to adminListOAuth2SubjectConsentSessions.
Rename SDK method from revokeConsentSessions to adminRevokeOAuth2ConsentSessions
This release updates SDK services from public and admin to v2. Methods exposed at the admin interface are now prefixed with admin (e.g. adminCreateJsonWebKeySet). Administrative endpoints now have an /admin prefix (e.g. POST /admin/keys). Existing administrative endpoints will redirect to this new prefixed path for backwards compatibility.
This release updates SDK services from public and admin to v2. Methods exposed at the admin interface are now prefixed with admin (e.g. adminCreateOAuth2Client). Administrative endpoints now have an /admin prefix (e.g. POST /admin/clients). Existing administrative endpoints will redirect to this new prefixed path for backwards compatibility.
The default names of cookies have changed:
- oauth2_authentication_csrf
+ ory_hydra_login_csrf
- oauth2_consent_csrf
+ ory_hydra_consent_csrf
- oauth2_authentication_session
+ ory_hydra_sessionUse the new configuration option to change the cookie names back to v1.x if required.
CLI flag --dangerous-force-http has been removed. Please use the --dev flag instead!
CLI flag --dangerous-allow-insecure-redirect-url has been removed. Please use the --dev flag instead!
The hydra token revoke command has been renamed to hydra revoke token and now supports structured output (JSON, tables, ...).
The hydra token introspect command has been renamed to hydra introspect token and now supports structured output (JSON, tables, ...).
The hydra token delete command has been renamed to hydra delete access-tokens and now supports structured output (JSON, tables, ...).
The hydra token client command has been renamed to hydra perform client-credentials and now supports structured output (JSON, tables, ...).
The hydra keys create|delete|get|import commands have changed to follow other Ory project's guidelines, including structured output and improved handling. They are now:
hydra create jwks
hydra get jwks
hydra delete jwks
hydra import jwk
Please head over to the documentation for more information or use the --help CLI flag for each command.
HTTP endpoint /oauth2/flush, used to flush inactive access token was deprecated and has been removed. Please use hydra janitor instead.
Command hydra clients import is now hydra import client.
Command hydra clients update is now hydra update client. Additionally, all flags are now singular:
hydra update client [client-id] \
- --redirect-uris foo --redirect-uris bar \
+ --redirect-uri foo --redirect-uri bar \
- --grant-types foo --grant-types bar \
+ --grant-type foo --grant-type bar \
- --response-types foo --response-types bar \
+ --response-type foo --response-type bar \
- --allowed-cors-origins foo --allowed-cors-origins bar \
+ --allowed-cors-origin foo --allowed-cors-origin bar \
- --post-logout-callbacks foo --post-logout-callbacks bar \
+ --post-logout-callback foo --post-logout-callback barTo better support TB-scale environments, the OAuth2 Client HTTP API's query parameters for pagination have changed from limit and offset to page_token and page_size. The page_token is an opaque string contained in the HTTP Link Header, which expresses the next, previous, first, and last page.
Command hydra clients list is now hydra list client. Please notice that the pagination flags have changed to --page-token and page-size!
Command hydra clients delete is now hydra delete client.
Command hydra clients get is now hydra get client.
Command hydra clients create is now hydra create client. Additionally, all flags are now singular:
hydra create client \
- --redirect-uris foo --redirect-uris bar \
+ --redirect-uri foo --redirect-uri bar \
- --grant-types foo --grant-types bar \
+ --grant-type foo --grant-type bar \
- --response-types foo --response-types bar \
+ --response-type foo --response-type bar \
- --allowed-cors-origins foo --allowed-cors-origins bar \
+ --allowed-cors-origin foo --allowed-cors-origin bar \
- --post-logout-callbacks foo --post-logout-callbacks bar \
+ --post-logout-callback foo --post-logout-callback barThis change is backwards compatible, but changes the default hashing algorithm to PBKDF2. To keep using BCrypt for hashing new OAuth2 Client Secrets set the following configuration option in your configuration file:
oauth2:
hashers:
algorithm: bcrypt
To improve security and scalability (in particular sharding), OAuth 2.0 Client IDs can no longer be chosen but are always assigned a random generated UUID V4. OAuth 2.0 Clients created with custom IDs before the v2.0 release will continue working with their legacy Client ID in Ory Hydra v2.x.
Additionally, the hydra create client command no longer supports flag --id and flag --callbacks has been renamed to --redirect-uris.
The iss (issuer) value no longer appends a trailing slash but instead uses the raw value set in the config.
Setting
urls:
self:
issuer: https://auth.example.comhas changed
- "iss": "https://auth.example.com/"
+ "iss": "https://auth.example.com"To set a trailing slash make sure to set it in the config value:
urls:
self:
issuer: https://auth.example.com/SDK object PatchDocument was renamed to JsonPatchDocument.
TLS is no longer enabled by default. We want to make deployments behind TLS termination easier. To expose Ory Hydra directly to the public internet, configure keys serve.<public|admin>.tls.
JSON Web Keys are no longer prefixed with public or private. This affects keys generated in Ory Hydra after upgrading to this patch. Existing keys are unaffected by this.
OAuth2 errors can no longer be returned in the legacy error format. Essentially, fields error_hint, error_debug have been removed. Option oauth2.include_legacy_error_fields has been removed.
The HS512 and HS256 JSON Web Key generators has been removed. It is now only possible to generate asymmetric keys in Ory Hydra. It will still be possible to save HS512 or HS256 keys.
if using MySQL, hydra_jwk/kid and hydra_oauth2_trusted_jwt_bearer_issuer/key_id may only contain ascii/utf-8 symbols 0-127
Encode MySQL columns hydra_oauth2_trusted_jwt_bearer_issuer/key_id and hydra_jwk/kid in ascii as a workaround for the 3072-byte index entry size limit1.
Signed-off-by: Grant Zvolsky grant@zvolsky.org
This patch merges four SQL Tables into a new table, deleting the old tables in the process. The migrations in this patch are expected to be applied offline. Please be aware that there are no down migrations, and if something goes wrong, data loss is possible. Always back up your database before applying migrations. For more information, see Hydra 2.x Migration Guide.
Rows with NULL login_challenge in hydra_oauth2_consent_request and corresponding hydra_oauth2_consent_request_handled are deleted as a side effect of the merge migration. This is done with the assumption that only a very small number of sessions, issued by pre-1.0 Hydra, will be affected. Please contact us if this assumption doesn't apply or if the deletion adversely affects your deployment.
Signed-off-by: Grant Zvolsky grant@zvolsky.org
Bug Fixes
-
Add CORS to public health handler (#3114) (02c6d5d):
Co-authored-by: Reaper barelyhuman@users.noreply.github.com
Co-authored-by: Patrik zepatrik@users.noreply.github.com Co-authored-by: Alano Terblanche Benehiko@users.noreply.github.com Co-authored-by: Reaper barelyhuman@users.noreply.github.com
-
Add json1 tag everywhere (dd1d733)
-
Add missing down migrations (a98c067)
-
Allow retries of unused login & consent requests (51a586b), closes #2914 #3085 #2824
-
Cache migration status (7e25fdb)
-
cli: Output format issues (fe3c899)
-
Cockroach migration fixes (7bed244)
-
Compile errors (d1f5a0e)
-
Compile issue (83983c2)
-
Compile issues (68cb7d5)
-
Conditionals in db-diff (a006b04)
-
config: Add default to supported types. (f4812c8)
-
config: Correct salt detection (2b6350c)
-
config: Disallow additional properties (9022769)
-
config: Support number (ab6a9ee)
-
ConfirmLoginSession, missing FKs; add tests (1f7bf40)
-
Conformity health check (e163c80)
-
Consistently use RS256 in hot reloading (6376135)
-
Default back to RS256 keys (891fb55)
-
Disable NID tests with HSM enabled (142cd13):
We currently don't support NID isolation in combination with HSM.
-
Docker image build (1d8a8ff)
-
Docker instructions (063f61b)
-
Dont close crdb for reuse purposes (11587ae)
-
Fix hydra_client pk change mysql down migration (#2791) (560acce)
-
Fix unbatched select in flushInactiveTokens (a5cc6ea):
chore: code review
chore: format
don't delete more tokens than expected.
correct test.
add nid in flush tokens.
-
Handle server error when refresh token requests come same time (#3207) (b0196c0)
-
Hsm compile issues (8571a67)
-
HSM test (ca748a1)
-
hsm: Public key extraction (57cf46c)
-
hsm: Public key extraction everywhere (c9c2e01)
-
Ignore cypress screenshots in git (668a319)
-
Improve duration pattern (6c8dda8)
-
Improve health check reporting (1bd0c52)
-
Improve jwk generator defaults (ece5ca6)
-
Improve lazy initialization of JWKs (8cffc5b)
-
Improve migration status speed (1a4abd6)
-
Improve time validation (b32ff33)
-
Incorrect queries (255b4e2)
-
jwk: Expose correct metadata algorithms (0a786b7)
-
Lazy load PKI (d65aa3a)
-
Lint issues (72a5cd8)
-
Make servicelocator explicit (3a26385)
-
Move to v0alpha2 api spec (a364db4)
-
Mysql slice delete (c56b958):
- Add a workaround for mysql slice delete
- Optimize logout verification (save 1 db rountrip)
- Update a test to use StaticContextualizer & revert CleanAndMigrate workaround
- Ensure a Client generated with faker satisfies the DB schema
- Remove unused argument from HandleConsentRequest
-
mysql: Fix mysql key too long error (ba16958)
-
oauth2: Incorrect TTL override (7893a98)
-
Optimise sql update to avoid redundant writes (#3289) (1aa6cc4), closes #3137:
The SQL update here would potentially update a lot of rows, which did not need updating. In some DB engines, this would not be an issue, because the redundant writes are ignored. But on PostgreSQL engines, it is another story; here it would actually carry out the writes, leading to a potentially high number of redundant iops when the engine is vaccuming outdated records. With this change, the SQL update will only affect the rows which is not in the desired state already.
-
Pop compile issue (3e7b6b4)
-
Prefix paths correctly with /admin (e130dfa)
-
Regression in database layer (1d78e79)
-
Remove deprecated config value (8994190)
-
Remove goswagger generated client (e2c8809)
-
Remove incorrect aliases (2a20080)
-
Remove obsolete type patches (e670d68)
-
Remove unnecessary load of TLS certificates at boot (13691d3)
-
Remove unused swagger struct (4ff0690)
-
Replace of consent session expires values (e1731ba)
-
Resolve a merge conflict in migration_test (#2811) (acb16c1)
-
Resolve conformance build issues (f6ee1d3)
-
Resolve internal SDK regressions (937e6ba)
-
Resolve merge conflicts (6eee09c)
-
Resolve migration regressions (5552e4d)
-
Resolve test issues and regressions introduced by the new JWK generator (77b1ac7)
-
Resolve token prefix regression (1fd6ea3)
-
Retry transient crdb transaction failures (f0f3139)
-
Revert latest docker image changes (#3286) (f2daa7d):
Closes #3285
-
Revert to normal crdb (c9a248d)
-
sdk: GenericError type (21c579a)
-
sdk: Make session uniquely named (468e27d)
-
sdk: Omit DefaultSession (954aa5f)
-
sdk: Remove pattern from scope parameter (1332fe6), closes #3142
-
sdk: Resolve type issues and regenerate SDK (6880fea)
-
sdk: Use correct struct for response (04b308f)
-
Speed up health checks (eafa2bb)
-
Support issuer with and without trailing slash (d746fa4), closes #1482
-
Update benchmark script (63a84de)
-
Use --yes flag in db-diff (36ddb61)
-
Use config func everywhere (d1af32d)
-
Use correct context (3ceefd7)
-
Use CreateWith (9fbbbdf)
-
Use StringSliceJSONFormat instead of StringSlicePipeDelimiter (#3112) (1d9891d):
Closes #2859
Code Generation
- Pin v2.0.0 release commit (4d83a28)
Code Refactoring
-
hydra keyscommand (e466d7c) -
hydra token clientcommand (81e79f2) -
hydra token deletecommand (aa338e1) -
hydra token introspectcommand (da3e2b4) -
hydra token revokecommand (42e75c3) -
CLI environment variables
HYDRA_URLhas been renamed toORY_SDK_URL(08bbbab):BREKAING CHANGE: To follow ecosystem convention, environment variables
HYDRA_URL,HYDRA_ADMIN_URLhave been renamed toORY_SDK_URL. -
client: Make OAuth2 Client IDs system-chosen and immutable (4002224), closes #2911
-
client: Rename SDK methods and introduce
/adminprefix (0752721) -
client: Replace limit and offset parameters with page_token and page_size (23585b5)
-
consent: Rename SDK method from
acceptConsentRequesttoadminAcceptOAuth2ConsentRequest(5885ab3) -
consent: Rename SDK method from
acceptLoginRequesttoadminAcceptOAuth2LoginRequest(fa27d0c) -
consent: Rename SDK method from
adminListSubjectConsentSessionstoadminListOAuth2SubjectConsentSessions(bb51ba0) -
consent: Rename SDK method from
getLoginRequesttoadminGetOAuth2LoginRequest(9053040) -
consent: Rename SDK method from
getOAuth2ConsentRequesttoadminGetOAuth2ConsentRequest(475efbc) -
consent: Rename SDK method from
rejectConsentRequesttorejectOAuth2ConsentRequest(e0e3da9) -
consent: Rename SDK method from
rejectLoginRequesttorejectOAuth2LoginRequest(37a8839) -
consent: Rename SDK method from
rejectLogoutRequesttoadminRejectOAuth2LogoutRequest(cdffa1e) -
consent: Rename SDK method from
revokeAuthenticationSessiontoadminRevokeOAuth2LoginSessions(0a5ebe8) -
consent: Rename SDK method from
revokeConsentSessionstoadminRevokeOAuth2ConsentSessions(1108409) -
Deprecate
--dangerous-allow-insecure-redirect-urlflag (46b5887) -
Deprecate
--dangerous-force-httpflag (062734e) -
Drop TLS by default (edb042e)
-
Environment variable
DATABASE_URLhas been deprecated (8023d2a) -
Finalize consent SDK methods (53d225a)
-
Generated UUID variant & version test (#2793) (697813e), closes #2792
-
Improve performance and reduce data use of consent persistence layer (#2836) (53862f2):
This patch changes the internal data structure and reduces four (sort of redundant) tables into one. As part of this change, a few new tools have been added:
-
Introduce the
hydra sql gencommand and a convenience Make target with autocompletion. The command reads migration templates from a source directory and produces migration files in a target directory. Its main function is to split a single source file into multiple files using split marks. -
Introduce the
hack/db-diff.shcommand to generate database schema diffs at different commits. This script is used to view and review the impact of migrations on the database schema.
-
-
jwk: No longer prefix keys with
publicorprivate(5e2ea0b) -
jwk: Rename SDK methods and introduce
/adminprefix (cd007bb) -
Make commands easier to consume (cc9d9e5)
-
oauth2: Clean up changes (c12b45c)
-
oauth2: Rename SDK method from
deleteOAuth2TokentoadminDeleteOAuth2Token(ea4caf7) -
oauth2: Rename SDK method from
discoverOpenIDConfigurationtodiscoverOidcConfiguration(df467a0) -
oauth2: Rename SDK method from
introspectOAuth2TokentoadminIntrospectOAuth2Token(f2bd9a3) -
oauth2: Rename SDK method from
oauth2TokentoperformOAuth2TokenFlow(51b58e7) -
oauth2: Rename SDK method from
userinfotogetOidcUserInfo(4e554e7) -
Remove
/oauth2/flushendpoint (17c226c) -
Remove
oauth2.include_legacy_error_fieldsconfig (148cadb) -
Remove HS512 and HS256 jwk key generator (5fb3049)
-
Rename
access_logtorequest_log(223c8bc) -
Rename
hydra clients createcommand (76eb93c):Renames the command to
hydra create clientand changes CLI flags. -
Rename
hydra clients deletecommand (dea2fdd):Renames the command to
hydra delete clientand changes CLI flags. -
Rename
hydra clients getcommand (edd4b43):Renames the command to
hydra get clientand changes CLI flags. -
Rename
hydra clients importcommand (7de7841):The
hydra clients importcommand now supports reading from STDIN as well as the file system, and ships with output formats such asjsonandjson-pretty. -
Rename
hydra clients listcommand (1c0f971):Renames the command to
hydra list clientand changes CLI flags. -
Rename
hydra clients updatecommand (7482b77) -
Replace custom key generator with jose key generator (d2d5512):
Closes #1825
-
sdk: Consent SDK (e800002)
-
sdk: JSON Web Key SDK API (06d565e)
-
sdk: OAuth 2.0 Trust Relationship SDK (b0a2b05)
-
sdk: OAuth2 SDK API (142b55f)
-
sdk: Rename errors (6b60156)
-
sdk: Rename oauth2 client operations and payloads (cb742ad)
-
sdk: Rename PatchDocument to JsonPatchDocument (a54ea69)
-
trust: Rename SDK method from
deleteTrustedJwtGrantIssuertoadminDeleteTrustedOAuth2JwtGrantIssuer(e0be7cf) -
trust: Rename SDK method from
getTrustedJwtGrantIssuertoadminGetTrustedOAuth2JwtGrantIssuer(210116e) -
trust: Rename SDK method from
listTrustedJwtGrantIssuerstoadminListTrustedOAuth2JwtGrantIssuers(cb7b9e0) -
trust: Rename SDK method from
trustJwtGrantIssuertoadminTrustOAuth2JwtGrantIssuer(7edf8df)
Documentation
- Add required key to all versions in the version schema (#3233) (ac61740)
- Clarify command usage strings (34cde51)
- Remove mention of CircleCI (#3240) (75f7b50)
- Update config key descriptions (919170f)
Features
-
Add
db.ignore_unknown_table_columnsconfiguration property (#3192) (#3193) (5842946):The property allows to ignore scan errors when columns in the SQL result have no fields in the destination struct.
-
Add ability to allow token refresh from hook without overriding the session claims (#3146) (afa2ea0), closes #3082
-
Add new key
serve.public.tls.enabled(ecacc6d) -
Add SQLite dependency to SQLite Dockerfile (#3282) (841a153)
-
Add tag descriptions (c111a4c)
-
Add token prefixes (60bab08), closes #2845:
This patch adds token prefixes to access tokens (
ory_at_), refresh tokens (ory_rt_), and authorize codes (ory_ac_). Token prefixes are useful when scanning for secrets in e.g. git repositories. Token prefixes are only issued for non-JWTs. -
Allow config context (d894c97)
-
Better control for cookie secure flag (90d539f)
-
client: Respect ip restrictions in client validation (cafe89a)
-
cli: Improve migrate command handling (e252654)
-
cli: Significantly improved
create client(bb9c8ba), closes #3091:This patch adds output formats to
hydra create clientand makes all client fields configurable as flags. -
Config hot reloading architecture (bbe0406)
-
Custom client token ttl (#3206) (9ef671f), closes #3157:
This change introduces a new endpoint that allows you to control how long client tokens last. Now you can configure the lifespan for each valid combination of Client, GrantType, and TokenType.
-
Deprecate autoincrement primary key in hydra_client (#2784) (6d01e2e), closes #2781
-
Deprecate autoincrement primary key in hydra_jwk (#2789) (b76a151), closes #2788
-
Implement NID (b7fc2bf)
-
Improve CLI messages (e934c4f)
-
Improve cloud cli compatibility (93a626d)
-
Improve cookie settings (9717cad)
-
Improve refresh token error messages (2769c9b)
-
Improved cookie controls (e7834ec):
New cookie configuration options have been introduced, allowing a higher degree of control:
serve: cookies: same_site_mode: Lax same_site_legacy_workaround: false domain: example.com names: login_csrf: ory_hydra_login_csrf consent_csrf: ory_hydra_consent_csrf session: ory_hydra_session
-
Make all ui urls relative (370a487)
-
Make CORS config hot reloadable (2d5c893)
-
Make perform commands ory cloud-able (954693f)
-
Pass options from root (2f91ef4)
-
Rebuild containers on start (5b616d8)
-
Replace hydra's transaction impl with ory/popx/transaction (77d8dac)
-
Respect local DNS restrictions (7eb1d1c)
-
sdk: Add missing bearer security definition (a85bc7a)
-
sdk: Type nulls (fe70395)
-
Support alternate hashing algorithms for client secrets (ddba42f), closes rfc6819#section-5 /datatracker.ietf.org/doc/html/rfc6819#section-5:
This patch adds support for hashing client secrets using pbkdf2 instead of bcrypt, which might be a more appropriate algorithm in certain settings. As we assume that most environments fall in this category, we also changed the default to pbkdf2 with 25.000 rounds (roughly 1-3ms per hash on an Apple M1 Max core).
High hash costs are needed when hashing user-chosen passwords, as users often reuse passwords across sites. A high hash cost will make it much harder for the attacker to guess the user-chosen password and try using it on other sites (e.g. Google).
As most client secrets are auto-generated, using high hash costs is not useful. The password (OAuth2 Client Secret) is not user chosen and unlikely to be reused. As such, there is little point in using excessive hash costs to protect users. High hash costs in a system like Ory Hydra will cause high CPU costs from mostly automated traffic (OAuth2 Client interactions). It has also been a point of critizism from some who wish for better RPS on specific endpoints.
Other systems like Keycloak do not hash client secrets at all, referencing more secure authentication mechanisms such as assertion-based client authentication.
-
Support ES256 for generating JWTs (9a080ad)
-
Tls on public port can now be configured without restrictions (73d9517)
-
Upgrade go-swagger (cce8d60)
Tests
- Add test for access token strategy (b4865dd)
- conformance: Add directory (f5d0885)
- conformity: Revert admin prefix (580f33b)
- conformity: Sdk regression (15f3cfc)
- e2e: Add trailing slash to issuer (fa23960)
- e2e: Fix build instructions (415658d)
- e2e: Fix issuer URL (03b2340)
- e2e: Fix jwt regression (647822d)
- e2e: Resolve test regressions (30855d9)
- e2e: Respect metadata (7bea2e8)
- e2e: Upgrade cypress (40be7bb)
- e2e: Upgrade jwks-rsa (8ddf880)
- Fix a flaky test (51600f4)
- Fix assertions on nil pointers (8710590)
- Fix conformity issues (2875c19)
- Fix failing master pipeline (#3283) (f979adb)
- Fix flaky equal check (1100aba)
- Fix flaky equal check (2c4615c)
- Fix resp.bodyclose lint error (f0f5223)
- hsm: Do not evaluate HSM private key (3420026)
- hsm: Resolve test issues (8db9e5b)
- Implement network test structure for clients (8a09175)
- Improve jwk test layout (3b7a1a7)
- migratest: Add missing cockroach migrations and debug test failures (5e6c099)
- Refactor migration tests to use fixtures (#2936) (7b96651), closes #2901
- Remove unused fixture (1cf5bd0)
- Resolve test migration issues (63b7303)
- Test client update and double delete (3a50926)
- Update fixtures (e77c0d3)
- Update paths to reflect new admin api (549deda)
- Update resource limits (9e9ea94)
- Update snapshot (1c9a0d2)
- Update snapshots (5f5c81e)
- Update snapshots (01dbc0e)
- Update snapshots (34bc743)
- Update snapshots (c66a536)
- Use fixed time.Now function in pop (08968aa)
Unclassified
- unstaged - refactor sdk use across the board (34dfc0f)
- code review: add missing nid (2592451)
- code review (8e961d0)
- code review: contextualize config (10c146b)
- code review: make sure CreateClient doesn't use provided ID (8eec85d)
- code review: generate first NID randomly; add/update tests; fix db-diff (00490cb)
- Create networks table (a2c5e14)
1.11.10 (2022-08-25)
This release resolves a critical regression introduced in Ory Hydra v1.11.9. Upgrade to this version and skip Ory Hydra v1.11.9 if you have an existing system. The bug can break existing refresh tokens from working.
It includes no other significant changes.
Bug Fixes
- Improve refresh webhook getter (d40b1da)
- Omit null lifespans (#3212) (2d080a0)
- Regression in session store (5c4321d)
- Remove special char from snapshot symbols (7128ad2)
- Revert config changes (4da64de)
- Session unmarshalling (3bb943a)
Code Generation
- Pin v1.11.10 release commit (1a6c220)
1.11.9 (2022-08-01)
This release introduces two new features:
- The ability to specify token lifespans on a per-client basis using a new HTTP endpoint;
- The additional context in the refresh token hook.
Bug Fixes
-
Backport fix for client specific CORS (#1754) (#3163) (996258d)
-
docs: Correct the tracing service name environment variable (6e2343c):
While I believe this used to be specific to OTEL, it now appears to be configurable "globally", according to
spec/config.json. -
Fixed configuration editor for the documentation page (#3105) (0a77a06):
Closes ory/docs#722
-
Handle server error when refresh token requests come same time (#3207) (e66ba3c)
-
Updated process ending instructions (#3176) (b72491e):
cmd + c doesn't end the process on macOS but ctrl + c does.
Code Generation
- Pin v1.11.9 release commit (8814e79)
Documentation
- Fix missing image (7925597)
Features
-
Add session and requester to refresh token webhook data (#3204) (6d23859), closes #3203
-
Add token_endpoint_auth_signing_alg to cli (#3148) (ed6eb30)
-
Custom client token ttl (#3206) (9544c03), closes #3157:
This change introduces a new endpoint that allows you to control how long client tokens last. Now you can configure the lifespan for each valid combination of Client, GrantType, and TokenType.
1.11.8 (2022-05-04)
This release resolves issues in the log module, improves the SDK type definitions, and introduces new configuration options to HSM.
Bug Fixes
-
Add limit and offset to pagination (#3062) (51f6c5d), closes #3033
-
Do not use cached version (422d422)
-
Proper response types for 404 errors (#3072) (e711273), closes #3064
-
sdk: Correct polymorph type for consent session (#3074) (646459a), closes #3058
-
sdk: Incorrect title (#3014) (d654911):
Closes ory/sdk#153
-
Sync ports between Dockerfiles and comments (#3027) (ebd1694)
-
Use default for env var (2b024b4)
Code Generation
- Pin v1.11.8 release commit (337ab3e)
Documentation
Features
-
Add hsm key set prefix to support multiple hydra instances on the same hsm partition (#3066) (90523fd):
This pull request adds configuration option
hsm.key_set_prefixto support multiple Ory Hydra instances to store keys on the same HSM partition. For example ifhsm.key_set_prefix=app1.then key sethydra.openid.id-tokenwould be generated/requested/deleted on HSM withCKA_LABEL=app1.hydra.openid.id-tokenThis will not affect Hydra API in any way.
GET /keys/hydra.openid.id-tokenwill return key set from HSM with labelapp1.hydra.openid.id-token. -
Add support for trust grants that can issue tokens for any subject (#3012) (a3c4304), closes #2930:
Previously, a trust relationship had to be setup for every subject before the issuer could sign a JWT token for it. This change will allow setting up token services that can issue tokens with any value in the subject field.
-
Make sensitive log value redaction text configurable (#3040) (536352c)
Tests
1.11.7 (2022-02-23)
Ory Hydra has a new place for documentation at github.com/ory/docs and www.ory.sh/docs/hydra! Additionally, the CI/CD infrastructure was moved to GitHub actions.
Code Generation
- Pin v1.11.7 release commit (510615b)
1.11.6 (2022-02-23)
Ory Hydra has a new place for documentation at github.com/ory/docs and www.ory.sh/docs/hydra! Additionally, the CI/CD infrastructure was moved to GitHub actions.
Bug Fixes
Code Generation
- Pin v1.11.6 release commit (49d0d75)
1.11.5 (2022-02-21)
Ory Hydra has a new place for documentation at github.com/ory/docs and www.ory.sh/docs/hydra! Additionally, the CI/CD infrastructure was moved to GitHub actions.
Bug Fixes
- Only include needed openapi models (3d4c16f)
- Remove unused npm format in docs (2519628)
- Update mailchimp list ids (#2995) (172ca9a)
Code Generation
- Pin v1.11.5 release commit (743468e)
1.11.4 (2022-02-16)
Ory Hydra has a new place for documentation at github.com/ory/docs and www.ory.sh/docs/hydra! Additionally, the CI/CD infrastructure was moved to GitHub actions.
Bug Fixes
Code Generation
- Pin v1.11.4 release commit (9e731b6)
1.11.3 (2022-02-15)
No significant changes.
Bug Fixes
Code Generation
- Pin v1.11.3 release commit (a3dd4ee)
1.11.2 (2022-02-11)
Ory Hydra moved from CircleCI to GitHub Actions!
Code Generation
- Pin v1.11.2 release commit (7c099f8)
1.11.1 (2022-02-11)
Ory Hydra moved from CircleCI to GitHub Actions!
Bug Fixes
- Add context where needed (#2985) (784afd1)
- After hook (2f25cc0)
- Goreleaser post-hook (16a5435)
- Quickstart docker (6a282a3)
- Remove outdated notice (#2961) (71c9ca4)
- Revert back to PATs (#2977) (c47f537)
- Use correct swagger methods (#2966) (3340baa)
Code Generation
- Pin v1.11.1 release commit (d24ddbf)
Code Refactoring
Documentation
-
Add cloud (76d4d80)
-
Add options for using SQLite & Cockroach DB to 5min tutorial, fix typo in contribution guidelines (#2970) (05038de)
-
Recommend to start with one container in prod to complete first-time setup. (#2945) (e257f3e), closes /github.com/ory/hydra/discussions/2943#discussioncomment-1997531:
This is to ensure multiple concurrent workers don't both generate JWKs needlessly, for example.
-
Update readme (2b1fb64)
1.11.0 (2022-01-21)
Happy new year! We are excited to announce to you the next iteration of Ory Hydra: Version 1.11.0!
This version has significant new features contributed by the awesome Open Source Community - you! But not only that:
Ory Hydra 2.0 is coming!
While a major version, we intend to keep all APIs with as few breaking changes as possible. The efforts focus on some long-standing issues in the persistence layer. In particular, data growth rate and performance improvements are the focus areass! If you are interested to see what is going on, check out PR #2796
And Ory Hydra 2.0 will be available as an API in Ory Cloud! If you are interested in Ory Cloud, apply to Ory Acceleration Program and receive a one-year free subscription for Ory Cloud's Start-Up plan. The Start-Up plan comes with convenient features such as custom domains and unlimited identities/tokens!
More on timelines and Ory Hydra 2.0 plans will follow later this year.
If these changes are not exciting enough already, Ory Hydra now supports loading Private and Public Keys from Hardware Security Modules, a physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, strong authentication, and other cryptographic functions. Thank you @aarmam for this amazing work! For more information, please read the guide.
Next up, Ory Hydra now natively supports the OpenID Connect Dynamic Client Registration and OAuth2 Dynamic Client Registration Protocol which can be enabled (optionally) in the configuration! Thank you @fjvierap for your hard work!
We do not stop there, @Xopek and @jagobagascon added the Support for JSON Web Token (JWT) Profile for OAuth 2.0 Authorization Grants (RFC7523) to Ory Hydra! This major improvement allows Ory Hydra to have an even better integration API than before!
For our Apple users and everyone eyeballing ARM64, we now distributed binaries and Docker Images for all platforms and CPU architectures, including Apple M1, Linux ARM (v6, v7, v8, ARM64), and - this is new - FreeBSD!
Lastly, we resolved a bug in the configuration loading which now allows loading complex configuration keys from environment variables without hassle!
Please notice that this release requires SQL migrations to be applied! As always, please make a backup before applying them!
Breaking Changes
To celebrate this change, we cleaned up the ways you install Ory software. There is now one central brew / bash curl repository:
-brew install ory/hydra/hydra
+brew install ory/tap/hydra
-bash <(curl https://raw.githubusercontent.com/ory/kratos/master/install.sh)
+bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) hydraEndpoint PUT /clients now returns a 404 error when the OAuth2 Client to be updated does not exist. It returned 401 previously. This change requires you to run SQL migrations!
Co-authored-by: fjviera javier.viera@mindcurv.com
Please notice that this change requires SQL migrations to be applied! As always, please make a backup before applying them!
Co-authored-by: aeneasr 3372410+aeneasr@users.noreply.github.com Co-authored-by: Jagoba Gascón jagoba@arima.eu Co-authored-by: Gajewski Dmitriy dmit8815@gmail.com
Bug Fixes
-
Contributors is upper case (5bad542)
-
FreeBSD build issue, env loading, add OTEL tracing (5158faa), closes #2597 #2912:
This fix addresses an issue where configuration values in arrays could not be loaded from environment variables, which is now possible. For more information on how Ory Hydra parses configuration, head over to the documentation!
Additionally, this PR resolves a build issue on FreeBSD - making it now possible to compile Ory Hydra with the FreeBSD target.
Lastly, this change adds OpenTelemetry support!
-
Missing imports (42fec62)
-
Patch should not reset client secret (#2872) (895de01), closes #2869
-
Remove codecov report for internal testhelpers (52a77a3), closes #2871
-
Remove contributors file (565aa2d)
-
Update v1.10 installation instructions for linux (#2799) (45afd0d):
The documentation for how to install hydra on linux is still using the old version tags
-
Use pop/v6 (b284353)
Code Generation
- Pin v1.11.0 release commit (5355a1a)
Documentation
- Fix grammar issues and typos (#2830) (49b582c)
- ORY -> Ory to follow styleguides (#2941) (5895d03)
- Update bash install (5ca99e5)
- Update coverage badge (1f89973), closes #2871
- Use Ory instead of ORY in the documentation (#2939) (1b2f6a6)
Features
-
docs: Opentelemetry tracing (74da7b6)
-
Hardware Security Module support (#2625) (7578aa9):
This change introduces support for Hardware Security Modules, a physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, strong authentication, and other cryptographic functions.
If enabled, the Hardware Security Module is used to look up any keys. If no key is found, the software module is used as a fallback for lookup. This allows you to use the HSM for privileged keys, and the software module to manage lifecycle keys (e.g. for Token Exchange).
For more information, please read the guide.
Thank you to aarmam for this great contribution!
-
Native ARM64 support in Docker and Binaries (abffb09):
This release adds important security updates for the base Docker Images (e.g. Alpine). Additionally, Ory Hydra now has full ARM support have been resolved and the binaries are now downloadable for all major platforms.
-
OpenID Connect Dynamic Client Registration and OAuth2 Dynamic Client Registration Protocol (#2909) (6a18f62), closes #2568 #2549:
This feature adds first-class support for two IETF RFCs and one OpenID Spec:
- OpenID Connect Dynamic Client Registration 1.0
- OAuth 2.0 Dynamic Client Registration Protocol
- OAuth 2.0 Dynamic Client Registration Management Protocol
To enable this feature, which is disabled by default, set
oidc: dynamic_client_registration: enabled: true
in your Ory Hydra configuration. Once enabled, endpoints
POST,GET,PUT, andDELETEfor/connect/registerwill be available at the public port! -
Support for urn:ietf:params:oauth:grant-type:jwt-bearer grant type RFC 7523 (#2384) (858f2cf), closes #2229:
This change adds support for JSON Web Token (JWT) Profile for OAuth 2.0 Authorization Grants (RFC7523). Users of Ory Hydra will be able to grant permission for OAuth 2.0 Client to act on behalf of some Resource Owner using JWT Bearer Assertions.
For more information about this feature, please head over to the documentation: https://www.ory.sh/hydra/docs/next/guides/oauth2-grant-type-jwt-bearer
1.10.7 (2021-10-27)
Ory Hydra v1.10.7 ships an exciting new feature that enables the updating of access and ID tokens during a refresh flow via an HTTP webhook. To set it up, use the oauth2.refresh_token_hook configuration to set up an HTTP(S) endpoint which receives a POST request when a refresh token is about to be issued!
And even more exciting, we would like to invite you to our first developer conference which is happening tomorrow and the day after (October 28th and 29th, 2021). The event is digital and tickets are free. After short keynotes from Ory's founders Aeneas (hackerman) and Thomas (tacurran), you will learn from fellow community members and contributors about building robust authorization and authentication, best practices for modern cloud infrastructure and many other developer topics! Grab your free tickets now!
Additionally, improvements to tracing, documentation, ID token claims have been merged. Also, Ory Hydra now no longer takes 3 seconds for the CLI to become responsive as we have found a transient dependency that caused slow initialization times:
$ time hydra
hydra 1.87s user 1.90s system 620% cpu 0.607 total
$ time ./hydra-v1.10.7
./hydra-patch 0.03s user 0.01s system 8% cpu 0.450 total
$ time ./hydra-v1.10.7
./hydra-patch 0.02s user 0.01s system 104% cpu 0.032 total
Please note that the location of our Homebrew tap has changed for Ory Hydra from ory/ory/hydra to ory/tap/hydra:
- brew install ory/ory/hydra
+ brew install ory/tap/hydraAll homebrew taps will move to this location, including Ory Kratos, Ory Oathkeeper, Ory Keto, and the Ory CLI!
Breaking Changes
Please note that the location of our Homebrew tap has changed for Ory Hydra from ory/ory/hydra to ory/tap/hydra:
- brew install ory/ory/hydra
+ brew install ory/tap/hydraBug Fixes
-
Documentation correction mentioned in the issue (#2732) (#2773) (ea7a20c)
-
Ignore dockertest in sdk generator (f9506db)
-
List oauth2 clients query parameter 'name' -> 'client_name' (#2747) (283c351):
This commit renders the docs to be in parity with an earlier change 1
-
Replace fatal error of jaeger initialization with print (#2777) (433ce74), closes #2642
-
Resolve panic caused by new prometheus library (ff0a43e)
-
Resolve prometheus panic (f38511f)
-
Slow hydra start up time (ce1b378):
Found a deeply nested dependency which was importing
https://github.com/markbates/pkger, causing unreasonable CPU consumption and significant delay at start up time. With this patch, start up time was reduced from almost 2 seconds to 0.03s seconds for cold starts and ~0.02s for hot starts.$ time hydra hydra 1.87s user 1.90s system 620% cpu 0.607 total $ time ./hydra-patch ./hydra-patch 0.03s user 0.01s system 8% cpu 0.450 total $ time ./hydra-patch ./hydra-patch 0.02s user 0.01s system 104% cpu 0.032 total -
Sqlite regression (5881c13)
-
Update client filter to client_name (#2706) (dee4fa2), closes #2691
-
Upgrade regression (da58453)
Code Generation
- Pin v1.10.7 release commit (0a42535)
Code Refactoring
- Change location of homebrew tap (1eeeeae)
Documentation
- Clarify endpoint (#2757) (d772748), closes #2751
- Faq item (#2678) (856ccc0)
- K8s installation section (#2724) (aec73bb)
- Remove outdated information in doc configuration section (#2723) (3f16045)
- Typos (#2798) (0274fcc)
- Typos in docs (#2808) (a2bacc8)
- Update installation section helm command (#2725) (f6a4dc6)
- Update k8s examples section part of the page (#2719) (048156d)
- Update k8s examples section part of the page (#2720) (1d6eeba)
- Update oauth2 debug swction (#2717) (a2cdc08)
Features
-
Add method to detect public keys without prefixing (#2758) (b12e70c), closes #2459
-
Include amr claim in ID token (#2770) (f701310), closes #1756
-
Making use of the updated instrumentedsql version (#2713) (0a9df15)
-
Refresh token hook to update claims (#2649) (1a7dcd1), closes #2570:
This patch adds a new feature to Ory Hydra which allows the updating of access and ID tokens during the refresh flow. To set it up, use the
oauth2.refresh_token_hookconfiguration to set up a HTTP(S) endpoint which receives a POST request when a refresh token is about to be issued. -
Support updating keys in CLI (#2460) (e874f4f), closes #2436
1.10.6 (2021-08-28)
This release primarily resolves issues with the SDK publishing pipeline.
Bug Fixes
Code Generation
- Pin v1.10.6 release commit (f1771f1)
Documentation
1.10.5 (2021-08-13)
This patch introduces a faster and better janitor (database clean up routine), the ability to filter OAuth2 Clients by owner and name, and resolves a regression when parsing config environment variables.
Bug Fixes
- Docs generator (564d18b)
Code Generation
- Pin v1.10.5 release commit (0456f54)
Documentation
Features
-
Add owner/name filter to list clients (#2637) (ea6fdfd), closes #1485
-
Improve delete queries for janitor command (#2540) (6ea0bf8), closes #2513:
This patch improves delete queries by separating the data extraction from actual delete. Extraction is made with a configurable limit, using the
--limitCLI flag. Deletes use that list in batch mode with a configurable batch size (--batch-sizeCLI flag). Default value for limit is 100000 records and default value for batch size is 100 records.To improve performance,
LEFT JOINis used to select also login and consent requests which did not result in a complete authentication, i.e. user requested login but timed out or user logged in and timed out at consent. Also, two independentSELECTs are used in the extraction of login and consent requests eligible for deletion. This solves a bug in the singleSELECTcausing deletion of consent requests where matching login requests were eligible for deletion and vice versa. With independentSELECTs we keep consent requests even if matching login request gets deleted.
1.10.3 (2021-07-14)
Ory Hydra v0.10.3 brings several bug fixes and configuration features, in particular:
- Adding the
hydra keys importcommand; - Passing the
client_idin the logout request; - Resolving prometheus cardinality issues;
- Moving to
go-josefor JSON Web Keys and JSON Web Tokens; - Supporting PKCE discovery in
/.well-known/; - Support for Instana tracing.
For a full list of changes, please check below!
Bug Fixes
-
Add RFC 8414 pkce info to OpenID Connect Discovery (#2547) (9693168), closes #2311
-
Add the missing keys import command (#2521) (c4bc248), closes #2520
-
Build issues (5de255b)
-
oauth2: Enforce assertion check on userinfo aud field (#2524) (c463d9f):
This is so the check on the
okvariable is effectual. Prior to this patch the type assertion on the *client.Client was setting the value ofok. Due to the fact the type assertion on *client.Client is already checked and on a false value it exits the func, this value will always be true. -
Resolve sdk build issues (68976f8)
-
Resolve sdk build issues (1807e89)
-
Use prebuilt ory cli and bump ory/x (#2605) (0f95e01), closes #2596
-
WWW-Authenticate header in userinfo handler (#2454) (f701b28)
Code Generation
- Pin v1.10.3 release commit (ea93158)
Code Refactoring
Documentation
-
Clearer wording in SPA notice for HTML forms (#2565) (64a332a):
See https://ory-community.slack.com/archives/C012RBW0F18/p1621977892051700
-
Fix erroneous sidebar commit (94ded27)
-
Link to correct doc in help command (#2631) (3e5760f), closes #2366
-
Move api docs to top level (243a617)
-
New redoc api docs (9fb505f)
-
Rename sidebar api (f14d2e7)
Features
- Add custom claims to top-level JWT payload (#2545) (63402de), closes #1974
- Add instana as possible tracing provider (#2548) (f74fe90)
- Add max_conn_idle_time flag (#2551) (81e0784)
- Import keys with a default key id (#2563) (cd3014c)
- Pass client in logout request (#2483) (43b391d), closes #2468
1.10.2 (2021-05-04)
This maintenance release resolves regressions introduce in Ory Hydra v1.10.1. A big change is that Ory Hydra now support PATCH operations for OAuth2 Clients and is able to handle TLS for admin and public endpoints individually.
Breaking Changes
This patch makes it so that already handled consent/login/logout requests respond with 410 Gone instead of 409 Conflict. Additionally, a URL is included that the user should be redirected to!
Co-authored-by: hackerman 3372410+aeneasr@users.noreply.github.com
This patch changes how issuer and public URLs are used. Please be aware that going forward, the public URL is used for redirects. Previously, the issuer URL was used. If no public URL is set, the issuer URL will be used as before.
Bug Fixes
-
CookieStore MaxAge value (#2485) (#2488) (aafc901):
CookieStore MaxAge is set to 86400 * 30 by default. This prevents secure cookies retrieval with expiration > 30 days. MaxAge: 0 disables MaxAge check by SecureCookie, thus allowing sessions lasting > 30 days.
-
Handled requests respond with 410 Gone and include redirect URL (#2473) (e3d9158), closes #1569
-
Login and consent redirect behavior change since 1.9.x (#2457) (2f3a1af), closes #2363:
Allow #fragment in configured url to keep backwards compatibility.
-
Make token user command work with public clients (#2479) (a033d6a)
-
Resolve clidoc issues (f6e5958)
-
Resolve specignore issues (1431167)
-
Valid JSON response for already handled requests (#2517) (ac61616), closes #2515
Code Generation
- Pin v1.10.2 release commit (e8c3a06)
Code Refactoring
Documentation
-
Change forum to discussions readme (#2451) (aa2919d):
same as ory/kratos#1220
-
Fix uppercase id (8ac186c)
Features
-
Add the MaxTagValueLength config for jaeger of tracing (#2482) (03c96ee), closes #2447
-
Enable "nbf" (not before) claim to be optional for Access Token (#2437) (666cd25), closes #1542
-
Implement partial client updates (PATCH) with JSON Patch syntax (#2411) (540c89d):
Implements a new endpoint
PATCH /clients/{id}which uses JSON Patch syntax to update an OAuth2 client partially. This removes the need to doPUT /clients/{id}with the full OAuth2 Client in the payload. -
Split TLS config into admin and public interfaces (#2476) (60704d4), closes #1231 #1962:
Adds the possibility to specify TLS certificates for admin and public endpoints individually. Also improves compatibility for internal networks (e.g. Kubernetes) by removing the need for having TLS termination on admin endpoints. This can be enabled by setting
serve.admin.tls.enabledto false.
1.10.1 (2021-03-25)
We are excited to announce Ory Hydra v1.10.0!
This release adds significant data management improvements. As such, we introduce the new "hydra janitor" command which cleans up stale data and can be run, for example, as a (Kubernetes) CronJob.
The new janitor command is able to clean up invalid and expired access and refresh tokens as well as login and consent requests. This solves issues observed in installations with lots of traffic.
This patch refactors the internal file embed system by migrating to Go 1.16, simplifying and speeding up the build process.
To follow OAuth2 best-practice, refresh tokens will now invalidate the whole access and refresh token chain if reused.
Bug Fixes
-
Add docs/node_modules make target (b302501)
-
Add network specific error message to avoid confusion (#2367) (56d71e6), closes #2338
-
Adds sqa section to config.schema.json (#2360) (89df8d7), closes #2358:
Move from viper to koanf caused env vars without corresponding paths in config.schema.json to be ignored. This commit adds missing sqa section, so the SQA_OPT_OUT env var has effect again.
-
Adopt new cli renderer pipeline (02483ce)
-
Better http resiliency and sqlite updates (883a84f)
-
Improve cache and update CI images to go 1.16 (#2388) (7803202)
-
Increase conformance test timeout (e9bd064)
-
Record cypress videos (c9d0a26)
-
Resolve clidoc issues (8257cb2)
-
Resolve docs build issues (6612099)
-
Resolve e2e test issues (4812f54)
-
Resolve migrator duplicate files (b1f63ff)
-
Resolve migrator regression issues (cdfc03d)
-
Revert mode default and maximum values (#2349) (b20fc48):
I made a mistake in previous pull request, these socket mode values are in decimal, not octal format. Sorry.
-
Update janitor help (b7965c6)
-
Use appropriate migrations with precedence (b61d05c)
-
Use gelf windows hotfix (0cac0f1)
-
Use go 1.16 in conformity suite (3fbda05)
Code Generation
- Pin v1.10.1 release commit (2287ac5)
Documentation
-
Fix subject identifier algorithms to match configuration (#2400) (dd19b86):
On https://www.ory.sh/hydra/docs/reference/configuration/ under 'subject identifiers' the name for defining which subject identifier algorithms are supported it is called "supported_types", not "enabled" as in these pages.
-
Update config.schema.json default values (#2348) (8494822):
Updated wrong config schema values
-
Update examples to new helm install command format (#2369) (f006556):
Tried example with helm 3.5.2 and it does not support
--nameflag. So I moved name and repository to first line of commands.
Features
-
Add --no-shutdown flag to "hydra token user" to prevent auto-termination (#2382) (#2386) (a17d10e)
-
Add front/backchannel logout params to client cli (#2387) (055f801), closes #1487
-
Flush inactive/expired login and consent requests (#2381) (f039ebb), closes #1574:
This patch resolves various table growth issues caused by expired/inactive login and consent flows never being purged from the database.
You may now use the new
hydra janitorcommand to remove access & refresh tokens and login & consent requests which are no longer valid or used. The command follows thenotAftersafe-guard approach to ensure records needed to be kept are not deleted.To learn more, please use
hydra help janitor.This patch phases out the
/oauth2/flushendpoint as the janitor is better suited for background tasks, is easier to run in a targeted fashion (e.g. as a singleton job), and does not cause HTTP timeouts. -
Flush refresh tokens for service oauth2/flush (#2373) (b46a14c), closes /github.com/ory/hydra/issues/1574#issuecomment-736684327
-
Move to go 1.16 and static embed files (6fa591c)
-
Refresh token reuse detection (#2383) (bc349f1), closes #2022:
This patch adds support for Refresh Token reuse Detection introduced by ory/fosite#567. Ory Hydra's persister no longer deletes refresh tokens when using them, but instead deactivates them - similar to how authorization codes work.
Tests
- Bump cypress to newer version and add resilience (c76309c)
- Bump ory/x and resolve regressions (1a03c07)
- Fix record arg (b248406)
- Improve e2e script and add record option (9d4764d)
- Resolve flaky cypress tests (356b05f)
- Resolve migration regression (e59e2bc)
- Use cypress fetchers (2aa0980)
- Use go 1.16 in conformity (ccd983d)
Unclassified
- Do not send 404 on revoke consent / delete login (#2397) (854b9ee)
- Resolve oidc conformity regression (1049602)
1.9.2 (2021-01-29)
This release adds more telemetry data to the prometheus exporter.
Code Generation
- Pin v1.9.2 release commit (f0580e2)
Features
1.9.1 (2021-01-27)
This release makes Dart and Rust SDKs available for Ory Hydra!
Code Generation
- Pin v1.9.1 release commit (5cedc9e)
Documentation
-
Add faq items (8d31cb3):
Added two items to the FAQ that were sitting in meta/tmp.
-
Add Rust and Dart SDKs (c4b4f73):
We now support for Rust and Dart SDKs!
-
Update javascript documentation (a2b3a49):
Closes ory/sdk#22
-
Update npm package name (#2302) (d05d82e):
Changed npm client package from @oryd/hydra-client to @ory/hydra-client
1.9.0 (2021-01-12)
Today, we are very excited to announce the stable release of ORY Hydra 1.9! This release contains significant internal code refactoring, making ORY Hydra more reliable, lightweight, and even more scalable! Also, for the first time ever, ORY Hydra handled over 13.3 billion API requests in December 2020 in over 23.000 production environments around the globe.
Let's talk features - in a TL;DR overview:
- Completely replacing the existing DBAL and switching to gobuffalo/pop.
- Support for SQLite, an embedded database, which can be used for testing and tiny deployments.
- Deprecating the existing configuration system spf13/viper and moving to knadh/koanf.
- Adding OpenID Connect Conformity Test Suite to the CI, guaranteeing that every code change is fully OpenID Connect compliant.
- Support for the OpenID Connect
response_mode=form_postResponse Mode. - Compatibility with MITREid, allowing easy migration from MITREid to ORY Hydra.
- The TypeScript SDK moved from @oryd/hydra-client to @ory/hydra-client. Please update your dependencies!
If you wish to get into ORY Hydra, check out the new YouTube tutorial:
See you on slack, signed HACKERMAN.
ORY Kratos
We would like to take a bit of your time and introduce you to ORY Kratos. ORY Kratos implements all the hard things related to users: login, registration, customizable profile fields, multi-factor authentication scheduled for v0.6, secure account recovery, email and SMS verification, profile management, session and device management, user administration, social sign in and sign up, and much, much more! Everything works with proven and ORY-hardened protocols in the same lightweight fashion you are used to from our other products. And it natively targets mobile, desktop, web, and robots! ORY Kratos is essentially an open-source alternative to Auth0, Okta, and Google Firebase with the added benefit of avoiding the complexity of implementing OAuth2 and OpenID Connect for your first-party apps just to get login to work. So if you are wondering whether you really need OAuth2, this is worth your time!
To get a feeling for ORY Kratos, check out our exemplary React Native app (available on GitHub, Android and iOS) demonstrating user registration, login, and profile management. It uses APIs from ORY Cloud, which will be publicly announced this year. If you are interested in becoming an early adopter, get in touch now! We have more super exciting stuff planned!
Changes in-depth
Let's break down the most significant changes in more detail:
The configuration system has been reworked
- Configuration sourcing works from all sources (file, env, cli flags) with validation against the configuration schema. This makes changing or updating configuration much easier.
- Configuration reloading is improved and works on Kubernetes.
- Performance gains remove the need for a cache layer between the configuration system and ORY Hydra.
- Loading of several config files is now possible using the
--configflag. - Configuration values are now sent to the tracer (e.g. Jaeger) if tracing is enabled.
Please be aware that deprecated configuration flags have been removed with this change. It is also possible that ORY Hydra might complain about an invalid configuration due to a significantly improved validation process.
The OpenID Connect Conformity Test Suite is now part of the ORY Hydra CI pipeline.
This means every PR and change will be checked for OpenID Connect Compliance. As part of these tests, we uncovered some regression issues which have since been resolved. Please be aware that fields error_hint and error_debug will no longer be sent. You can re-enable those legacy fields by setting oauth2.include_legacy_error_fields to true.
Supporting response_mode=form_post
Support OpenID Connect flows response_mode=form_post was added and has been tested with the OpenID Connect Conformity Test Suite, making it ready for production.
Compatibility with MITREid
Adds an option that allows granting the OAuth2 Client's authorized scope when performing a client_credentials flow without specifying a scope. This enables compatibility with MITREid and allows migrating from MITREid to ORY Hydra.
Refactoring the internal DBAL
We completely refactored the internal database abstraction layer (DBAL). We have been using gobuffalo/pop successfully in ORY Kratos and decided to move the ORY Hydra DBAL to gobuffalo/pop as well. As part of this refactoring, ORY Hydra now supports SQLite for both in-memory as well as on-disk databases, de-duplicating the codebase and allowing for quick and easy persistence in test environments.
Code Generation
-
Pin v1.9.0 release commit (7120b4f):
Bumps from v1.9.0-alpha.1
1.9.0-rc.0 (2021-01-12)
This is a pre-release for ORY Hydra 1.9.0
Code Generation
-
Pin v1.9.0-rc.0 release commit (e8fc76b):
Bumps from v1.9.0-alpha.1
1.9.0-alpha.4.pre.0 (2021-01-12)
autogen: pin v1.9.0-alpha.4.pre.0 release commit
Bug Fixes
- Add 400 as possible reply to /oauth2/token (24daede), closes #2260
- Bump ory/x and update config usage (#2248) (4937a00)
- Do not require unset pairwise (4136aaf)
- Improve version regex (17d9599), closes #2255
- Update schema reference for subject_identifiers.supported_types (0e14a08), closes #2270
Code Generation
- Pin v1.9.0-alpha.4.pre.0 release commit (9766b27)
Documentation
-
Add note about mounting the config file when using docker (#2235) (766e8f1), closes #2231
-
Change deprecated fallback url (#2275) (0bf61aa), closes #2254
-
Client api upper bound on limit parameter (#2277) (bc2bbd2), closes #2267
-
Fix incorrect version replacements (70a6b8f)
-
Oidc.subject_identifiers config key change (#2232) (2172f25):
oidc.subject_identifiers.enabled is now oidc.subject_identifiers.supported_types. Docs should get updated.
-
Update install from source instructions (bcfd9b7)
1.9.0-alpha.3 (2020-12-08)
We are excited to present the next big step towards ORY Hydra 1.9! In this release we completely refactored the configuration internals and moved from spf13/viper to knadh/koanf:
- Configuration sourcing works from all sources (file, env, cli flags) with validation against the configuration schema, greatly improving the developer experience when changing or updating configuration.
- Configuration reloading has improved significantly and works excellently on Kubernetes.
- Performance gains that remove the need for a cache layer between the configuration system and ORY Hydra.
- Loading of several config files using the
--configflag now possible. - Configuration values are now sent to the tracer (e.g. Jaeger) if tracing is enabled.
Please be aware that deprecated configuration flags have finally been removed with this change. It is also possible that ORY Hydra might complain about an invalid configuration due to a significantly improved validation process.
In addition, this release includes the new OpenID Connect Conformity Test Suite as part of the ORY Hydra CI pipeline. This means every PR and change will be checked for OpenID Connect Compliance. As part of these tests, we uncovered some regression issues which have since been resolved. Please be aware that fields error_hint and error_debug will no longer be sent. You can re-enable those legacy fields by setting oauth2.include_legacy_error_fields to true.
Furthermore, support for OpenID Connect flows response_mode=form_post was added and has been tested with the OpenID Connect Conformity Test Suite, making it ready for production.
Several other bugs have been resolved and we have completely overhauled the tests, deprecating test tables in favor of test suites. This greatly improves the readability of our tests and allows new contributors to more easily understand what is going on!
If you wish to get into ORY Hydra, check out the newly published YouTube tutorial:
Breaking Changes
After battling with spf13/viper for several years we finally found a viable alternative with knadh/koanf. The complete internal configuration infrastructure has changed, with several highlights:
- Configuration sourcing works from all sources (file, env, cli flags) with validation against the configuration schema, greatly improving developer experience when changing or updating configuration.
- Configuration reloading has improved significantly and works flawlessly on Kubernetes.
- Performance increased dramatically, completely removing the need for a cache layer between the configuration system and ORY Hydra.
- It is now possible to load several config files using the
--configflag. - Configuration values are now sent to the tracer (e.g. Jaeger) if tracing is enabled.
Please be aware that deprecated configuration flags have finally been removed with this change. It is also possible that ORY Hydra might complain about an invalid configuration, because the validation process has improved significantly.
This patch requires running SQL Migrations. Please be aware that a NOT NULL column is being dropped which could require a lot of time when the authentication_session table contains a lot of data.
This patch removes error_hint and error_debug fields from OAuth2 responses. These are now all merged into error_description which is according to the OAuth2 and OpenID Connect specification. If you wish to keep the old behavior around, set oauth2.include_legacy_error_fields to true in your ORY Hydra configuration.
Applying this patch requires running SQL migrations. The SQL migrations will remove a UNIQUE constraint and add new INDEX to several tables which should speed up certain operations. Please be aware that this might cause certain databases to lock which could be problematic if there are many rows affected.
This changes the OAuth2 Token Introspection response to ensure compliance with the OAuth2 Token Introspection specification. Previously, token_type would return access_token or refresh_token. The specification however mandates that token_type is always Bearer. This patch resolves that issue. The previous behaviour of token_type has now been moved to token_use which can be access_token or refresh_token.
Bug Fixes
-
Add encrypt_at_rest option to config schema (3219c16)
-
Add required aud, jti claims to userinfo response (d0697fa)
-
Add standardized client registration errors (02a9137):
Adds new errors to fully comply with the OpenID Connect Dynamic Client Registration specification.
-
Allow all request object signing algs per default (edc54c2):
This patch resolves an issue where RS256 would be the only allowed request object signing algorithm. The spec however mandates that all algorithms are allowed if the client does not explicitly set the request object signing algorithm.
-
Allow lower bcrypt values and add tests (812a21c)
-
Ensure consistent auth_time in session handling (e973ffe)
-
Increase parallelism to 4 (ae02706)
-
Mark false gosec positive (206d1ee)
-
Nonce is not required for hybrid flows (c708ada)
-
Quickstart yml (5ebd984)
-
Remove session from store on logout (4495f56):
This patch resolves an issue where the session would not be purged from the store when performing an RP-initiated logout request from a client, if said client does not purge the authentication session properly because the client does not have access to it or because the client misbehaves.
-
Remove unrelated quickstart entry (#2214) (a583d78), closes #2213
-
Request_id should not be unique (a8ca333):
This patch resolves an issue where certain OpenID Connect Hybrid flows would error with a UNIQUE violation. The cause of this issue was an incorrect UNIQUE constraint on the
request_idfield of the access, refresh, pkce, and other, similar tables. -
Resolve broken quickstart (95a1dfb)
-
Update deprecated config in quickstart (1c1433a)
-
Update invalid quickstart config (8d076a5)
-
Update package lock (18bfc96)
-
Update schema to support new koanf (29763c8)
Code Generation
- Pin v1.9.0-alpha.3 release commit (05809d2)
Code Refactoring
- Deprecate driver semantics (8fc3e2e)
- Move oauth2 cors to own package (3beddbd)
- Rename
token_typetotoken_usein introspection (152fd5d), closes #1762 - Replace viper with koanf config management (8c12b27)
Documentation
-
Add config debug section (c53f036)
-
Add contributing to sidebar (#2209) (21f3b1f):
Added Contributing Guidelines to the introduction menu point on the sidebar. I think it should be as obvious as possible. Another good solution would be to add them to the top bar?
If this is merged, I will do the same changes for Kratos/Oathkeeper/Keto.
-
Add newsletter banner (5b63aa4)
-
Deps are installed automagically and make deps was removed (#2157) (25e96e2), closes #2154
-
Minor improvements to the concepts/consent page (#2168) (1128cfc)
-
Use codefromremote for consent samples (51c0874)
Features
-
Add ability to override oidc discovery urls (bb8b982):
Added config options
webfinger.oidc_discovery.token_url,webfinger.oidc_discovery.auth_url,webfinger.oidc_discovery.jwks_url. -
Add new
request_object_signing_alg_values_supportedto oidc discovery (4220959) -
Add oidc conformity tests (651f424)
-
Improve and clean up error handling (b727367)
-
Improve error responses for consent handler (44ab747)
-
Improve error stack trace wrapping (fdf142c)
-
Only set state-param if it was passed (#2183) (568434a):
Using
statein the logout flow is optional, sostatecan be empty. In order to avoid an ugly/post-logout-redirect-uri?state=URI, the state should only be appended if it is not empty. -
Remove legacy error fields unless configured to do so (e2a7135)
-
Support OpenID Connect's
response_mode=form_post(8ab9eff), closes #1621:This patch adds support for the
response_modeparameter as defined in OAuth 2.0 Form Post Response Mode. Additionally, valuesfragmentandqueryare supported as defined in OAuth 2.0 Multiple Response Type Encoding Practices. -
Support pkger (07a360e)
Tests
- Add timeout to wait (90dfaf5)
- Completely refactor consent tests (defc063)
- Fix jwt e2e tests (1b480d8)
- Improve github action conformity tests (1015e49)
- Improve TestClientCredentialsGrantAllScopes (19409b4)
- Increase timeout for conformity (a65d289)
- Oidc conformity tests should run as workflow dispatch (5b8fa0a)
- Refactor client credential tests (b74cffa)
- Refactor consent logout tests and add failing case (ef12c06)
- Refactor oauth2 auth code tests (c376473)
- Resolve conformity test suite concurrency issues (ef312c3)
- Resolve e2e startup issues (5af4cef)
- Resolve e2e test failures (03f5e8e)
- Resolve failing rotation key tests (8e8b943)
- Resolve flaky test issue (e17a074)
- Resolve incorrect retry loop (ef141c2)
- Retry conformity failures (409ae42)
- Retry interrupted tests (c72367b)
- Skip preloading in migration tests (14272f2)
- Update config to pass validation (6931461)
- Use 16 workers for conformance (9cf0e65)
- Use correct test context (45bc907)
- Use prebuilt images for conformity testing (4dd7a62)
Unclassified
- Format (5f08ff2)
1.9.0-alpha.2 (2020-10-29)
This release addresses an issue in the update routine of OAuth2 Clients (see kratos#2148) and adds an option which makes ORY Hydra compatible with MITREid.
Bug Fixes
- Add docs format to make format (cfa50fe)
- Client update breaks primary key (#2150) (7662917), closes #2148
- Explicitly use no-CGO images for non-SQLite (1ec2d1d)
- Force brew install statement (0252b5a)
- Update install script (c614c0b)
Code Generation
- Pin v1.9.0-alpha.2 release commit (1a7fe91)
Documentation
- Add missing trailing slash (97bc47d)
- Replace dex with keycloak (fa877d7), closes #2128
- Version bash-curl script (71b0592), closes #2145
Features
-
Add configuration option to grant default client_credential scope when no scope is requested (#2144) (0b1de34), closes #2141:
Adds an option which allows granting the OAuth2 Client's authorized scope when performing a
client_credentialsflow without specifying a scope. This enables compatibility with MITREid.
Tests
1.9.0-alpha.1 (2020-10-20)
This release focuses on a complete refactor of the internal database abstraction layer (DBAL). We have been using gobuffalo/pop successfully in ORY Kratos and decided to move the ORY Hydra DBAL to gobuffalo/pop as well. As part of this refactoring, ORY Hydra now supports SQLite for both in-memory as well as on-disk databases, de-duplicating the codebase and allowing for quick and easy persistence in test environments.
This is an alpha release as we want to gather feedback from the community regarding performance and other potential issues before tagging the v1.9.0 version branch as stable.
Bug Fixes
- Add support for tracing to SQL (b3dda7c)
- Address pop inconsistencies and update tests (8f3462f)
- CGO build issues on Windows and Go 1.15+ (1c1fe19)
- Do not require sqlite and CGO for other databases (8069205)
- Do not run migrations in background (308edb9)
- Explicitly set pwd in makefile (aeb1090)
- Goreleaser add docker images (7a81908)
- Improve cli flags and add
-cconfig flag (bf3be84) - Improve schema typing for tracing (4cc25c3)
- Improve tests and pop adapter (1354611)
- Remove explicit cve allowlist (90caeda), closes #2117
- Remove obsolete makefile targets (dc5d37f)
- Remove unnecessary transactions (1df50ec)
- Remove websocket direct dep (d525983), closes #2111
- Run tests only once (4e1d0f6)
- Set context in connection getter (644967a)
- Update docker and quickstart examples (b01c246)
- Update format to goimports (c4438b0)
- Use context in transaction creator (db0ac86)
- Use sqlite for standalone (e5b7147)
Code Generation
- Pin v1.9.0-alpha.1 release commit (a270e4c)
Code Refactoring
-
Move Dockerfiles to .docker directory (5508f2a)
-
Use gobuffalo/pop for SQL abstraction (#2059) (56bce67), closes #1730:
This patch replaces the existing SQL and memory managers with a pop based persister. Existing SQL migrations are compatible as they have been migrated to the new SQL abstraction in version 1.7.x. As a goodie, ORY Hydra now supports SQLite for both in-memory as well as on-disk (useful for development and very small deployments) databases!
Documentation
- Add hypnoglow terraform provider (7ed8870), closes #1304
- Correct port (#2101) (487e733), closes #2100
- Correct port (#2102) (7aca301), closes #2100
- Fix typo (71a4495)
- Remove obsolete doc section (443a225)
- Swagger route headline capitalization (4540ece), closes #2015
- Update code listings and image tags (3cd22c4)
- Update sql instructions (bfed7f2)
- Updates kubernetes helm chart url (6d63a73)
Features
- Implement docker for quickstart (8e64202)
- Re-enable freebsd (2f19837), closes #2116 #2115
- Support sqlite in goreleaser (e946487)
Tests
-
Fix confusing expected/got (#2135) (14b6db2):
And fixed assert.EqualError params in right order in TestStrategyLoginConsent
-
Move tests to persistence (46d0571)
-
Write migrate logs to file (9a1fbd8)
1.8.5 (2020-10-03)
This is a security-focused release with fixes for CVE-2020-15234, CVE-2020-15223, CVE-2020-15233. Additionally, several system dependencies (e.g. Golang) have been upgraded.
A few things have changed as part of these patches:
- OAuth 2.0 Redirection URL error parameters
error_hint,error_debughave been deprecated and are now part oferror_description. The parameters are still included for compatibility reasons but will be removed in a future release. - OAuth 2.0 Error
revocation_client_mismatchwas not standardized and has been removed. Instead, you will now receiveunauthorized_clientwith a description explaining why the flow failed.
Additionally, the TypeScript SDK generator has changed from OpenAPI's typescript-node to typescript-axios making the SDK compatible with both browser as well as node environments, which was not the case previously. Please be aware that some of the SDK's API signatures - especially responses - have changed and check your TypeScript output for instructions on upgrading. You may still use an older version of the SDK as none of ORY Hydra's HTTP APIs have changed.
Due to several complex CI issues and regressions, build versions v1.8.0 - v1.8.4 failed. v1.8.5 the first and only stable release in the current 1.8.x branch.
New features have been added and bugs have been closed. No migrations are required when applying this release. Please check the list below for an in-depth overview.
Code Generation
-
Pin v1.8.5 release commit (951870e):
Bumps from v1.8.0-pre.0
1.8.0-pre.1 (2020-10-03)
autogen: pin v1.8.0-pre.1 release commit
Bug Fixes
- Resolve gosec issues and false positives (0832138)
Code Generation
- Pin v1.8.0-pre.1 release commit (861fdb7)
Features
- Bump golangci-lint and add lint job (5ea6fb6)
1.8.0-pre.0 (2020-10-02)
This is a security-focused release with fixes for CVE-2020-15234, CVE-2020-15223, CVE-2020-15233. Upgrading is strongly advised!
A few things have changed as part of these patches:
- OAuth2 Redirection URL error parameters
error_hint,error_debughave been deprecated and are now part oferror_description. The parameters are still included for compatibility reasons but will be removed in a future release. - OAuth2 Error
revocation_client_mismatchwas not standardized and has been removed. Instead, you will now receiveunauthorized_clientwith a description explaning why the flow failed.
Additionally, the TypeScript SDK generator has changed from OpenAPI's typescript-node to typescript-axios making the SDK compatible with both browser as well as node environments, which was not the case previously. Please be aware that some of the SDK's API signatures - especially responses - have changed and check your TypeScript output for instructions on upgrading. You may still use an older version of the SDK as none of ORY Hydra's HTTP APIs have changed.
New features have been added and bugs have been closed. No migrations are required when applying this release. Please check the list below for an in-depth overview.
Breaking Changes
As part of this patch, a few things have changed in a breaking fashion:
- OAuth2 Redirection URL error parameters
error_hint,error_debughave been deprecated and now part oferror_description. The parameters are still included for compatibility reasons but will be removed in a future release. - OAuth2 Error
revocation_client_mismatchwas not standardized and has been removed. Instead, you will now receiveunauthorized_clientwith a description explaning why the flow failed.
Bug Fixes
-
Bump ory/fosite to v0.34.1 to address CVEs (0561d74)
-
Delete obsolete patch (1b99ce3)
-
Downgrade log level for access rejections (#2038) (82208c4), closes #2031
-
Ignore x/net false positives (fd14ad3)
-
Remove docker-e2e file (096bc0c):
The file and build pipeline have moved to https://github.com/ory/e2e-env.
-
Update link to config docs displayed on
hydra serve help(#2071) (d619fab), closes #2065
Code Generation
- Pin v1.8.0-pre.0 release commit (293c3ac)
Documentation
-
Fix broken link (ab3afec)
-
Fix regression issues and OOM build error (f20f844)
-
Fix typo "pariwise" on advanced flows page (bcd2de0)
-
s̶i̶g̶n̶l̶e̶ ̶p̶a̶g̶e̶ ̶a̶p̶p̶
➡️ single page app -
Improve before-oauth2 (8bcb8c9)
-
Minor typo in limitations.md (#2048) (42d85ee):
It said "an maximum" but I believe it should be "a maximum".
-
Resolve broken link (eedb1f8)
-
Update logout flow docs based on new spec (#2044) (d8d4f1e), closes #1994
-
Update pkg.go.dev link in README (#2084) (ce3515f):
Remove www from the pkg.go.dev path.
-
Use relative paths (5107e58)
Features
-
Add client update command in cli (444d26d)
-
Allow to automatically set GOMAXPROCS according to linux container quota (#2034) (39652ac)
-
API for deleting a client's access tokens (#2058) (077c54a), closes #1728
-
Improving the client update command description (85b6e86)
-
Metrics prometheus endpoint should not require x-forwarded-proto header (#2074) (7d3a1c8), closes #2072:
- moved MetricsPrometheusPath constant to metrics/prometheus/metrics.go
- added rule to allow insecure requests for MetricsPrometheusPath endpoint
- arranged tls_termination_test.go test to cover all cases in RejectInsecureRequests function
1.7.4 (2020-08-31)
This release resolves several minor bugs and one slow query. Please be aware that applying this version requires running SQL migrations.
Bug Fixes
- Update e2e docker image (2ce0f14)
Code Generation
-
Pin v1.7.4 release commit (ff980e6):
Bumps from v1.7.1
1.7.3 (2020-08-31)
This release resolves several minor bugs and one slow query. Please be aware that applying this version requires running SQL migrations.
Code Generation
- Pin v1.7.3 release commit (a72fac3)
1.7.1 (2020-08-31)
This release resolves several minor bugs and one slow query. Please be aware that applying this version requires running SQL migrations.
Breaking Changes
This patch changes the SQL schema and thus requires running the SQL Migration command (e.g. ... migrate sql).
Never apply SQL migrations without backing up your database prior.
Bug Fixes
-
Add (client_id, subject) index to access and refresh tables (#2001) (6c830d2), closes #1997 #2000:
This patch adds an index over
(client_id, subject)to access and refresh token tables which improves performance significantly in certain API calls. -
Deprecate client flags in introspection CLI (eeaa3ac)
Code Generation
- Pin v1.7.1 release commit (2ecfe4b)
Code Refactoring
Documentation
- Add milestones to sidebar (8a19f53)
- Add note about refresh token invalidation (7ce7a7e), closes #2021
- Add note about refresh token invalidation (#2021) (5add779)
- Add pkg.go.dev badge (#2009) (b9bf968)
- Capitalize swagger titles in NYT style (#2023) (595e3b0), closes #2015
- Clarify that fallback URL shows an error (e077e83), closes #1931
- Fix access control section (152ccf0), closes #1992
- Fix typos and correct legend (94c9872), closes #1930
- Improve deprecation notice (dedcafe)
- Remove duplicate tempalte (3e32aa5)
- Remove introspect security spec (#2002) (973d57b), closes #1520
- Spelling fix (d9b00e3)
- Update 5 minute tutorial (17f893f)
- Update repository templates (08cafb1)
- Update repository templates (aebc122)
- Update repository templates (#2028) (d61fd57)
- Use NYT style capitalization for swagger (#2019) (066a6cd)
Features
Unclassified
1.7.0 (2020-08-14)
The new SameSite attribute is now enforced on Google Chrome and may cause issues with your current ORY Hydra deployment:
SameSite=None no longer works without secure flag cookies. If you are using the --dangerous-force-http flag and have not configured SameSite=Lax your users will no longer be able to perform OAuth2 flows.
The next FireFox release will follow this implementation as well. To prevent your users from experiencing issues:
- Remove
--dangerous-force-httpfrom your deployment. This flag should never be set outside of local development machines anyways! - Set environment variable
SERVE_COOKIES_SAME_SITE_MODE=Laxor configuration valueserve.cookies.same_site_mode = Lax.
By applying this release, the above recommendations will be set per default, for example using Lax when --dangerous-force-http is set.
Many of you reached out in the past asking about managed / SaaS offerings from ORY, for more support, automated updates, and automated fixes for issues like the SameSite behavior above. We would like to invite those interested in that kind of an offering and service to engage in a dialogue to better help us understand how you are using ORY, what requirements your businesses have and how we can better help and service you. Together, we can shape some of this journey together. If you like to be part of this conversation please send an email to jared@ory.sh so we can get in touch directly and begin talking about what an ideal and fully supported offering from ORY would look like for you.
This patch additionally includes a breaking API change for the "Revoke Consent Sessions API endpoint" - please check the breaking changes below. Bugfixes are included in this release as well - such as pretty JSON format logging, fixes to Jaeger configuration, and more!
Breaking Changes
Previously, '/oauth2/auth/sessions/consent?subject=foo@bar.com' would revoke all consent sessions of that user. This may be problematic in cases where the caller forgot to specify the client ID as all tokens for that user are revoked. To prevent that, a "failsave" all=true is now required to make this explicit: '/oauth2/auth/sessions/consent?subject=foo@bar.com&all=true'.
Bug Fixes
- Add json_pretty to possible log.format values (cc96359)
- Add uri to jaeger's local_agent_address (#1982) (4d5df3e), closes #1956
- Bump clidoc (7800049)
- Remove duplicate html tags (#1960) (819fe6c)
- Send total item count in X-Total-Count header (#1983) (5f9f294), closes #1666
- Use SameSite=Lax for dev environments per default (534203c)
- Use SameSite=Lax for quickstart (379f5f0), closes #1988 #1981
Code Generation
- Pin v1.7.0 release commit (ff4b81e)
Code Refactoring
Documentation
-
Access token time config (#1966) (f066cc1):
Adds a short guide how to configure access token expiration time.
-
Add expiry-time sidebar item (#1967) (5f8e58b):
Adds token-expiration to sidebar.
-
Add sdk samples for tls termination and tls verify skip (#1968) (6619e59)
-
Add section on oauth2 limitations at beginning (4254363)
-
Adopt new sidebar.json (8faf070)
-
Clarify secure flag in chrome (f01ac17)
-
Clarify when to use oauth2 (4c58601)
-
Document SameSite woes on Chrome (921f8c2)
-
Fix broken links (b3c6c5a)
-
Fix invalid links (3838cdc)
-
Update oauth2 limitation section (62e6fdf)
-
Update TLS example to quote strings not spawn a subshell (#1961) (0e6ed29)
Features
-
Add audit and debug logs for cookies (08813b3)
-
Add clidoc task and program (e44d256)
-
Revoke consent sessions of a subject only if explicitly requested (#1952) (fb925cf), closes #1951:
This patch adds query parameter
allto/oauth2/auth/sessions/consent. Ifall=true, then all consent sessions of a certain subject will be revoked.
Unclassified
- Add 1.5 notes to UPGRADING.md (270b89a)
- Whitelist new session cookies and set log level to trace (6e75638)
1.6.0 (2020-07-20)
We focused on reworking the ORY Hydra documentation in this release.
Even though no breaking changes were introduced with this release, we decided to bump to the next minor (1.6) version to signal the significance of the documentation changes.
We also refactored the NodeJS example implementation to use lightweight TypeScript and the official TypeScript SDK.
Bug Fixes
- Correct hydra-login-consent-node image (2bc777d), closes #1955
- Improve nancy pipeline with nancy-ignore and bump ci (aaabb6f)
- Improve structured logging (#1935) (82c5302), closes #1683
- Logout error hint (#1949) (2f1f832)
- SDK generation at Makefile (#1954) (e7a8322)
- Use correct assertion in test (9a5593b)
Code Generation
- Pin v1.6.0 release commit (90faa60)
Documentation
- Add scaling hydra section (e812bfa)
- Annotate code samples (c6099ec)
- Clean up concept section (13c593c)
- Improve csrf debug help (48e50da)
- Move helm chart docs from ory/k8s (5185368)
- Refactor documentation (2b23437)
- Remove duplicate heading (74cb812)
- Update openid certification (5f8c0d4)
Unclassified
1.5.2 (2020-06-23)
This release contains mostly minor bug fixes and allows more granular control for listening on unix sockets.
Bug Fixes
-
Do not log error at login/consent cancelation (#1914) (379eed3), closes #1912
-
Improve Makefile dependency management (#1918) (5359276), closes #1916:
This install dependencies only when you make a target that needs it.
This also removes the check that certain system dependencies (e.g. go) are installed. Instead, we simply let the target fail. This ensures we only test for the desired dependencies.
Code Generation
- Pin v1.5.2 release commit (4d2cd48)
Features
-
Allow modifying unix socket permissions (#1915) (b19b7cf):
This allows the reverse proxy to actually read the unix socket, since
- The default permissions are 0755
- Hydra is usually run as a user different than the reverse proxy
- One needs read and write permissions to connect to the socket
With the commit, one can set the group to be a group that contains the reverse proxy user and permissions to 0770
1.5.1 (2020-06-16)
The 1.5.1 release includes several big changes to the internal code base and introduces exciting new features! It combines several beta releases that have been battle-tested by the community. Please use the 1.5.1 release instead of the 1.5.0 release which had issues with the CI pipeline! This release
- changes how migrations work internally. It does not contain breaking changes but please run
hydra migrate sqlonce you have backed up the database; - improves CockroachDB ZigZag query performance;
- OAuth2 clients are now able to use other token_endpoint_auth_signing_algorithms than RS256
- introduces Zipkin tracing support;
- improves the documentation in several locations;
- greatly improves structured logging output;
- supports unix sockets in the ORY Hydra CLI;
- uses the new ORY CLI as part of the toolchain;
- and resolves several other bugs and issues!
We would like to thank our amazing community and all contributors that have helped in making this release possible (in no particular order):
- https://github.com/rickwang7712
- https://github.com/bayansar
- https://github.com/sawadashota
- https://github.com/ka3de
- https://github.com/dalcde
- https://github.com/timsazon
- https://github.com/robhinds
- https://github.com/arkady-bagdasarov
- https://github.com/arapaho
- https://github.com/lopezator
- https://github.com/pjediny
If you haven't yet, consider joining our Slack family!
Code Generation
-
Pin v1.5.1 release commit (af8d7a6):
Bumps from v1.5.0-beta.1
1.5.0 (2020-06-16)
The 1.5 release includes several big changes to the internal code base and introduces exciting new features! It combines several beta releases that have been battle-tested by the community. This release
- changes how migrations work internally. It does not contain breaking changes but please run
hydra migrate sqlonce you have backed up the database; - improves CockroachDB ZigZag query performance;
- OAuth2 clients are now able to use other token_endpoint_auth_signing_algorithms than RS256
- introduces Zipkin tracing support;
- improves the documentation in several locations;
- greatly improves structured logging output;
- supports unix sockets in the ORY Hydra CLI;
- uses the new ORY CLI as part of the toolchain;
- and resolves several other bugs and issues!
We would like to thank our amazing community and all contributors that have helped in making this release possible (in no particular order):
- https://github.com/rickwang7712
- https://github.com/bayansar
- https://github.com/sawadashota
- https://github.com/ka3de
- https://github.com/dalcde
- https://github.com/timsazon
- https://github.com/robhinds
- https://github.com/arkady-bagdasarov
- https://github.com/arapaho
- https://github.com/lopezator
- https://github.com/pjediny
If you haven't yet, consider joining our Slack family!
Bug Fixes
-
Add config schema for log.leak_sensitive_values (#1905) (d954649)
-
Properly return when subject is empty (#1909) (5b54519), closes #1842
-
Same site legacy workaround on iOS 12 (#1908) (128ad98), closes #1810 /github.com/golang/go/blob/release-branch.go1.14/src/net/http/cookie.go#L221 /tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00#section-4 239226#L118 #1907:
Enables legacy compatibility on iOS version < 13 and macOS version < 10.15
Chores
-
Pin v1.5.0 release commit (dff6c21):
Bumps from v1.4.10
Documentation
-
Add hint for login different subject (#1880) (8f7227c):
Add hint to allow login provider login different subject when there is already an authentication of another subject.
-
Delete old redirect homepage (45595dc)
-
Use mdx for api reference (5709439)
Features
- Add Zipkin support (#1904) (05bf907)
- Allow unix socket as --endpoint (#1899) (6999a82)
- Log errors with request information (#1893) (4bfbddb)
- Support jwt signing alg other than RS256 (#1889) (fe8d77f), closes #1817
Unclassified
1.5.0-beta.5 (2020-05-28)
Adds offline_access to the scope list in OpenID Connect Discovery, makes it possible to enforce PKCE for public clients, improves structured logging, and bumps several dependencies.
Bug Fixes
- Add offline_access to discovery supported scoped (#1870) (73464e1), closes #1866
- Resolve dependency issues and adopt logrusx logger (fdb3231)
Chores
- Pin v1.5.0-beta.5 release commit (a0fbe80)
Documentation
- Move sdk to top level directory (#1876) (13ee97d)
- Update repository templates (04b2c22)
- Use central banner repo for README (ff0b990)
Features
1.5.0-beta.3 (2020-05-23)
Bumps a vulnerable dependency.
Chores
- Pin v1.5.0-beta.3 release commit (9f67b8d)
1.5.0-beta.2 (2020-05-23)
Resolves issues found in beta.1.
Bug Fixes
-
Add packr2 steps in Makefile (#1858) (08ac026), closes #1857:
packr2 binary is a needed pre-requisite used to generate .go files that pack the static files of the project into bytes that can be bundled.
Invokes packr2 in install-stable and install targets of Makefile in order to generate the .go files that pack the static files into bytes that can be bundled.
-
Automatically append multiStatements parameter to mySQL URI (#1835) (849fe62)
-
Consent cockroachdb perfomance issue with zigzag join query (#1790) (615387e), closes #1789 #1755 cockroachdb/cockroach#47179:
Add an index over subject and client_id in order to avoid the (sometimes) underperformant zigzag join query.
-
Use correct path for swagger sdk (21dcdba)
Chores
- Pin v1.5.0-beta.2 release commit (5e0d16b)
Code Refactoring
- Moved AskForConfirmation to ory/x/cmdx (#1848) (0bd0b0d)
- Moved TestMigrator to ory/x/popx (#1846) (a0919a5)
Documentation
-
Adding a line about CSRF cookie problems (#1843) (697b0f5):
Issue I experienced today, running Hydra 1.4.10 in dangerous HTTP mode, the CSRF cookie defaulted to SameSite=None, but the cookie was not marked as secure (which makes sense, as Hydra is running over HTTP), so the cookie gets ignored (and was getting CSRF value not present errors).
I was able to get around it by either overriding the SameSite setting, or by switching to TLS termination.
-
Clarify consent request list endpoint (#1859) (6dabd9b), closes #1856
-
Update name for post_logout_redirect_url (#1840) (0092a1f), closes #1832
1.5.0-beta.1 (2020-04-30)
This release changes how migrations work internally. It does
not contain breaking changes. Please run hydra migrate sql
once you have backed up the database.
Breaking Changes
Please run hydra migrate sql before applying this release.
Chores
- Pin v1.5.0-beta.1 release commit (64b2e4a)
Code Refactoring
-
Move migrations to gobuffalo/fizz (#1775) (94057d9):
This patch deprecates the previous migration system (sql-migrate) in favor of gobuffalo/fizz. No functional changes have been made.
1.4.10 (2020-04-30)
This release includes documentation changes and bug fixes.
Bug Fixes
-
Add strategies.access_token to configuration JSON schema (#1830) (f09d539)
-
docs: Prefix href to jaeger tracing ui with http:// (#1829) (0e293fc):
Before these links would lead relatively to
https://www.ory.sh/hydra/docs/127.0.0.1:16686/search
Chores
- Pin v1.4.10 release commit (d0bbf20)
Documentation
- Fix info note (bc84c01)
Unclassified
- Update oauth2.md (f99421e)
1.4.9 (2020-04-25)
This is the first release to use our new CI/CD pipeline which includes auto-generated release announcements via the newsletter.
If you have feedback on this new process feel free to start a discussion on Slack!
This release fixes some bugs and improves the docs.
Bug Fixes
Chores
- Pin v1.4.9 release commit (eed9d87)
1.4.8 (2020-04-24)
Bug Fixes
Chores
- Pin 1.4.8 release commit (bcfc6c4)
Documentation
- Add docker help to self-signed ssl (8be079b)
- Add tls self-signed certificate guide (#1826) (a90483f), closes #1822
Features
-
Add workaround for CSRF SameSite=None cookies (#1810) (8967b9c), closes #1753:
Implements the workaround from https://web.dev/samesite-cookie-recipes/ for the CSRF cookies only when using SameSite=None. This is configurable and disabled by default.
Also adds some unit tests for the existing CSRF cookie helpers, along with unit tests for this change.
1.4.7 (2020-04-24)
This is the first release to use our new CI/CD pipeline which includes auto-generated release announcements via the newsletter.
If you have feedback on this new process feel free to start a discussion on Slack!
This release fixes some bugs and improves the docs.
Bug Fixes
-
Allow -1 as ttl.refresh_token value (#1819) (66f5d3a), closes #1811:
Because viper converts the type from both string and number to time.Duration we can allow both types.
-
docker: Add nsswitch.conf into the dockerfiles (#1816) (48cf366):
Go's netgo implementation currently does not respect hostname overrides defined in /etc/hosts if the /etc/nsswitch.conf does not exists.
Made changes to the Dockerfiles to add a standard /etc/nsswitch.conf to fix this issue.
-
docker: Bump version to 1.4.6 (0692869)
-
Use semver-regex replacer func (77c6752)
Chores
- Pin v1.4.7 release commit (11cc6bf)
Documentation
- Add CSRF section to debug (#1813) (85551eb)
- Clarify scope section (7606a48)
- Fix golang and javascript sdk links (0143712)
- Fix two broken links in sdk overview (#1809) (9def4ba)
- Update linux install guide (#1806) (a9eed57)
1.4.6 (2020-04-17)
fix: resolve bugs in config schema (#1805)
This patch fixes 6 bugs in the config.schema.json and adds "additionalProperties": false where appropriate.
Closes #1804
Co-authored-by: aeneasr aeneas@ory.sh
Bug Fixes
-
Resolve bugs in config schema (#1805) (1f6da12), closes #1804:
This patch fixes 6 bugs in the config.schema.json and adds "additionalProperties": false where appropriate.
-
Use existing docker versions in quickstart compose (4892a1f)
Documentation
- Update banner img src (4b2af79)
- Update banner src (14849eb)
- Update github templates (#1803) (dd03c4d)
1.4.5 (2020-04-16)
docs: update github templates (#1802)
Signed-off-by: aeneasr aeneas@ory.sh
Bug Fixes
Documentation
1.4.3 (2020-04-16)
fix: return proper error code in refresh and code flows (#1800)
Resolves a regression issue which sends an invalid error response when a refresh token is being re-used, is not found, or the wrong client is accessing it.
This patch also bumps jose-related tooling which introduces better security measure against certain types of x509 attacks.
See https://community.ory.sh/t/refresh-token-endpoint-returns-invalid-request-error-expecting-invalid-grant/1637/2 See ory/fosite#426 See ory/fosite#418
Bug Fixes
-
consent: Login and consent error handling (#1799) (af18bdb), closes #1791 #1791:
A regression was introduces in 1.4.2 which caused the error handling to misbehave
-
Return proper error code in refresh and code flows (#1800) (9145e65):
Resolves a regression issue which sends an invalid error response when a refresh token is being re-used, is not found, or the wrong client is accessing it.
This patch also bumps jose-related tooling which introduces better security measure against certain types of x509 attacks.
See https://community.ory.sh/t/refresh-token-endpoint-returns-invalid-request-error-expecting-invalid-grant/1637/2 See ory/fosite#426 See ory/fosite#418
Code Refactoring
Documentation
- Regenerate and update changelog (d66a43e)
- Regenerate and update changelog (6e899a2)
- Regenerate and update changelog (c3bb3ee)
- Regenerate and update changelog (00dc9cb)
- Regenerate and update changelog (fb502cd)
- Update github templates (#1795) (ddbad66)
- Update github templates (#1797) (ad9668c)
- Updates issue and pull request templates (#1777) (3694f3c)
- Updates issue and pull request templates (#1778) (561d500)
- Updates issue and pull request templates (#1780) (d6c4eea)
Features
1.4.2 (2020-04-03)
chore: move to ory analytics fork (#1776)
Chores
Documentation
- Add 1.4 section to upgrade guide (fab354a)
- Regenerate and update changelog (485961b)
- Regenerate and update changelog (77b82ac)
1.4.1 (2020-04-02)
fix: add forgotten error check to test (#1774)
Bug Fixes
1.4.0 (2020-04-02)
Merge pull request from GHSA-3p3g-vpw6-4w66
BREAKING CHANGE: This patch requires a new SQL Table which needs to be created using hydra migrate sql. No other breaking changes have been introduced by this patch.
This patch introduces a blacklist for JTIs which prevents a potential replay of private_key_jwt JWTs when performing client authorization.
GHSA-3p3g-vpw6-4w66
Impact
When using client authentication method "private_key_jwt" 1, OpenId specification says the following about assertion jti:
A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties
Hydra does not seem to check the uniqueness of this jti value. Here is me sending the same token request twice, hence with the same jti assertion, and getting two access tokens:
$ curl --insecure --location --request POST 'https://localhost/_/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=c001d00d-5ecc-beef-ca4e-b00b1e54a111' \
--data-urlencode 'scope=application openid' \
--data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
--data-urlencode 'client_assertion=eyJhb [...] jTw'
{"access_token":"zeG0NoqOtlACl8q5J6A-TIsNegQRRUzqLZaYrQtoBZQ.VR6iUcJQYp3u_j7pwvL7YtPqGhtyQe5OhnBE2KCp5pM","expires_in":3599,"scope":"application openid","token_type":"bearer"}⏎ ~$ curl --insecure --location --request POST 'https://localhost/_/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=c001d00d-5ecc-beef-ca4e-b00b1e54a111' \
--data-urlencode 'scope=application openid' \
--data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
--data-urlencode 'client_assertion=eyJhb [...] jTw'
{"access_token":"wOYtgCLxLXlELORrwZlmeiqqMQ4kRzV-STU2_Sollas.mwlQGCZWXN7G2IoegUe1P0Vw5iGoKrkOzOaplhMSjm4","expires_in":3599,"scope":"application openid","token_type":"bearer"}
Severity
We rate the severity as medium because the following reasons make it hard to replay tokens without the patch:�
- TLS protects against MITM which makes it difficult to intercept valid tokens for replay attacks
- The expiry time of the JWT gives only a short window of opportunity where it could be replayed
Patches
This will be patched with v1.4.0+oryOS.17
Workarounds
Two workarounds have been identified:
- Do not allow clients to use
private_key_jwt - Use short expiry times for the JWTs
References
https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
Upstream
This issue will be resolved in the upstream repository https://github.com/ory/fosite
Breaking Changes
This patch requires a new SQL Table which needs to be created using hydra migrate sql. No other breaking changes have been introduced by this patch.
This patch introduces a blacklist for JTIs which prevents a potential replay of private_key_jwt JWTs when performing client authorization.
GHSA-3p3g-vpw6-4w66
Impact
When using client authentication method "private_key_jwt" 1, OpenId specification says the following about assertion jti:
A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties
Hydra does not seem to check the uniqueness of this jti value. Here is me sending the same token request twice, hence with the same jti assertion, and getting two access tokens:
$ curl --insecure --location --request POST 'https://localhost/_/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=c001d00d-5ecc-beef-ca4e-b00b1e54a111' \
--data-urlencode 'scope=application openid' \
--data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
--data-urlencode 'client_assertion=eyJhb [...] jTw'
{"access_token":"zeG0NoqOtlACl8q5J6A-TIsNegQRRUzqLZaYrQtoBZQ.VR6iUcJQYp3u_j7pwvL7YtPqGhtyQe5OhnBE2KCp5pM","expires_in":3599,"scope":"application openid","token_type":"bearer"}⏎ ~$ curl --insecure --location --request POST 'https://localhost/_/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=c001d00d-5ecc-beef-ca4e-b00b1e54a111' \
--data-urlencode 'scope=application openid' \
--data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
--data-urlencode 'client_assertion=eyJhb [...] jTw'
{"access_token":"wOYtgCLxLXlELORrwZlmeiqqMQ4kRzV-STU2_Sollas.mwlQGCZWXN7G2IoegUe1P0Vw5iGoKrkOzOaplhMSjm4","expires_in":3599,"scope":"application openid","token_type":"bearer"}
Severity
We rate the severity as medium because the following reasons make it hard to replay tokens without the patch:�
- TLS protects against MITM which makes it difficult to intercept valid tokens for replay attacks
- The expiry time of the JWT gives only a short window of opportunity where it could be replayed
Patches
This will be patched with v1.4.0+oryOS.17
Workarounds
Two workarounds have been identified:
- Do not allow clients to use
private_key_jwt - Use short expiry times for the JWTs
References
https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
Upstream
This issue will be resolved in the upstream repository https://github.com/ory/fosite
Bug Fixes
-
client: Remove 404 from GET responses (#1746) (6147e11), closes #1744
-
Force transaction isolation level to
LevelRepeatableRead(#1766) (ad7ae00), closes #1719 #1735:To improve consistency in certain authorization flows that utilize transactions, this PR forces the SQL storage transaction isolation level to
LevelRepeatableRead. This will ensure that we avoid the phenomena of non-repeatable reads which occur when a transaction re-reads data it has previously read and then finds out that another transaction has since modified that data and committed. As a result, setting this isolation level fixes a flaw where one could use a given refresh token more than once. See the test added.In the event that multiple concurrent transactions are competing under a given refresh token workflow, the underlying database engine will eventually return an error when one of the transactions successfully commits. For example, in such a scenario, postgres will rollback the transaction with:
could not serialize access due to concurrent update (SQLSTATE 40001) -
sdk: Ignore go-jose when generating swagger spec (#1757) (1388482)
Code Refactoring
- client: Reduce SQL boilerplate code (#1758) (7ab7154), closes #1730
- Switch from lib/pq to jackc/pgx (#1736) (ec78668), closes #1599
- Switch from lib/pq to jackc/pgx (#1738) (2296e78), closes #1599
Documentation
- Regenerate and update changelog (179dd5a)
- Regenerate and update changelog (fefed90)
- Regenerate and update changelog (6a52b87)
- Regenerate and update changelog (284184c)
- Regenerate and update changelog (6623eb0)
- Regenerate and update changelog (950d6fc)
- Regenerate and update changelog (142771a)
- Regenerate and update changelog (95fe01f)
- Regenerate and update changelog (6ec8688)
- Regenerate and update changelog (e1e89e7)
- Regenerate and update changelog (92682e2)
- Regenerate and update changelog (89710e1)
- Regenerate and update changelog (8dd9bb1)
- Regenerate and update changelog (e527db2)
- Update forum and chat links (4de078a)
- Updates issue and pull request templates (#1764) (1a0c643)
Features
Unclassified
-
Merge pull request from GHSA-3p3g-vpw6-4w66 (700d17d)
-
Revert "refactor: switch from lib/pq to jackc/pgx (#1736)" (#1737) (7ff16cf), closes #1736 #1737:
This reverts commit ec786685d2873874962f1091c23259d74de9a0b2.
1.3.2 (2020-02-17)
chore: Regenerate swagger spec and internal client
Bug Fixes
Chores
- Regenerate swagger spec and internal client (388284f)
Documentation
- Regenerate and update changelog (2f9f103)
1.3.1 (2020-02-16)
ci: Bump SDK orb
Continuous Integration
- Bump SDK orb (2fcf48a)
1.3.0 (2020-02-14)
docs: Regenerate and update changelog
Bug Fixes
- Bump Go to 1.13 for e2e docker images (68f5b2d)
- consent: Fix concurrent write and read on map (#1722) (75126de), closes #1721
- consent: Resolve test issues (d28d98d)
- Resolve linter complaints (f1c926b)
- Send 401 instead of 404 for unknown client (#1707) (2bcd432), closes #1617
- Update for 5 minute tutorial (#1704) (aeecfe1)
Documentation
- Prepare 1.3.0 release (13c2216)
- Prepare ecosystem automation (c26a088)
- Regenerate and update changelog (513160b)
- Regenerate and update changelog (f146fda)
- Regenerate and update changelog (35755bd)
- Regenerate and update changelog (a86c8e6)
- Regenerate and update changelog (4ff179a)
- Regenerate and update changelog (7b89b43)
- Regenerate and update changelog (f11d143)
- Remove examples section from ecosystem (15dfef0)
- Updates issue and pull request templates (#1715) (694d333)
Features
-
New setting to specify SameSite cookie mode (#1718) (715522a):
Recent changes to Chrome require setting of SameSite cookie policy if it is acceptable for cookies to be used in a third party setting: https://blog.chromium.org/2020/02/samesite-cookie-changes-in-february.html
Some discussion on this in the community board https://community.ory.sh/t/does-hydra-support-samesite-none-for-cookies/1491
Unclassified
-
feat(consent)!: Track handled_at for consent requests (#1689) (d9308fa), closes #1689 #1684:
This patch adds a feature where handling (accepting or rejecting) a consent request causes a time stamp (
handled_at) to be updated.This patch includes schema changes that required
hydra migrate sqlto be applied. -
Update CHANGELOG [ci skip] (91d6737)
-
Update CHANGELOG [ci skip] (2d8c1ec)
1.2.3 (2020-01-31)
Update CHANGELOG [ci skip]
Unclassified
- Update CHANGELOG [ci skip] (ae4334d)
- Small punctuation README change (#1713) (f83edb2), closes #1713
- Update CHANGELOG [ci skip] (5cd6736)
- Update CHANGELOG [ci skip] (4dd7acb)
- Remove merge client during update in memory (#1705) (b0bf43f)
1.2.2 (2020-01-23)
Updates configuration value for supported OIDC Subject Types (#1706)
Renames config key oidc.subject_identifiers.enabled to oidc.subject_identifiers.supported_types. See #1704
Documentation
Unclassified
- Updates configuration value for supported OIDC Subject Types (#1706) (2e285b9), closes #1706 #1704
- Update CHANGELOG [ci skip] (37e96b7)
- Update CHANGELOG [ci skip] (cb7274f)
- Fix logging Span ID (#1695) (7f84351)
- Update ory/x dependency to 0.0.89 (#1702) (5a27ab3), closes #1667
1.2.1 (2020-01-15)
Update CHANGELOG [ci skip]
Unclassified
-
Update CHANGELOG [ci skip] (6ab4587)
-
Remove sdk/generate as dependency from changelog (9565bf3)
-
Update CHANGELOG [ci skip] (f40d2a8)
-
Update CHANGELOG [ci skip] (0761156)
-
Update SDK (f1b45c3)
-
Update CHANGELOG [ci skip] (fc16ab9)
-
Update SDK (bb41c80)
-
Update CHANGELOG [ci skip] (7cbeb97)
-
Update SDK (e21a6c0)
-
Update Consent API Swagger definitions (#1682) (8bd4e55), closes #1682
-
Update CHANGELOG [ci skip] (9b83358)
-
Update SDK (23b209f)
-
Bump docker base images (#1686) (51249b9):
Go to v1.13.5 Alpine to v3.11
-
Restrict fc & bc logout to sid parameter (#1691) (d68838e), closes #1660
1.2.0 (2020-01-08)
Update CHANGELOG [ci skip]
Unclassified
1.2.0-alpha.3 (2020-01-08)
Remove unused swagger definitions (#1681)
Unclassified
- Remove unused swagger definitions (#1681) (7d3f73c), closes #1681
- Update CHANGELOG [ci skip] (a276bc7)
- Update SDK (88965e1)
1.2.0-alpha.2 (2020-01-08)
ci: Bump sdk orb to 0.1.10
Continuous Integration
- Bump sdk orb to 0.1.10 (6fa6e41)
1.2.0-alpha.1 (2020-01-07)
Update CHANGELOG [ci skip]
Documentation
- Add better development instructions (#1678) (4b81e9e)
- Incorporates changes from version v1.1.1 [ci skip] (43d1218)
- Incorporates changes from version v1.1.1-2-g0a551405 [ci skip] (f0f8902)
- Incorporates changes from version v1.1.1-4-g62345587 [ci skip] (ee61dff)
Unclassified
-
Update CHANGELOG [ci skip] (1672777)
-
Update SDK (28374ce)
-
Update CHANGELOG [ci skip] (5621f9a)
-
Update SDK (11ac7b4)
-
Update CHANGELOG [ci skip] (2e99644)
-
Update SDK (6446c55)
-
Move to new SDK generator (#1677) (02e7c22), closes #1677:
This PR moves to the new SDK generation pipeline. Due to an accidental push to master from a broken CI task, it includes several commits that are already in master. Please ignore those commits named
(interim). This is the correct umbrella commit. -
Update SDK (5795d50)
-
Implement new SDK pipeline (interim) (d1778b8):
This is an interim commit that got pushed to master by the CI on accident.
-
Implement new SDK pipeline (interim) (84a53b3):
This is an interim commit that got pushed to master by the CI on accident.
-
Implement new SDK pipeline (interim) (c499e52):
This is an interim commit that got pushed to master by the CI on accident.
-
Update SDK (4293f5f)
-
Implement new SDK pipeline (interim) (1e9eaf0):
This is an interim commit that got pushed to master by the CI on accident.
-
Implement new SDK pipeline (interim) (57c4b29):
This is an interim commit that got pushed to master by the CI on accident.
-
Implement new SDK pipeline (interim) (7298581):
This is an interim commit that got pushed to master by the CI on accident.
-
Implement new SDK pipeline (interim) (4880fb2):
This is an interim commit that got pushed to master by the CI on accident.
-
Implement new SDK pipeline (interim) (51ad2fb):
This is an interim commit that got pushed to master by the CI on accident.
-
Implement new SDK pipeline (interim) (dccf0e4):
This is an interim commit that got pushed to master by the CI on accident.
-
Implement new SDK pipeline (interim) (209f541):
This is an interim commit that got pushed to master by the CI on accident.
-
Implement new SDK pipeline (interim) (bcc177c):
This is an interim commit that got pushed to master by the CI on accident.
-
Implement new SDK pipeline (interim) (b61cb5c):
This is an interim commit that got pushed to master by the CI on accident.
-
Implement new SDK pipeline (interim) (7855215):
This is an interim commit that got pushed to master by the CI on accident.
-
Update CHANGELOG [ci skip] (487aaf8)
-
Update config.yaml (#1676) (bca3e0f), closes #1676:
Use the actual default admin port in example.
-
Implement new SDK pipeline (interim) (94101dc):
This is an interim commit that got pushed to master by the CI on accident.
-
Reintroduce SDK task (0a55140)
-
Use generate secrets function as used in cmd (#1674) (bf2f0fe):
If a client is being created by the api and the client_secret is not specified then the client_secret is being generated as a random string of length 26.
1.1.1 (2019-12-19)
docs: Incorporates changes from version v1.1.0-4-gc37b710b [ci skip]
Documentation
- Incorporates changes from version v1.1.0 [ci skip] (2e24e66)
- Incorporates changes from version v1.1.0-2-gc9a01e65 [ci skip] (e5b5de0)
- Incorporates changes from version v1.1.0-4-gc37b710b [ci skip] (d78f403)
Unclassified
- Create and use a proper user in the alpine Dockerfile (#1669) (c37b710), closes #1669 #1596
- Added tests for helpers (#1665) (c9a01e6)
1.1.0 (2019-12-16)
docs: Update upgrade guide for 1.1.0
Documentation
- Incorporates changes from version v1.0.9 [ci skip] (36144f7)
- Incorporates changes from version v1.0.9-12-gc1a5c3a5 [ci skip] (4010d43)
- Incorporates changes from version v1.0.9-14-ge6f4f90c [ci skip] (b0ddc2a)
- Incorporates changes from version v1.0.9-2-gd5e8f970 [ci skip] (a47dd97)
- Incorporates changes from version v1.0.9-5-g53d5c7cb [ci skip] (3569ea3)
- Incorporates changes from version v1.0.9-7-g9abfe794 [ci skip] (c87c9ad)
- Incorporates changes from version v1.0.9-9-ge0f0a50d [ci skip] (9dbf8b5)
- Update upgrade guide for 1.1.0 (d752cfb)
Unclassified
-
Add several SQL lookup indices (#1654) (7cb7783), closes #1654 #1653
-
Fix typo in handler.go comment (#1626) (53d5c7c), closes #1626:
... and generated documentation
-
Update dockerfiles to latest alpine and golang (#1636) (19bba5c), closes #1636
-
Bump ory/x to 0.0.82 (#1641) (9abfe79), closes #1640:
Resolves an issue where the MySQL connection string would be included in the logs.
1.0.9 (2019-11-02)
docs: Incorporates changes from version v1.0.8-18-gb48b1a08 [ci skip]
Documentation
- Incorporates changes from version v1.0.8-13-gc629190a [ci skip] (8de3dca)
- Incorporates changes from version v1.0.8-15-g31ecf09c [ci skip] (ad9db79)
- Incorporates changes from version v1.0.8-18-gb48b1a08 [ci skip] (ba3f66f)
- Incorporates changes from version v1.0.8-8-g757c2d39 (e17c1ba)
- Incorporates changes from version v1.0.8-9-ge17c1ba2 (c066278)
- Remove OAuth 2.0 Dynamic Client Registration links (#1611) (40d2276), closes #1601
- Resolve broken markdown links (#1612) (c629190), closes #1600
Unclassified
-
Revert incorrect license changes (9722506)
-
Updated README.md file (#1606) (44ee9e2), closes #1606:
Made grammatical corrections
-
Remove unnecessary paragraph in Hydra API docs (#1605) (6ff3510), closes #1605
-
Add optional metadata field (#1602) (c84adc7), closes #1594:
Added field
metadatato client payloads which can be used to store arbitrary JSON blobs.l -
Change pk field to int64 (#1597) (7547ac9), closes #1595:
Changed PK from int to int64, ran make test with no issues.
-
Correct alias in OAuth2 scopes documentation (#1613) (31ecf09)
-
deps: Bump jackson-version in /sdk/java/hydra-client-resttemplate (#1608) (713a5ae):
Bumps
jackson-versionfrom 2.8.9 to 2.10.0.Updates
jackson-corefrom 2.8.9 to 2.10.0Updates
jackson-annotationsfrom 2.8.9 to 2.10.0Updates
jackson-databindfrom 2.8.9 to 2.10.0Updates
jackson-jaxrs-json-providerfrom 2.8.9 to 2.10.0Updates
jackson-datatype-jodafrom 2.8.9 to 2.10.0 -
Fix CORS origin match for OAuth2 Clients (#1624) (b48b1a0), closes #1615
1.0.8 (2019-10-04)
driver: don't log DSN (#1593)
Unclassified
- Don't log DSN (#1593) (f60c724)
- Don't touch authentication cookie on skipped logins (#1564) (31752ab), closes #1557
1.0.7 (2019-09-29)
ci: Update github_changhelog_generator version
Continuous Integration
- Update github_changhelog_generator version (46afe21)
1.0.6 (2019-09-29)
ci: Use ruby 2.5
Continuous Integration
- Use ruby 2.5 (a3e6674)
1.0.5 (2019-09-28)
ci: Bump changelog ruby version (#1586)
Continuous Integration
1.0.4 (2019-09-26)
cmd: Remove stray log lines (#1581)
Closes ory/k8s#55
Unclassified
-
Update README.md (debbf30)
-
deps: Bump jackson-version in /sdk/java/hydra-client-resttemplate (#1578) (eaefe2d):
Bumps
jackson-versionfrom 2.8.9 to 2.10.0.pr3.Updates
jackson-corefrom 2.8.9 to 2.10.0.pr3Updates
jackson-annotationsfrom 2.8.9 to 2.10.0.pr3Updates
jackson-databindfrom 2.8.9 to 2.10.0.pr3Updates
jackson-jaxrs-json-providerfrom 2.8.9 to 2.10.0.pr3Updates
jackson-datatype-jodafrom 2.8.9 to 2.10.0.pr3 -
Remove stray log lines (#1581) (8ad7069):
Closes ory/k8s#55
1.0.3 (2019-09-23)
Fix broken release pipeline (#1575)
Unclassified
1.0.2 (2019-09-18)
docker: Add alpine image (#1566)
Closes #1558
Unclassified
- Add quickstart for prometheus. (#1562) (2728b36), closes #1562
- Add alpine image (#1566) (2fbcb59), closes #1558
- Enable PKCE for private clients (#1567) (823e493), closes #1512
- Ensure order of paginated results (9f22545), closes #1554
- Makes init task in makefile and corrects readme (#1555) (f834907)
- Resolve Go 1.12.7 regression in migrate sql (#1565) (d112c72)
1.0.1 (2019-09-04)
Update README.md (#1549)
Space missing :)
Documentation
-
Incorporates changes from version v1.0.0 (ca29966)
-
Update libraries and 3rd party section (#1518) (c95512a):
Mark old community projects as such.
Unclassified
-
Update README.md (#1549) (937cb2e), closes #1549:
Space missing :)
-
Resolve broken apache thrift dependency (#1540) (8604797), closes #1540 #1539
-
Create FUNDING.yml (ad78e56)
-
Bump to fosite 0.29.7 (#1517) (7956af7), closes #1512:
Using PKCE with private clients now returns an error message.
-
Deduplicate front-/backchannel logout calls (#1531) (a2f5724)
-
deps: Bump eslint-utils from 1.3.1 to 1.4.2 (#1544) (c929e6a):
Bumps eslint-utils from 1.3.1 to 1.4.2.
-
deps: Bump extend from 3.0.1 to 3.0.2 (#1514) (aecbc07):
Bumps extend from 3.0.1 to 3.0.2.
-
deps: Bump jackson-version in /sdk/java/hydra-client-resttemplate (#1505) (aadd1c6):
Bumps
jackson-versionfrom 2.8.9 to 2.10.0.pr1.Updates
jackson-corefrom 2.8.9 to 2.10.0.pr1Updates
jackson-annotationsfrom 2.8.9 to 2.10.0.pr1Updates
jackson-databindfrom 2.8.9 to 2.10.0.pr1Updates
jackson-jaxrs-json-providerfrom 2.8.9 to 2.10.0.pr1Updates
jackson-datatype-jodafrom 2.8.9 to 2.10.0.pr1 -
deps: Bump lodash in /test/e2e/oauth2-client (#1491) (e4bac7e):
Bumps lodash from 4.17.11 to 4.17.14.
-
deps: Bump mixin-deep in /test/e2e/oauth2-client (#1548) (f47ece1):
Bumps mixin-deep from 1.3.1 to 1.3.2.
-
Enrich oauth2_token_response and params (#1551) (55873d2), closes #1509 #1533:
Add IdToken and Scope to oauth2_token_response. These fields are presented in response and should be parsed.
Add RefreshToken field to oauth2_token_params. With RefreshToken field we will be able to refresh Access token by providing Refresh token.
-
Fix migration plan output (#1504) (e4ae446):
The output of "migration sql" returned duplicate lines and misassigned migrations to their components.
This patch resolves that.
-
Fix trailing slash bug in issuer url (#1552) (02ee452), closes #1546
-
Print meaningful error messages on network issues (#1493) (deb1574), closes #1492
-
Upgrade swagger and resolve PHP SDK issues (#1535) (d4a7d6b), closes #1480 #1532 #1508
-
Use commit hash instead of version for link to config (#1488) (f8b4a3c), closes #1486
1.0.0 (2019-06-24)
jwk: Fix JWK deletion in memory manager (#1474)
Signed-off-by: Shota Sawada xiootas@gmail.com
Documentation
- Incorporates changes from version v1.0.0-rc.16 (043c663)
Unclassified
- Add missing html closing tag to token user (#1479) (724ccc4)
- Fix JWK deletion in memory manager (#1474) (036f763)
1.0.0-rc.16 (2019-06-13)
Remove binary license (#1470)
Documentation
- Add a link to Identity Provider "Werther" to community projects (#1464) (e6cdfe1)
- Fix broken benchmark link in readme (25bce0c), closes #1465
Unclassified
-
Add option to disable access log for health endpoints (#1458) (0972750), closes #1278:
This commit adds an option to disable access log for health endpoints. This is especially helpful in environments like Kubernetes, where special preprocessing filters would be required otherwise.
-
Add support for B3 headers via JAEGER_PROPAGATION (#1456) (400c47f), closes #1447:
This will provide compatibility with istio.
-
Bump ory/x to 0.0.64 (23e0e6a)
1.0.0-rc.15 (2019-06-05)
cli: Use go templates in token user (#1461)
Documentation
-
Fix link to system secret rotation (#1459) (bc92052):
The following link no longer exists https://www.ory.sh/docs/hydra/advanced#system-secret-rotation
New link is here https://www.ory.sh/docs/hydra/advanced#rotation-of-hmac-token-signing-and-database-and-cookie-encryption-keys
-
Incorporates changes from version v1.0.0-rc.14 (51c071f)
Unclassified
-
oauth2: Don't show registration_endpoint if config is undefined (#1449) (6d46786), closes #1449 #1448
-
Create SECURITY.md (c820448)
-
deps: Bump jackson-version in /sdk/java/hydra-client-resttemplate (#1453) (4da16e0):
Bumps
jackson-versionfrom 2.8.9 to 2.9.9.Updates
jackson-corefrom 2.8.9 to 2.9.9Updates
jackson-annotationsfrom 2.8.9 to 2.9.9Updates
jackson-databindfrom 2.8.9 to 2.9.9Updates
jackson-jaxrs-json-providerfrom 2.8.9 to 2.9.9Updates
jackson-datatype-jodafrom 2.8.9 to 2.9.9 -
Support default jaeger environment variables (#1442) (ba2d49b)
1.0.0-rc.14 (2019-05-18)
ci: Resolve goreleaser issues (#1445)
Continuous Integration
Documentation
- Incorporates changes from version v1.0.0-rc.12 (d6cfb82)
- Updates issue and pull request templates (#1432) (bf926c4)
Unclassified
- Fix missing and broken swagger annotations (#1440) (b5cb153), closes #1435
- Update module definitions (#1441) (217e462)
1.0.0-rc.12 (2019-05-10)
all: add CockroachDB support (#1348)
Closes #1326
Signed-off-by: David López not4rent@gmail.com
Unclassified
-
sdk/php: Fixed namespace (#1431) (53b11cf), closes #1431 #1429
-
Allow to set the client's post-logout URIs (#1427) (82963ad)
-
Corrected oidc discovery claims and scope values (#1428) (b405190):
Signed-off-by: André Filipe Easypay andre@easypay.pt
0.0.1 (2019-05-08)
sdk/go: Add go.mod definition in sdk directory (#1425)
Closes #1422
Signed-off-by: aeneasr aeneas@ory.sh
Documentation
Unclassified
- sdk/go: Add go.mod definition in sdk directory (#1425) (5eeb162), closes #1425 #1422
- Add "Content-Type" to default allowed cors headers (45bd863), closes #1421
- Correct debug var (fa10d9d)
- Fix broken cors option test (#1423) (b96724b)
1.0.0-rc.11 (2019-05-02)
consent: Resolve nil pointer panic in logout flow (#1418)
Closes #1403
Signed-off-by: aeneasr aeneas@ory.sh
Documentation
-
Incorporates changes from version v1.0.0-rc.10 (a81ea40)
-
Ttl is a top-level config value (#1407) (9f913c6):
Don't nest it under oauth2 section
Unclassified
-
Add tests for consecutive login/consent requests with skip (32e23bc):
This adds tests for making sure that future releases don't regress on the session logic.
-
Do not confirmLoginSession when skip is true (#1414) (1f52832), closes #1409:
Resolves a regression issue introduced by OpenID Connect Front/Back-Channel Logout.
-
Remove duplicates JWKS IDs from wellknown config (b5c2565), closes #1413
-
Resolve nil pointer panic in logout flow (#1418) (33acfa8), closes #1403
-
Update migrate sql flag -e help message (#1412) (025acfb):
Updates
hydra migrate sql -ecommand message to indicate that environment flag will pull from config file. -
Use sane default settings for CORS options (#1417) (ed6e815), closes #1400
1.0.0-rc.10 (2019-04-29)
docker: Remove full tag from build pipeline
Signed-off-by: aeneasr aeneas@ory.sh
Documentation
- Incorporates changes from version v1.0.0-rc.9+oryOS.10 (70d5aaf)
- Update upgrade guide (7a77fa0)
- Update upgrade guide for rc.10 (9851f9b)
Unclassified
-
Use --yes flag for migrations everywhere (c7e7aa0)
-
Improve e2e test performance (#1392) (a4a75d4), closes #1392 #1389
-
Implement OpenID Connect Front-/Backchannel logout (#1376) (bbeee65), closes #1376 #1368 #1004 #834
-
Update quickstart.yml (f5013e4)
-
Advertise all path in sqa (2c09d20)
-
Allow prompt=none for public clients (#1391) (6cfd03e), closes #1366 #1364
-
Format javascript test code (9e829a9)
-
Ignore sdk directory when generating OA spec (#1394) (ab87306), closes #1384:
Previously, the SDK directory was included when generating the Swagger specification. This caused issues due to duplicate models. This patch resolves that issue.
-
Make clear that refresh tokens are introspectable (#1390) (98390be), closes #1250
-
Move to query parameters (#1375) (067e498):
Previously, user and client were sent as path parameters on consent and login lifecycle endpoints. This patch uses query parameters instead. This allows developers to use users with slashes and dots without causing issues with the URI path.
-
Remove full tag from build pipeline (3e534c1)
-
Resolve memory leak in gorilla/sessions (#1374) (e745aee), closes #1363
-
Update jaeger tracing docker compose file (17eaee6)
-
Use proper key name when JWT is enabled (#1373) (d27224e), closes #1371 #1369
1.0.0-rc.9+oryOS.10 (2019-04-18)
ven dor: Fix pagination headers (#1362)
Closes #1361
Signed-off-by: Kevin Minehart kmineh0151@gmail.com
Documentation
- Fix environment variable DATABASE_URL to DSN (#1343) (f964c69)
- Incorporates changes from version v1.0.0-rc.8+oryOS.10 (367e94c)
Unclassified
-
ven dor: Fix pagination headers (#1362) (9c6e4c1), closes #1362 #1361
-
Add ability to share data from login to consent request (#1353) (20aaa46), closes #1003
-
Add pagination headers to list results (#1358) (f1ee77c), closes #1047
-
Add resilience to CLI REST commands (#1359) (d84ff4c), closes #846
-
Allow whitelisting insecure redirect URLs (#1354) (cb2ad55), closes #1021:
This patch enables developers to whitelist insecure redirect URLs while using flag
--dangerous-force-http. -
Expose revocation endpoint at OIDC Discover (#1356) (27f3a05), closes #12678
-
Expose revocation endpoint at OIDC Discovery (#1355) (957a2d6), closes #12678
-
Initialize everything on start up (#1350) (6a16b1e), closes #1349
-
Introduce install-stable and install tasks (#1346) (fe720cb)
-
Use query parameters for challenges (#1351) (d88fb12), closes #1307
1.0.0-rc.8+oryOS.10 (2019-04-03)
ci: Fix broken version info in build (#1342)
Signed-off-by: aeneasr aeneas@ory.sh
Continuous Integration
Documentation
- Incorporates changes from version v1.0.0-rc.7+oryOS.10 (16ec81b)
1.0.0-rc.7+oryOS.10 (2019-04-02)
ci: Use yaml in configuration docs runner
Continuous Integration
- Use yaml in configuration docs runner (e79f025)
Documentation
- Incorporates changes from version v0.0.0-testrelease.6+oryOS.0 (55ddff2)
- Incorporates changes from version v1.0.0-rc.6+oryOS.10 (8a5a92d)
- Update docs how to serve with in memory database (52d62a4)
- Update installation guide (001a22f)
- Update patrons (685c6da)
Unclassified
-
Update CHANGELOG.md (bddf773)
-
Improve release pipeline and update changelog (#1341) (513afe0), closes #1341
-
Resolve sql testing race issues (#1332) (22c0487), closes #1332
-
Add shell installer to repo for curl | bash (#1330) (13f297f), closes #1330
-
Improve configuration and service management (#1314) (95a51de), closes #1314 #1316 #1327 #1244 #1289 #1309 #1107 #1196 #1121:
This patch significantly refactors internal configuration and service management with the goal of making configuration changes possible without service restarts. This patch prepares the possibility to configure ORY Hydra from a remote source (etcd, consul) and watch for changes. This patch also introduces the possibility to configure ORY Hydra from a configuration file on top of environment variables.
The following issues have been fixed as well:
-
Add --allowed-cors-origins to
client create(#1290) (c174f96):This allows the creation of clients permitted to make CORS requests from specific domains.
-
Add check for empty subject in AcceptLoginRequest (#1308) (1d963c2), closes #1254
-
Add client secret encryption option (#1322) (468076e), closes #1317
-
Better defaults for consent denied errors (#1297) (0fc875a), closes #1285
-
Bump alpine version (#1291) (e0d3b0d):
https://www.alpinelinux.org/posts/Alpine-3.9.0-released.html
-
Bump base docker image versions (d021022)
-
Bump Golang to 1.12.1 (#1315) (a073966), closes /golang.org/doc/devel/release.html#go1
-
Disable modules temporarily when fetching a tool (#1302) (bd5b90b)
-
Disable RejectInsecureRequest middleware on unix sockets (#1259) (af125b3):
We should not reject insecure requests coming in via unix socket as there is no TLS support anyways.
-
Disable remember and skip logic (#1325) (5b8549a), closes #1165
-
Enable to validate by old system secret (#1249) (e2b88d2):
- enable to validate by old system secret when setting
ROTATED_SYSTEM_SECRET - don't hash when rotated system secret is empty
- add test for rotated system secret getter
- enable to validate by old system secret when setting
-
Ffix error message of too short new system secret (#1248) (e2d6c44)
-
Fix available time duration unit at token flush CLI description (#1251) (149573a):
"1d" is unavailable unit, see: https://godoc.org/time#ParseDuration
-
Fix description of clients create --subject-type option (#1305) (fa40b43)
-
Fix docker-compose wrong restart values (#1313) (4d004bf), closes #1312
-
Fix swagger documentation for oauth2/token (#1284) (3db25f6), closes #1274
-
Login revokation is exposed at public not admin (#1333) (7c4b6d4), closes #1329
-
Prevent errors when calling HandleConsentRequest a second time (#1318) (ac2f23e), closes #1256
-
Refactor docker-compose for cleanness and readability (03a28c3):
Reorganize/split docker-compose config between multiple files for cleanness and readability
-
Return proper refresh token expiration time (#1300) (a18c44e), closes #1296
-
Support multi proxies between TLS termination proxy and hydra (#1283) (769491d), closes #1282
-
Support transactions in SQL store (#1277) (65415ff), closes #1247 #1247 #1247 #1247 #1247 #1247
1.0.0-rc.6+oryOS.10 (2018-12-18)
docker: Bump base docker image versions (#1243)
Closes #1238
Signed-off-by: aeneasr aeneas@ory.sh
Documentation
- Fix install guide typo GO111MOUDULE (#1242) (4de3d11), closes #1235
- Incorporates changes from version v1.0.0-rc.5+oryOS.10 (08c7088)
Unclassified
- Bump base docker image versions (#1243) (bdb6634), closes #1238
- Properly declare SQL NullStrings (#1241) (31bf23e), closes #1240
1.0.0-rc.5+oryOS.10 (2018-12-13)
docs: Update consent node docker image
Documentation
- Fix typo in README (#1233) (30a7c8e)
- Incorporates changes from version v1.0.0-rc.4+oryOS.9 (48ae9ef)
- Update consent node docker image (3358c0b)
- Update consent node docker image (688706e)
- Update upgrade guide (2470942)
Unclassified
-
Fix help output of
hydra serve ...(#1229) (a78050d):The help message is missing separation of public and admin port.
-
Support binding frontend/backend to unix sockets (#1230) (aa6ab26):
This allows the use of strings like "unix:/path/to/socket" as PUBLIC_HOST and/or PRIVATE_HOST.
1.0.0-rc.4+oryOS.9 (2018-12-12)
oauth2: Export tests and test helpers (#1212)
Signed-off-by: Prateek Malhotra someone1@gmail.com
Documentation
- Adapt new docs id structure (#1208) (1397b59)
- Fix broken links (#1216) (e4bc6c2)
- Incorporates changes from version v1.0.0-rc.3+oryOS.9 (14ecdf7)
Unclassified
-
Add created/updated at fields (#1207) (24a40a0), closes #1120
-
Remove superuser requirements from postgres migrations (#1226) (a455fdf), closes #1209
-
Show all granted consent requests (#1206) (f54448c), closes #1203:
Instead of just showing consent requests which have remember set to true, show all past consent request.
1.0.0-rc.3+oryOS.9 (2018-12-06)
Update docker-compose-twoc.yml
Documentation
- Fixed tutorial link in README.md (#1193) (563276b)
- Incorporates changes from version v1.0.0-rc.2+oryOS.9 (8ca315c)
- Migrate links from old docs to new docs (#1197) (55654c0)
- Remove duplicated refresh token section (#1188) (a481aa4)
Unclassified
- Update docker-compose-twoc.yml (00f1cb6)
- Update docker-compose.yml (f05077a)
- Add instructions for updating the
hydra-migrateservice to use mysql instead of postgres (#1192) (561ecb3) - Correct composer autoloader namespace (#1200) (7f50b94), closes #1199
- Rename grant type authorize_code to authorization_code (#1191) (4b97a0f)
- Streamline method signatures (#1190) (c3cc80c)
- Use html templates in fallback endpoints (#1202) (9b5bbd4)
1.0.0-rc.2+oryOS.9 (2018-11-21)
sql: Resolve beta.9 -> rc.1 migration issue (#1186)
Closes #1185
Signed-off-by: aeneasr aeneas@ory.sh
Documentation
- Incorporates changes from version v1.0.0-rc.1+oryOS.9 (8352d84)
Unclassified
1.0.0-rc.1+oryOS.9 (2018-11-21)
e2e: Add e2e tests checking consistency (#1184)
Signed-off-by: aeneasr aeneas@ory.sh
Build System
Documentation
-
Add schema changes to upgrade guide (#1082) (c5502c8), closes #1069
-
Fix benchmark path (aa0926c)
-
Fix benchmark path (61c6375)
-
Fix broken benchmark path (891aabe)
-
Fix broken benchmark path (af56862)
-
Fix migrate sql command at upgrading guide (#1183) (9f991f2)
-
Incorporates changes from version v1.0.0-beta.9 (4b52a07)
-
Link to proper benchmarks section (#1102) (b133d79):
Updated URL of performance benchmarks results.
-
Update link to security console (26db8db)
-
Update upgrade guide (6814af0)
-
Updates issue and pull request templates (8616aca)
Unclassified
-
docs. Update installation instructinos (6f72a57)
-
sdk/js: Declare opencollective as devdep (#1109) (d3a0717), closes #1109
-
Switch to go modules and add vendor (#1077) (2b491c9), closes #1077 #1074
-
change go-resty import path for gopkg.in/resty.v1 (#1064) (9ec5fbc), closes #1064:
- sdk/go: Change go-rest import path
-
bump fosite version to 0.22.0 - brings in changes to the JWTStrategy (0f0a204)
-
cmd/server: Export Handler bootstrap functions (#1023) (60e3dab), closes #1023
-
Use latest version of sqlcon (0fbddcc)
-
Add ability to specify consent and login lifespan (#1155) (4a8cf84), closes #1057
-
Add an instrumented implementation of the bcrypt hasher that creates spans around calls to Hash and Compare (26d1d12)
-
Add error response if consent or login challenge is expired (#1098) (bbc4020), closes #1056
-
Add https option to token user command (#1150) (2ff6561), closes #1147
-
Add login_challenge and login_session_id to consent payload (#1105) (8038a74)
-
Add OAuth2 audience claim and improve migrations (#1145) (3a10df9), closes #883 #1144:
This patch adds the ability to whitelist and request an audience when performing any OAuth 2.0 Flow. The audience is useful in multi- tenant environments where access tokens should be restricted to certain resources.
-
Add pk field to sql struct (0e4e07b)
-
Add support for tracing DB interactions (#1115) (f32d1b0):
- tracing: add support for tracing interactions with the database
- tracing: add tests for new BackendConnector options
- tracing: • export connector options and hide hydra specific connector options • remove config for allowing SQL query args to be included in spans
- tracing: use keyed fields when instantiating TracedBCrypt + helper to determine if Tracing has been configured to DRY up code
- tracing: document the TRACE_ environment variables
- tracing: fixes bug in WithTracing() and adds test coverage
- tracing: add sample tracing configuration in docker-compose
-
Add unit tests for instrumented bcrypt hasher (566dd45)
-
Added test coverage to cover the unique constraint placed on the
request_idcolumn in the hydra_oauth2_access and hydra_oauth2_refresh tables. (4401dd9) -
Bump version to 0.23.0 and incorporate breaking changes made to the Hasher interface (e96c7a4)
-
Clean up format (f26a66d)
-
Clean up SDKs (671b69c)
-
Do not echo secrets if explicitly set (5b484d7)
-
Document userinfo as GET instead of POST (#1161) (fa19d23), closes #1049
-
Fix broken JWK definitions and add Java SDK (#1045) (8555973)
-
Fix missing session data in jwt at (#1113) (80c9d34), closes #1106:
This patch fixes missing session data in OAuth2 Access Tokens formatted as JSON Web Tokens. It also improves e2e tests which now test if claims and data are set correctly, including after refreshes.
-
Fix test to pass non-nil context (c525bd0)
-
Fixes broken test as a result of the unique constraint placed on the request_id column (1cf0850)
-
Improve issuer error message (#1152) (ef27911), closes #1133
-
Improve token user error handling (#1149) (8cc62a1), closes #1143
-
Introduce auto-increment sql pk (e876b28)
-
Make client registration endpoint configurable (#1167) (ddafef5), closes #1072
-
Make run-appendix executable (3f54872)
-
Make run-appendix executable (c9cd0a3)
-
Make tests compatible with foreign keys (fcb7019), closes #1131
-
Minor bug fix in JWK sql migrations test case (#1136) (48b2a22), closes #1135
-
Only fetch latest consent state (#1124) (0df90c8), closes #1119:
This patch resolves an issue where authorize code flow response times deteriorate as users log in often.
-
Pass context through to sql store (b76d5d8)
-
Pass context thru to method that makes the query for tracing integration (bd9c88d)
-
Pass the request context along to the sql store. (b23029b)
-
Propagate context in migrate command (14b618b)
-
Propagate go context down the call path (4188f69)
-
Propagate go context down the call path (5dda1a2)
-
Properly propagate acr value (#1160) (e88c7b6), closes #1032
-
Register healthx.AliveCheckPath route for frontend (#1128) (554a78d):
This is needed for external health checks (from loadbalancing infrastructure for example) and black box monitoring.
-
Remove bad tracing config from docker-compose.yml (845808f)
-
Resolve broken test (cefaf46)
-
Resolve broken wildcard cors (#1159) (330172b), closes #1073:
Resolves an issue where wildcards would incorrectly be used as literal strings.
-
Resolve index/fk regression issues (#1178) (11924bf), closes #1177
-
Resolve issues with secret migration (#1129) (c8104f4), closes #1026:
This patch resolves an issue which made it impossible to rotate secrets because an un-hashed version was used.
-
Resolve panic in migration handler (#1151) (94dae22), closes #1137
-
Resolve refresh flow issues with audience, scope (#1156) (ccc34de), closes #1153
-
Resolves #1067 by adding indices to: (f6653d8):
•
request_idcolumn in the hydra_oauth2_access & hydra_oauth2_refresh tables •requested_atcolumn in the hydra_oauth2_access table -
Update all consumers of client store to pass in a context (093762a)
-
Update consent manager method signatures to take in a context and update all consumers (ceb9592)
-
Update interface to take in context (4a8a383)
-
Update manager to take in context and update all consumers (404bdd7)
-
Update RS256JWTStrategy to adhere to the new interface (a190bee)
-
Update store to use context aware db methods (18501f5)
-
Update stores, migrations and their associated tests to accept and propagate context (b5c3968)
-
Update swagger endpoint definition (#1166) (89f5960), closes #1070
-
Update to ory/x:v0.0.29 (88a1fcb)
-
Upgrade to fosite 0.28.0 (#1172) (3d5b727), closes #1088:
This patch enables refresh token expiry.
-
Upgrade to fosite 0.28.0 (#1172) (196a85f), closes #1088:
This patch enables refresh token expiry.
-
Use context aware db methods (dbeb473)
-
Use context aware db methods (bb77d59)
-
Use context aware db methods (5ac7b15)
-
Use instrumented bcrypt hasher if tracing has been enabled (acea751)
-
Use new api groups everywhere (700a4a2)
1.0.0-beta.9 (2018-09-01)
docker: Update compose definitions (#1020)
Signed-off-by: arekkas aeneas@ory.am
Documentation
Unclassified
-
Accept expired JWTs as id_token_hint (#1017) (67346d3), closes #1014
-
Add new methods to SDK interface (#994) (fed7823), closes #991
-
Clarify HYDRA_ADMIN_URL in missing endpoint message (#1018) (cf20b4f), closes #1016
-
Disable CORS by default (#997) (251bd5c), closes #996:
This patch introduces environment variable
CORS_ENABLEDwhich toggles CORS. -
Disable plugin backend through 'noplugin' tag (#986) (96f4cb3):
Debugging Hydra in Go 1.10 and 1.11 (confirmed by one of its members), is not possible due to this unresolved bug which is related to the use of the plugin functionality.
This change allows passing a build tag which will disable plugin implementation and therefore allow to debug in all the use-cases where plugin backend is not needed.
-
Enable client specific CORS settings (#1009) (a36d0af), closes #975:
Field
allowed_cors_originswas added to OAuth 2.0 Clients. It enables CORS for the whitelisted URLS for paths which clients interact with, such as /oauth2/token. -
Fix use of uninitialized logger (#1015) (6549f1e):
The MustValidate() function is sometimes called before any other logging function has been called and this results in a crash. An easy way to reproduce the crash is to change OAUTH2_ACCESS_TOKEN_STRATEGY=jwt in the default docker-compose.yml
-
Forward session and login information (2217103), closes #1003:
Consent and login requests now carry context information for previous requests.
-
Populate consent session with default values (#989) (c67b7fe), closes #988
-
Public subject type should cause public id alg (#993) (3040c0f), closes #992
-
Remove config option (5292f6c)
-
Resolve broken expiry when refreshing id token (#1002) (c72e64c), closes #985
-
Upgrade to new fosite compose API (480904f)
1.0.0-beta.8 (2018-08-10)
consent: Add logout api endpoint (#984)
Closes #970
Signed-off-by: Michael DeRazon mderazon@gmail.com Signed-off-by: arekkas aeneas@ory.am
Documentation
Unclassified
-
unstaged (5ca384d)
-
unstaged (5026bfb)
-
Use spdx expression for license in package.json (c2a9ca4)
-
Add AdminURL and PublicURL to configuration (191902d)
-
Add and enhance access/refresh token tests (e79014d):
This patch introduces more tests for code and refresh flows and the JWT strategy.
-
Add api endpoint to list all authorized clients by user (#954) (7aace33), closes #953
-
Add flags for newly introduced oidc client settings (c4b902d), closes #938
-
Add ListUserConsentSessions to OAuth2API interface (#977) (1bd8ab7)
-
Adds JWT Access Token strategy (c932ab4), closes #248:
This patch adds the (experimental) ability to issue JSON Web Tokens instead of ORY Hydra's opaque access tokens. Please be aware that this feature has had little real-world and unit testing and may not be suitable for production.
Simple integration tests using the JWT strategy have been added to ensure functionality.
To use the new JWT strategy, set environment variable
OAUTH2_ACCESS_TOKEN_STRATEGYtojwt. For example:export OAUTH2_ACCESS_TOKEN_STRATEGY=jwt.Please be aware that we (ORY) do not recommend using the JWT strategy for various reasons. If you can, use the default and recommended "opaque" strategy instead.
-
Adds subject_type support to oidc discovery (78e6552), closes #950
-
Deprecate
publicflag (8f71806), closes #938:The
publicflag has been deprecated in favor of settingtoken_endpoint_auth_method=none. -
Deprecate field
id, now onlyclient_idis to be used (a8b9b02) -
Expose ./well-known/jwks.json on public port (e30d48b)
-
Fix 2-port tests and improve upgrade guide (f32c97e)
-
Fix reporting of epected vs. received status codes (#961) (8632a2e):
Asking for a non-existent client results in the following confusing error message:
Command failed because calling "GET http://hydra:4444/clients/no-such-client" resulted in status code "200" but code "404" was expected. {"error":"Unable to locate the resource","error_description":"","status_code":404}This commit fixes the expectedStatusCode and response.StatusCode arguments to fmt.Fprintf which were reversed.
-
Improve "token user" flag defaults (2172bc0)
-
Improve CLI tests (ba34b0c)
-
Improve client help messages (8c08f41)
-
Improve memory manager error messages (#978) (5093152), closes #976
-
Improve token endpoint authentication error message (6885a3f)
-
Introduce pairwise support (479acd7), closes #950:
This patch introduces the OpenID Connect pairwise Subject Identifier Algorithm.
-
Introduce public and administrative ports (cfee3eb), closes #904:
This patch introduces two ports, public and administrative. The public port is responsible for handling API requests to public endpoints such as /oauth2/auth, while the administrative port handles requests to JWK, OAuth 2.0 Client, and Login & Consent endpoints.
-
Introduce subject type algorithm configuration (fdd3bb2), closes #950
-
Introduce SubjectType to OAuth2 Clients (e99d820), closes #950
-
Make test-e2e-plugin.sh executable (299928f)
-
Print "active:false" when token is inactive (#981) (2227691), closes #964:
Previously,
omitemptycaused active to be omitted when set to false. -
Properly identify revoked login sessions (f143949), closes #944
-
Refactor backend connectivity and bootstrap process (#956) (4ea7496), closes #949:
This patch introduces a new backend interface and improves the plugin loading system.
-
Refactor OAuth2 JWT strategy as an interface (#972) (e4e3163)
-
Removes authorization from introspection (17e6311)
-
Resolve benchmark build issues (2663d42)
-
Resolve broken tests caused by public flag removal (1a2250d)
-
Resolve remaining benchmark issue (7d4b708)
-
Resolves panic when network fails (7fe4a21)
-
Return proper error when no consent was found (#980) (8c1a290), closes #959
-
Share error details with redirect fallback (#982) (123e37e), closes #974
-
Update .dockerignore (98d85d5)
-
Upgrade superagent to 3.7.0 (ff68f28)
1.0.0-beta.7 (2018-07-16)
docs: Improve badge placement
Documentation
-
Fix docker linux link (#920) (694b483):
The old one 404's
-
Improve badge placement (49faed8)
-
Incorporates changes from version v1.0.0-beta.6 (ab04898)
Unclassified
- Allow Max-Age to be set to 0 by RememberFor option (#930) (38d591d)
- Auto-remove old keys when upgrading from < beta.7 (#925) (6ca0733), closes #921
- Check dependencies are defined before instantiation (#929) (f029101), closes #928
- Improve handling of legacy
idfield (35bf581), closes #924 - Show error when loading x509 cert fails (#932) (1845a3b)
1.0.0-beta.6 (2018-07-11)
vendor: Updates vendor lockfile
Signed-off-by: arekkas aeneas@ory.am
Documentation
- Incorporates changes from version v1.0.0-beta.5 (fccbfac)
Unclassified
-
Add method that forces the endpoint url to be set (17903c6)
-
Allows import of PEM/DER/JSON encoded keys (312f8d1), closes #98
-
Fix sql migration step for oidc (#919) (ad5e8bc), closes #918:
A bug was introduced in beta.5 which caused the SQL migrations to fail if data existed in the database already. This patch resolves that and adds test cases for the migration steps by adding data after each migration.
-
Resolves minor issues in the HTTP handler (3bbd5e8)
-
Updates vendor lockfile (a6ec396)
1.0.0-beta.5 (2018-07-07)
oauth2: Removes tokens when consent is revoked
Closes #856
Signed-off-by: arekkas aeneas@ory.am
Documentation
- Adds link to examples repository (8a1a1c0)
- Adds results from oidc self-service test suite (2aec8c9)
- Incorporates changes from version v0.11.13 (663f105)
- Incorporates changes from version v1.0.0-beta.4 (69d37d5)
- Removes obsolete issue template (1b86288)
- Updates certification startup script (41ae769)
- Updates error layout (2a561b4)
- Updates oidc certification profiles (041f244)
- Updates upgrade instructions (1bacd47)
Unclassified
-
Adds ability to define default client scopes (215bef3):
Environment variable
OIDC_DYNAMIC_CLIENT_REGISTRATION_DEFAULT_SCOPEwas added in order to better implement the OpenID Connect Dynamic Client Registration protocol. The mentioned protocol does not support the concept of whitelisting OAuth 2.0 Scope on a per-client basis. Therefore, the functionality to define the default OAuth 2.0 Scope has been defined.Keep in mind that exposing the OpenID Connect Dynamic Client Registration functionality to the public effectively disables the OAuth 2.0 Scope whitelisting functionality, as each caller of that API can define which OAuth 2.0 Scope a client may request.
If you decide to expose that functionality, you should NEVER assume that the granted OAuth 2.0 Scope has any meaning when handling requests at your consent endpoint, or when validating requests with tokens issued by the client_credentials flow.
-
Adds ability to revoke consent and login sessions (8780c03), closes #856
-
Adds jwk rotation and improves jwk codebase (a463d23)
-
Adds parameter broadcast to oidc discovery (1580677)
-
Adds private_key_jwt authentication method (259d63a)
-
Adds sector identifier URL (bfc9d09)
-
Adds userinfo tests (04929d0)
-
Better error detection in jwt key strategy (a0ac323)
-
Bumps fosite to request error handling (734f64d)
-
Bumps fosite version (92172b1)
-
Declares grant type refresh_token as supported (6837046)
-
Disallow fragments in client's redirect uri (457b877)
-
Do not re-use kid when rotating key (7b39d2b)
-
Do not recreate keys when refreshing (09d3ec7)
-
Enforces proper error layout (e38891a)
-
Exposes proper oidc configuration (8f2e931)
-
Fixes broken SDK test (0e85594)
-
Fixes typo in swagger docs (6c6fb3c)
-
Implements dynamic client registration (ad86dd1)
-
Implements oidc compliant response_type validation (8f1515a)
-
Implements proper refreshing strategy (1d02cae)
-
Implements userinfo response signing (bc0b54c)
-
Improves and DRYies validation in the handler (a689cb0), closes #909
-
Improves error response style (725c075)
-
Improves jwk generation error message (45d769a)
-
Improves key rotation logic (d25766c)
-
Improves oauth2 fallback endpoints (0704589)
-
Includes fosite's id_token bugfix (9ef48fa)
-
Keep id as alias to client_id (f344d10)
-
Key rotation does not rename keys (53ce537)
-
Properly instantiates client handler (a40cc49)
-
Properly return errors when resource not found (200aa81)
-
Refresh signing keys (7f495e3)
-
Removes broken instruction (ead9b97)
-
Removes buggy rotate command and improves jwk refresh (e41fcf2)
-
Removes nesting from error responses (d511cf8)
-
Removes tokens when consent is revoked (00fd517), closes #856
-
Renames id to client_id in response payload (97b7ac1):
Previously, a client's id was sent as field
id. This patch renames fieldidtoclient_idas mandated by spec: https://openid.net/specs/openid-connect-discovery-1_0.html -
Resolves issue where stack traces can't be recovered (92acfe4)
-
Resolves minor test issues (7399eef)
-
Resolves MySQL timing issue in tests (60d39fe)
-
Resolves well-known test issues (ffefb74)
-
Simplify error helper (91c06f0)
-
Support other signing algorithms than RS256 (072b88b)
-
Tests for simple equality in JWT strategy (95c96a0)
-
Updates vendored dependencies (4b138dc)
-
Updates vendored dependencies (87aae5f)
-
Uses proper jwt strategy in oauth2 factory (45e4439)
-
Uses RFC6749 errors everywhere (543e6bc)
1.0.0-beta.4 (2018-06-13)
docs: Incorporates changes from version v1.0.0-beta.3
Documentation
- Incorporates changes from version v1.0.0-beta.3 (d52cee5)
1.0.0-beta.3 (2018-06-13)
ci: Do not use yes for overwriting cp
Continuous Integration
- Do not use yes for overwriting cp (0cc02f8)
Documentation
- Adds auto-generated benchmarks (#897) (6a5ecf1)
- Adds upgrade instructions from 0.9.x to 1.0.0 (2dcffc1)
- Fixes borken links (a8e445b)
- Fixes typo in upgrade guide (580ff41)
- Improves list styling in upgrade guide (c5d4325)
- Incorporates changes from version v1.0.0-beta.2 (a0a5d6c)
- Resolves broken link in README (06d0928)
- Updates installation from source section (73af21c)
- Updates link to open collective (039c9ee)
- Updates wrong wording in 0.9 -> 1.0 guide (afbd8f8)
Unclassified
-
Updates benchmarks (f67f5df)
-
Updates benchmarks (2ce1c27)
-
Updates benchmarks (f4c7dc7)
-
Updates benchmarks (b8b6425)
-
Updates benchmarks (d8eb737)
-
Updates benchmarks (e171c18)
-
Updates benchmarks (b6c997d)
-
Updates benchmarks (147d231)
-
Updates benchmarks (2b336e0)
-
Adds vendor.orig to .gitignore (bc33094)
-
Updates benchmarks (9932495)
-
Updates benchmarks (4456272)
-
Updates benchmarks (ca77bca)
-
Allows reading database from env in migrate sql (#898) (6ba64e4), closes #896
-
Moves to metrics-middleware (eb22c24)
-
Propagates oidc_context to consent request (b6a0951), closes #900:
This patch resolves an issue where oidc_context would be included in the login request but not the consent request.
1.0.0-beta.2 (2018-05-29)
ci: Improves build toolchain
Continuous Integration
- Improves build toolchain (ec2f3d3)
1.0.0-beta.1 (2018-05-29)
docs: Add oidc conformity docs
Build System
- Updates to Go 1.10 (73762c6)
Documentation
- Activating Open Collective (#805) (ab5484b)
- Activating Open Collective (#805) (4adf673)
- Add oidc conformity docs (9fefcd3)
- Add redirect URIs for all flows to oidc scripts (6369452)
- Adds OIDC Certification setup (3db2cfc)
- Adds proper link to telemetry guide (85ede0c)
- Adds remaining oidc certification results (e5aefd8)
- Documents that access control is no longer available (bf8a3e2), closes #888
- Improves upgrade guide for 1.0.0 (e387dbc)
- Rename alpha to beta in upgrade (780161b)
- Updates banner (3399be7)
- Updates documentation on keto (472fbec)
- Updates links to docs (173ee3d)
- Updates newsletter link in README (eb786a5)
- Updates oidc cert docs (bc8ce36)
- Updates oidc-conformity proof and scripts (bded254)
- Updates sponsors and removes patreon links (606e22d)
- Updates upgrade guide (52dc9ca)
Unclassified
-
Tells linguist to ignore SDK files (e10016c)
-
Tells linguist to ignore SDK files (f7f010a)
-
Merge remote-tracking branch 'origin/master' into 1.0.x (052ee83):
Conflicts:
Gopkg.lock
cmd/server/handler.go
config/config.go
health/handler.go
oauth2/consent_strategy.go
-
cmd/server: Adds SQL consent DBAL configuration (50e5509)
-
cmd/server: Shortens long banner message (78be474):
The original banner message was way to big and cluttered logs a lot. This patch reduces the banner's size significantly.
-
Removes policy, warden and groups from this project (3d0bf0b), closes #807:
We have learned a lot over the last year in terms of how ORY Hydra is being used. Initially, we wanted to avoid the problems facing popular databases like MongoDB or others, which did not include authentication for their management APIs.
For this reason, the Warden API was born and primarily used internally and exposed via HTTP. We learned that access control policies are well received, but also add additional complexity to understanding the software. While we firmly believe that these policies implement best practices for access control in complex systems, we do understand that they add a barrier to getting started with ORY Hydra.
For this reason we are planning on moving the Warden API from this project to ORY Oathkeeper or potentially it's own server. We would add a migration path for existing policy definitions to the new service. The default docker image would combine the services in such a way, that ORY Hydra is protected. We would additionally have an (insecure) docker image without authentication which can be used for testing.
This also opens up the possibility of having more access control mechanisms than access control policies. For example, we can add ACL and RBAC and other mechanisms too.
First I think it makes good sense to move this functionality into a separate service and remove the warden calls internally completely. The reason being that not everyone wants to rely on Hydra's access control. Sometimes it's enough to use a gateway in front and require e.g. an API key for management or whatever. New adopters are always baffled by complexity involved with policies and scopes. Removing that from the core could really help. The user survey has also shown that this stuff is quite complex to grasp.
The idea is to have a separate service which is basically ladon as a HTTP API. I think it makes sense to add some functionality to resolve access tokens so it would basically be very similar to the current warden API - probably even equal. There would definitely be some backup mode where hydra's database tables and migrations are used as to make migration as easy as possible.
Then, we would ship docker images and example set ups where different configurations are shown. One of the configurations would be the current one, so basically what we have now in hydra but with the three services combined in one image.
-
Add experimental detection of SQL error (051a4b9):
Returns a human-readable error for SQL errors.
-
Adds additional tests for prompt, max_age, id_token_hint (3ef32e2)
-
Adds authN session revokation on specific errors (11d1497), closes #854 #855
-
Adds e2e tests for authorize code flow (0a9ae28)
-
Adds e2e tests for authorize code flow (68e006b)
-
Adds endpoint flag to token introspection (9d27d47)
-
Adds id_token_hint_claims to oidc_context (0e84341)
-
Adds jwt strategy and fixes nil pointer exception (e608739)
-
Adds more strategy tests (99fd63b)
-
Adds mutex to memory manager (6a60c45)
-
Adds new prometheus metrics and metrics endpoint (#827) (ef94f98)
-
Adds port 4445 to docker-compose example (576ac55)
-
Adds test cases for prompt parameter (c83cb3f)
-
Adds tests for prompt and max_age handling (82310ff)
-
Adds welcome screen to token user command (5a7c73b)
-
Aligns issuer URL from well known with one from id token (f739045)
-
Always bust auth session if remember is false (78e2bff), closes #859
-
Always bust auth session if remember is false (b2725a7), closes #859
-
Correct docker exec wording (cbb01d2):
execis an nsenter, not an ssh -
Declare auto-generated key as use:sig (9d489dd)
-
Deprecates connect command and introduces configurable credentials (0b5f466), closes #841 #840:
This patch deprecates the
hydra connectcommand as internal access control has been removed from ORY Hydra and this command no longer serves any purpose.Instead, all commands are supplied with environment variables
HYDRA_URL,OAUTH2_CLIENT_ID,OAUTH2_CLIENT_SECRET,OAUTH2_ACCESS_TOKEN.Please check out
hydra help <command>for usage instructions. You should also check out the upgrade guide for more detailed upgrade instructions.This patch also renames some flags and command names which have been documented in the upgrade guide.
-
Detect and handle max_age/prompt in consent strategy (af2b8e4)
-
Do not fail if max_age is very low but satisfied (127561c), closes #862
-
Formats and resolves missing test (3db984d)
-
Handle empty error as nil error in SQL helper (6a9a0c0)
-
Handles auth time across login & consent flow (3accccd):
This patch improves the handling of auth_time and thus resolves issues with prompt & max_age handling within fosite.
-
Handles consent error properly in SQL DBAL (b1c2a39)
-
Handles OAuth2 errors in token user command properly (720adce)
-
Ignores JTI in userinfo (f2ef5b1)
-
Improves API route naming (da5026c)
-
Improves auth_time handling (538bfb9)
-
Improves the consent flow design (a002e30), closes #771 #772:
This patch makes significant changes to the consent flow. First, the consent flow is being renamed to "User Login and Consent Flow" and is split into two redirection flows, the "User Login Redirection Flow" and the "User Consent Flow".
Conceptually, not a lot has changed but the APIs have been cleaned up and the new flow is a huge step towards OpenID Connect Certification.
Besides easier implementation on the (previously known as) consent app, this patch introduces a new set of features which lets ORY Hydra detect previous logins and previously accepted consent requests. In turn, the user does not need to login or consent on every OAuth2 Authorize Code Flow.
This patch additionally lays the foundation for revoking tokens per user or per user and client.
Awesome.
-
Improves the token user command (9bde521)
-
Includes error debug message in token user command (3f80d4e)
-
Introduces client_secret_expires_at to client metadata (#870) (56aa5d2), closes #778:
This patch introduces the
client_secret_expires_atfield without any functionality but to comply with the IETF spec. -
Moves templates to .github (ba8f4f7)
-
Properly handle id_token error response (28d3fcd)
-
Properly handle requestedAt across the login/consent flow (fccfc4d)
-
Properly handles no result errors from consent check (12aa6c5)
-
Properly import mysql/pg drivers (669f134)
-
Properly initializes consent strategy (196925f)
-
Properly uses issuer in JWT (1940c3c)
-
Rejects reqeuests with insufficient permissions (7675144), closes #776:
Currently, authorization requests fail when a client is being granted scopes that the client is not allowed to request - after consent.
We should add an additional check that makes sure that the client isn't able to request scopes he isn't allowed to request before doing consent.
We should keep the check after consent as well to make sure he wasn't accidentally granted scopes he isn't allowed to request.
This patch resolves the addressed issue
-
Rejects requests without nonce in implicit/hybrid (39a72c0), closes #867
-
Remove client secret from consent/login response (acf9893), closes #878
-
Remove rat (requested_at) from userinfo endpoint (d091914)
-
Remove unused code (bcdc278):
This code was meant to be deleted in 9592a0069ed4b851cec8591038f9be5ce6d81a28 I believe.
-
Remove unused named returns (3977b94)
-
Removes access control relics (a4d2e73)
-
Removes duplicate / in .well-known (e387aea)
-
Removes stale code (c730e36)
-
Removes the forced
hydra.*scope in the SDK (8c1adc3) -
Removes the need to specify OAuth2 credentials in config (#869) (98044aa)
-
Removes unused code and updates go dep (d72efbf)
-
Renames --scopes flag to --scope (a948211)
-
Replaces internal dockertest with sqlcon (5cbf121)
-
Requests re-permission only custom schemes are used (929f2f0), closes #866
-
Resolves broken consent detection (a7949ed)
-
Resolves broken reference in e2e test (da4334b)
-
Resolves broken SDK test (476dff1)
-
Resolves broken well-known test (aa01423)
-
Resolves consent DBAL type conversion issues (6edfe76)
-
Resolves e2e test issues (1a8a3b3)
-
Resolves flaky MySQL tests on Circle-CI (fcd9180), closes #861
-
Resolves issue with duplicate login session id (14aae6a)
-
Resolves issues with broken tests (526e3a7)
-
Resolves issues with e2e tests (ff15dc5)
-
Resolves issues with SQL and time.Zero() (ad2c1c5)
-
Resolves mutex issues (9376b74)
-
Resolves test issues (ba81fdf)
-
Resolves timing issues in broken tests (540ccc9)
-
Resolves timing issues in slow tests (246e491)
-
Resolves type mixup (7e05c26)
-
Resolves typo in issue template (204886c)
-
Resolves typo in issue template (8c32d93)
-
Resolves various issues related to audience claims (7afed88), closes #790 #687:
This patch resolves issues related to the ID and Access Token audience claim:
-
Resolves various issues related to revokation (608cc3d), closes #884 #693 #889:
This patch properly tracks access and refresh tokens across requests and thus resolves several issues related to broken token revokation:
-
Returns an error if skip is used together with remember (6f8cef6):
Previously, it was possible to remember an already remembered consent/login request. This patch resolves that.
-
Returns error on duplicate key in memory manager (abe54ca)
-
Returns token type on introspection (#832) (bf226dc):
This patch adds the ability to return the token type ("refresh_token", "access_token") upon token introspection.
-
Returns token type on token introspection (da6bb30), closes #831
-
Reverts 307 change (66304eb)
-
Reverts 307 change (425b33d)
-
Runs gofmt (126f0e0)
-
Runs gofmt (a88c499)
-
Separates between readiness and aliveness (fd289c0), closes #887
-
Trim left slash from userinfo endpoint (a7edf63)
-
Updates auth-time to resolve timing issues (6aff825)
-
Updates dependencies (49b9a72)
-
Updates entrypoint command from host to serve (2230ce6)
-
Updates fosite version to 0.19.2 (eb0c3e6)
-
Updates issue template (63aec91)
-
Updates issue template (915a20b)
-
Updates to fosite 0.19.x (1942715)
-
Updates to latest sqlcon version (92e8d58)
-
Upgrades fosite dependency (5fccb80)
-
Upgrades fosite dependency to 0.20.2 (7acd9bf)
-
Use 307 instead of 302 to redirect (2b43ce3)
-
Use 307 instead of 302 to redirect (f4962c6)
-
Use existing alpha-lower sequence (93fb772)
0.11.10 (2018-03-19)
pkg: remove unused code
This code was meant to be deleted in 9592a0069ed4b851cec8591038f9be5ce6d81a28 I believe.
Signed-off-by: Euan Kemp euank@euank.com
Documentation
-
Adds "Edit on GitHub" link to each document in guide (ec6f000)
-
Changes readme title" (122f7d1)
-
Clean up swagger specification (2ad0a96)
-
Experiments with domain redirect (2604b99)
-
Fixes dead link to example policy (#767) (4f3148e):
The policy linked to as an example has since been removed. Just point to a different policy instead.
-
Fixes redirect path (d05c97b)
-
Forwards docs to website (560441d)
-
Improves API docs (5a2e4df)
-
Incorporates changes from version v0.11.4 (6bf7e80)
-
Lowercase source files and dirs (6a56630)
-
Removes apiary how-to (6cbfa58)
-
Removes summary plugin (857d85f)
-
Resolves broken discord link (8c445bc)
-
Resolves broken header image link (2820efc)
-
Resolves broken links in docs (b2698f1)
-
Resolves broken redirects (340cea7)
-
Resolves issues with book.json (5ac721b)
-
Resolves issues with broken images and docs publish task (39ea6c3)
-
Resolves uppercase readme redirects (7e3dd70)
-
Updates chat badge to discord (5261ae1)
-
Updates JSON Swagger specification (1e1c1c1)
-
Updates outdated links in README (1ceaae2), closes #788:
The new website introduced a new link structure which broke links in the README. This patch resolves that.
-
Updates readme, contribution guide, and templates (#806) (c12c629)
-
Updates recovering root access section to SQL (9c923b6), closes #756
-
Updates summary (4bcc8ed)
-
Updates various sections in README (f1ca802)
-
Upgrades install guide to v0.11.6 (764282c)
Unclassified
-
Updates license to 2018 (fd0f06f)
-
Adds ability to flush old access tokens (ed0aa28), closes #738:
Previously, no way of removing old access tokens from the database. This patch adds a new endpoint (
POST /oauth2/flush) capable of flushing old / stale access tokens.Additionally,
hydra token flushwas added which is the CLI command for flushing tokens using the api. -
Adds newsletter sign up capabilities to CLI commands (#759) (049f581)
-
Adds OpenID Connect refresh handler (#797) (84ddafe), closes #794:
Previously, it was impossible to refresh OpenID Connect ID Tokens. This is now possible as the factory has been added to the oauth2 factory in the host process.
-
Adds support for PKCE (IETF RFC7636) (343e216), closes #744:
This patch adds support for PKCE which is especially useful for native mobile apps.
-
Allows anonymous users access to ./well-known/jwks.json (f867fd9), closes #761:
The ./well-known/jwks.json endpoint contains important, publicly accessible keys for validating signatures such as the OpenID Connect ID Token signature.
Currently, this endpoint shows the public key for validating ID Tokens only. As this key is public, a policy was added which allows any user (including anonymous ones) to access this specific key.
Thus, administrators no longer need to add a policy to allow access to this endpoint on a fresh installation. It is still possible to change this behaviour by removing the policy ("hydra policies delete default-oidc-id-token-public-policy") or replacing it.
This change affects new installations only.
-
Correct docker exec wording (bda2c6c):
execis an nsenter, not an ssh -
Forces JWK to have a unique ID (acd0107), closes #589:
Previously, JSON Web Keys did not have to specify a unique id. JWKs generated by ORY Hydra typically only used
publicorprivateas KeyID. This patch changes that and appends a unique id if no KeyID was given. To be able to separate between public and private key pairs in resource name, the public/private convention was kept.This change targets specifically the OpenID Connect ID Token and HTTP TLS keys. The ID Token key was previously "hydra.openid.id-token:public" and "hydra.openid.id-token:private" which now changed to something like "hydra.openid.id-token:public:9a458aa3-65a0-4982-835f-343eec45183c" and "hydra.openid.id-token:private:fa353995-d77d-420a-b967-63bf0721271b" with the UUID part being random for every installation.
This change will help greatly with key rotation in the future.
-
Forces UTC in consent strategy (#775) (7c4fd7d), closes #679:
This resolves an issue when different timezones are used between systems by enforcing UTC everywhere.
-
Generate php sdk and point php autoloader to lib folder (#736) (f84eb65)
-
Introduces pagination to client management (#774) (02b3708), closes #739:
Previously, all clients were returned by
GET /clients. To mitigate DoS attacks against large databases, pagination has been introduced. -
Parallelizes database instantiation in tests (8e894bc)
-
Parallelizes database instantiation in tests (a0d6a0d)
-
Persists config file right before starting the server (7fb51e5):
Tests would fail because the config file is polled in order to check if the server is already started or not. Moving the persist command right before starting the server resolves issues with racy tests.
-
Remove unused code (c97e764):
This code was meant to be deleted in 9592a0069ed4b851cec8591038f9be5ce6d81a28 I believe.
-
Remove unused named returns (8bba5a0)
-
Resolves an issue with broken build time display (#799) (5c847ea), closes #792:
Previously, the build time was always the current time. This patch resolves that issue.
-
Resolves broken JWK cast tests (5740f32)
-
Resolves broken sql schema test (1b76f4b)
-
Resolves composer license complaint (#763) (6f9f906):
Composer complained because an unknown license was used "Apache 2.0" instead of "Apache-2.0". This patch resolves that.
-
Resolves possible session fixation attack (1e80a1d):
This patch resolves a vulnerability in the consent flow. This vulnerability affects versions 0.10.0 ~ 0.11.5 only. Versions < 0.10.0 are not affected.
The vulnerability can be exploited as follows:
- Malice initiates an OAuth 2.0 Authorization Code Flow: https://hydra/oauth2/auth?client=...
- Hydra redirects malice to the consent app and appends consent id "example-id": https://consent-app/?consent=example-id
- Malice convinces Bob to open url https://consent-app/?consent=example-id and authorize the access request.
- The consent app would redirect Bob back to
https://hydra/oauth2/auth?client=...&consent=example-id. However, through some means, Malice is able to prevent redirection of Bob's user agent. - Malice accesses the original auth code url and appends the consent id:
https://hydra/oauth2/auth?client=...&consent=example-id - As the consent request is granted but not claimed, and because Malice's user agent contains the valid CSRF token, Malice receives an authorize code that is meant to be issued to Bob.
- Malice can now act on Bob's behalf.
For this attack to work, the following preconditions must be met:
- Malice must be able to convince Bob to access the forged consent url.
- Malice must be able to convince Bob to grant the forged consent request.
- Malice must be able to prevent the consent app's redirect after successful consent request acceptance.
- Malice must be able to perform this attack within the expiry (10 minutes) of the consent request.
For these reasons, an exploit for this vulnerability is not likely, but possible.
This patch closes the described vulnerability by requiring a
consent_csrfvalue additional to theconsentvalue in the query parameters of the authorization url. Without that value, the authorization code flow will not be successful. Theconsent_csrfis transmitted out-of-band to the consent app and not accessible to Malice. Let's revisit the example from above:- Malice initiates an OAuth 2.0 Authorization Code Flow: https://hydra/oauth2/auth?client=... - Hydra creates the consent request id and an additional CSRF token which is stored in the database and the encrypted cookie. Malice is not able to see the CSRF token.
- Hydra redirects malice to the consent app and appends consent id "example-id": https://consent-app/?consent=example-id
- Malice convinces Bob to open url https://consent-app/?consent=example-id and authorize the access request.
- The consent app would redirect Bob back to
https://hydra/oauth2/auth?client=...&consent=example-id&consent_csrf=csrf_token. The redirection URL is only accessible to the consent app and Bob's user agent. However, through some means, Malice is able to prevent redirection of Bob's user agent. - Malices does not know the value for
consent_csrf, accessinghttps://hydra/oauth2/auth?client=...&consent=example-idwithout settingconsent_csrfcauses the request to fail and the consent to be revoked.
This patch does not introduce breaking changes. Upgrading to the version which contains this patch does not require any code changes or deployment changes.
-
Skips parallelization when not using docker (57d0b12):
Previously, databases connected in parallel even when dockertest was skipped - typically in CI environments. This caused issues on those environments. This patch resolves that.
-
Stops creating client when secret is too short (#764) (f818f85), closes #725:
Previously, clients were created despite an error which said that the secret was too short. This patch changes that and improves error output in the CLI as well for this command.
-
Strips client secret from output when client is public (#765) (439267b), closes #737:
Previously a newly created public client had a secret send with the initial response and this secret was displayed in the CLI.
Now it is clear that there is no secret needed for public clients. It is not displayed in the CLI anymore.
-
Updates text for newsletter signup (#780) (459703f):
Before newsletter text did not seem to make clear that it is just for security information.
-
Use existing alpha-lower sequence (343cb09)
0.11.12 (2018-04-08)
oauth2: Resolves failing SQL store test cases
Documentation
- Incorporates changes from version v0.11.4 (99d954b)
Unclassified
-
Use packagist to get hydra sdk (383b267)
-
Generate php sdk and point php autoloader to lib folder (e2f8756):
Add docs/sdk/php.md
-
Resolves client secrets from potentially leaking to the database in cleartext (#820) (848d479):
This release resolves a security issue (reported by platform.sh) related to the fosite storage implementation in this project. Fosite used to pass all of the request body from both authorize and token endpoints to the storage adapters. As some of these values are needed in consecutive requests, the storage adapter of this project chose to drop all of the key/value pairs to the database in plaintext.
This implied that confidential parameters, such as the
client_secretwhich can be passed in the request body since fosite version 0.15.0, were stored as key/value pairs in plaintext in the database. While most client secrets are generated programmatically (as opposed to set by the user) and most popular OAuth2 providers choose to store the secret in plaintext for later retrieval, we see it as a considerable security issue nonetheless.The issue has been resolved by sanitizing the request body and only including those values truly required by their respective handlers. This also implies that typos (eg
client_secet) won't "leak" to the database.There are no special upgrade paths required for this version.
This issue does not apply to you if you do not use an SQL backend. If you do upgrade to this version, you need to run
hydra migrate sql path://to.your/database.If your users use POST body client authentication, it might be a good move to remove old data. There are multiple ways of doing that. Back up your data before you do this:
- Radical solution: Drop all rows from tables
hydra_oauth2_refresh,hydra_oauth2_access,hydra_oauth2_oidc,hydra_oauth2_code. This implies that all your users have to re-authorize. - Sensitive solution: Replace all values in column
form_datain tableshydra_oauth2_refresh,hydra_oauth2_accesswith an empty string. This will keep all authorization sessions alive. Tableshydra_oauth2_oidcandhydra_oauth2_codedo not contain sensitive information, unless your users accidentally sent the client_secret to the/oauth2/authendpoint.
We would like to thank platform.sh for sponsoring the development of a patch that resolves this issue.
- Radical solution: Drop all rows from tables
-
Resolves failing SQL store test cases (f6ddee8)
-
Resolves issue with godep, fosite memory store (6ab7260):
This issue solves a broken update with godep and properly includes the 0.17.0 fosite patch.
-
Uses UTC timecodes everywhere (45eabc2)
0.11.9 (2018-03-10)
metrics: Improves naming of traits (#803)
Closes #802
Unclassified
0.11.7 (2018-03-03)
cmd: Adds OpenID Connect refresh handler
Previously, it was impossible to refresh OpenID Connect ID Tokens. This is now possible as the factory has been added to the oauth2 factory in the host process.
Closes #794
Unclassified
-
Adds OpenID Connect refresh handler (7594eb4), closes #794:
Previously, it was impossible to refresh OpenID Connect ID Tokens. This is now possible as the factory has been added to the oauth2 factory in the host process.
0.11.6 (2018-02-07)
oauth2: Resolves possible session fixation attack
This patch resolves a vulnerability in the consent flow. This vulnerability affects versions 0.10.0 ~ 0.11.5 only. Versions < 0.10.0 are not affected.
The vulnerability can be exploited as follows:
- Malice initiates an OAuth 2.0 Authorization Code Flow: https://hydra/oauth2/auth?client=...
- Hydra redirects malice to the consent app and appends consent id "example-id": https://consent-app/?consent=example-id
- Malice convinces Bob to open url https://consent-app/?consent=example-id and authorize the access request.
- The consent app would redirect Bob back to
https://hydra/oauth2/auth?client=...&consent=example-id. However, through some means, Malice is able to prevent redirection of Bob's user agent. - Malice accesses the original auth code url and appends the consent id:
https://hydra/oauth2/auth?client=...&consent=example-id - As the consent request is granted but not claimed, and because Malice's user agent contains the valid CSRF token, Malice receives an authorize code that is meant to be issued to Bob.
- Malice can now act on Bob's behalf.
For this attack to work, the following preconditions must be met:
- Malice must be able to convince Bob to access the forged consent url.
- Malice must be able to convince Bob to grant the forged consent request.
- Malice must be able to prevent the consent app's redirect after successful consent request acceptance.
- Malice must be able to perform this attack within the expiry (10 minutes) of the consent request.
For these reasons, an exploit for this vulnerability is not likely, but possible.
This patch closes the described vulnerability by requiring a
consent_csrf value additional to the consent value in the query
parameters of the authorization url. Without that value, the authorization
code flow will not be successful. The consent_csrf is transmitted out-of-band
to the consent app and not accessible to Malice. Let's revisit the example
from above:
- Malice initiates an OAuth 2.0 Authorization Code Flow: https://hydra/oauth2/auth?client=...
- Hydra creates the consent request id and an additional CSRF token which is stored in the database and the encrypted cookie. Malice is not able to see the CSRF token.
- Hydra redirects malice to the consent app and appends consent id "example-id": https://consent-app/?consent=example-id
- Malice convinces Bob to open url https://consent-app/?consent=example-id and authorize the access request.
- The consent app would redirect Bob back to
https://hydra/oauth2/auth?client=...&consent=example-id&consent_csrf=csrf_token. The redirection URL is only accessible to the consent app and Bob's user agent. However, through some means, Malice is able to prevent redirection of Bob's user agent. - Malices does not know the value for
consent_csrf, accessinghttps://hydra/oauth2/auth?client=...&consent=example-idwithout settingconsent_csrfcauses the request to fail and the consent to be revoked.
This patch does not introduce breaking changes. Upgrading to the version which contains this patch does not require any code changes or deployment changes.
Unclassified
-
Resolves possible session fixation attack (69cc450):
This patch resolves a vulnerability in the consent flow. This vulnerability affects versions 0.10.0 ~ 0.11.5 only. Versions < 0.10.0 are not affected.
The vulnerability can be exploited as follows:
- Malice initiates an OAuth 2.0 Authorization Code Flow: https://hydra/oauth2/auth?client=...
- Hydra redirects malice to the consent app and appends consent id "example-id": https://consent-app/?consent=example-id
- Malice convinces Bob to open url https://consent-app/?consent=example-id and authorize the access request.
- The consent app would redirect Bob back to
https://hydra/oauth2/auth?client=...&consent=example-id. However, through some means, Malice is able to prevent redirection of Bob's user agent. - Malice accesses the original auth code url and appends the consent id:
https://hydra/oauth2/auth?client=...&consent=example-id - As the consent request is granted but not claimed, and because Malice's user agent contains the valid CSRF token, Malice receives an authorize code that is meant to be issued to Bob.
- Malice can now act on Bob's behalf.
For this attack to work, the following preconditions must be met:
- Malice must be able to convince Bob to access the forged consent url.
- Malice must be able to convince Bob to grant the forged consent request.
- Malice must be able to prevent the consent app's redirect after successful consent request acceptance.
- Malice must be able to perform this attack within the expiry (10 minutes) of the consent request.
For these reasons, an exploit for this vulnerability is not likely, but possible.
This patch closes the described vulnerability by requiring a
consent_csrfvalue additional to theconsentvalue in the query parameters of the authorization url. Without that value, the authorization code flow will not be successful. Theconsent_csrfis transmitted out-of-band to the consent app and not accessible to Malice. Let's revisit the example from above:- Malice initiates an OAuth 2.0 Authorization Code Flow: https://hydra/oauth2/auth?client=... - Hydra creates the consent request id and an additional CSRF token which is stored in the database and the encrypted cookie. Malice is not able to see the CSRF token.
- Hydra redirects malice to the consent app and appends consent id "example-id": https://consent-app/?consent=example-id
- Malice convinces Bob to open url https://consent-app/?consent=example-id and authorize the access request.
- The consent app would redirect Bob back to
https://hydra/oauth2/auth?client=...&consent=example-id&consent_csrf=csrf_token. The redirection URL is only accessible to the consent app and Bob's user agent. However, through some means, Malice is able to prevent redirection of Bob's user agent. - Malices does not know the value for
consent_csrf, accessinghttps://hydra/oauth2/auth?client=...&consent=example-idwithout settingconsent_csrfcauses the request to fail and the consent to be revoked.
This patch does not introduce breaking changes. Upgrading to the version which contains this patch does not require any code changes or deployment changes.
0.11.10 (2018-03-19)
pkg: remove unused code
This code was meant to be deleted in 9592a0069ed4b851cec8591038f9be5ce6d81a28 I believe.
Signed-off-by: Euan Kemp euank@euank.com
Documentation
-
Adds "Edit on GitHub" link to each document in guide (ec6f000)
-
Changes readme title" (122f7d1)
-
Clean up swagger specification (2ad0a96)
-
Experiments with domain redirect (2604b99)
-
Fixes dead link to example policy (#767) (4f3148e):
The policy linked to as an example has since been removed. Just point to a different policy instead.
-
Fixes redirect path (d05c97b)
-
Forwards docs to website (560441d)
-
Improves API docs (5a2e4df)
-
Incorporates changes from version v0.11.4 (6bf7e80)
-
Lowercase source files and dirs (6a56630)
-
Removes apiary how-to (6cbfa58)
-
Removes summary plugin (857d85f)
-
Resolves broken discord link (8c445bc)
-
Resolves broken header image link (2820efc)
-
Resolves broken links in docs (b2698f1)
-
Resolves broken redirects (340cea7)
-
Resolves issues with book.json (5ac721b)
-
Resolves issues with broken images and docs publish task (39ea6c3)
-
Resolves uppercase readme redirects (7e3dd70)
-
Updates chat badge to discord (5261ae1)
-
Updates JSON Swagger specification (1e1c1c1)
-
Updates outdated links in README (1ceaae2), closes #788:
The new website introduced a new link structure which broke links in the README. This patch resolves that.
-
Updates readme, contribution guide, and templates (#806) (c12c629)
-
Updates recovering root access section to SQL (9c923b6), closes #756
-
Updates summary (4bcc8ed)
-
Updates various sections in README (f1ca802)
-
Upgrades install guide to v0.11.6 (764282c)
Unclassified
-
Updates license to 2018 (fd0f06f)
-
Adds ability to flush old access tokens (ed0aa28), closes #738:
Previously, no way of removing old access tokens from the database. This patch adds a new endpoint (
POST /oauth2/flush) capable of flushing old / stale access tokens.Additionally,
hydra token flushwas added which is the CLI command for flushing tokens using the api. -
Adds newsletter sign up capabilities to CLI commands (#759) (049f581)
-
Adds OpenID Connect refresh handler (#797) (84ddafe), closes #794:
Previously, it was impossible to refresh OpenID Connect ID Tokens. This is now possible as the factory has been added to the oauth2 factory in the host process.
-
Adds support for PKCE (IETF RFC7636) (343e216), closes #744:
This patch adds support for PKCE which is especially useful for native mobile apps.
-
Allows anonymous users access to ./well-known/jwks.json (f867fd9), closes #761:
The ./well-known/jwks.json endpoint contains important, publicly accessible keys for validating signatures such as the OpenID Connect ID Token signature.
Currently, this endpoint shows the public key for validating ID Tokens only. As this key is public, a policy was added which allows any user (including anonymous ones) to access this specific key.
Thus, administrators no longer need to add a policy to allow access to this endpoint on a fresh installation. It is still possible to change this behaviour by removing the policy ("hydra policies delete default-oidc-id-token-public-policy") or replacing it.
This change affects new installations only.
-
Correct docker exec wording (bda2c6c):
execis an nsenter, not an ssh -
Forces JWK to have a unique ID (acd0107), closes #589:
Previously, JSON Web Keys did not have to specify a unique id. JWKs generated by ORY Hydra typically only used
publicorprivateas KeyID. This patch changes that and appends a unique id if no KeyID was given. To be able to separate between public and private key pairs in resource name, the public/private convention was kept.This change targets specifically the OpenID Connect ID Token and HTTP TLS keys. The ID Token key was previously "hydra.openid.id-token:public" and "hydra.openid.id-token:private" which now changed to something like "hydra.openid.id-token:public:9a458aa3-65a0-4982-835f-343eec45183c" and "hydra.openid.id-token:private:fa353995-d77d-420a-b967-63bf0721271b" with the UUID part being random for every installation.
This change will help greatly with key rotation in the future.
-
Forces UTC in consent strategy (#775) (7c4fd7d), closes #679:
This resolves an issue when different timezones are used between systems by enforcing UTC everywhere.
-
Generate php sdk and point php autoloader to lib folder (#736) (f84eb65)
-
Introduces pagination to client management (#774) (02b3708), closes #739:
Previously, all clients were returned by
GET /clients. To mitigate DoS attacks against large databases, pagination has been introduced. -
Parallelizes database instantiation in tests (8e894bc)
-
Parallelizes database instantiation in tests (a0d6a0d)
-
Persists config file right before starting the server (7fb51e5):
Tests would fail because the config file is polled in order to check if the server is already started or not. Moving the persist command right before starting the server resolves issues with racy tests.
-
Remove unused code (c97e764):
This code was meant to be deleted in 9592a0069ed4b851cec8591038f9be5ce6d81a28 I believe.
-
Remove unused named returns (8bba5a0)
-
Resolves an issue with broken build time display (#799) (5c847ea), closes #792:
Previously, the build time was always the current time. This patch resolves that issue.
-
Resolves broken JWK cast tests (5740f32)
-
Resolves broken sql schema test (1b76f4b)
-
Resolves composer license complaint (#763) (6f9f906):
Composer complained because an unknown license was used "Apache 2.0" instead of "Apache-2.0". This patch resolves that.
-
Resolves possible session fixation attack (1e80a1d):
This patch resolves a vulnerability in the consent flow. This vulnerability affects versions 0.10.0 ~ 0.11.5 only. Versions < 0.10.0 are not affected.
The vulnerability can be exploited as follows:
- Malice initiates an OAuth 2.0 Authorization Code Flow: https://hydra/oauth2/auth?client=...
- Hydra redirects malice to the consent app and appends consent id "example-id": https://consent-app/?consent=example-id
- Malice convinces Bob to open url https://consent-app/?consent=example-id and authorize the access request.
- The consent app would redirect Bob back to
https://hydra/oauth2/auth?client=...&consent=example-id. However, through some means, Malice is able to prevent redirection of Bob's user agent. - Malice accesses the original auth code url and appends the consent id:
https://hydra/oauth2/auth?client=...&consent=example-id - As the consent request is granted but not claimed, and because Malice's user agent contains the valid CSRF token, Malice receives an authorize code that is meant to be issued to Bob.
- Malice can now act on Bob's behalf.
For this attack to work, the following preconditions must be met:
- Malice must be able to convince Bob to access the forged consent url.
- Malice must be able to convince Bob to grant the forged consent request.
- Malice must be able to prevent the consent app's redirect after successful consent request acceptance.
- Malice must be able to perform this attack within the expiry (10 minutes) of the consent request.
For these reasons, an exploit for this vulnerability is not likely, but possible.
This patch closes the described vulnerability by requiring a
consent_csrfvalue additional to theconsentvalue in the query parameters of the authorization url. Without that value, the authorization code flow will not be successful. Theconsent_csrfis transmitted out-of-band to the consent app and not accessible to Malice. Let's revisit the example from above:- Malice initiates an OAuth 2.0 Authorization Code Flow: https://hydra/oauth2/auth?client=... - Hydra creates the consent request id and an additional CSRF token which is stored in the database and the encrypted cookie. Malice is not able to see the CSRF token.
- Hydra redirects malice to the consent app and appends consent id "example-id": https://consent-app/?consent=example-id
- Malice convinces Bob to open url https://consent-app/?consent=example-id and authorize the access request.
- The consent app would redirect Bob back to
https://hydra/oauth2/auth?client=...&consent=example-id&consent_csrf=csrf_token. The redirection URL is only accessible to the consent app and Bob's user agent. However, through some means, Malice is able to prevent redirection of Bob's user agent. - Malices does not know the value for
consent_csrf, accessinghttps://hydra/oauth2/auth?client=...&consent=example-idwithout settingconsent_csrfcauses the request to fail and the consent to be revoked.
This patch does not introduce breaking changes. Upgrading to the version which contains this patch does not require any code changes or deployment changes.
-
Skips parallelization when not using docker (57d0b12):
Previously, databases connected in parallel even when dockertest was skipped - typically in CI environments. This caused issues on those environments. This patch resolves that.
-
Stops creating client when secret is too short (#764) (f818f85), closes #725:
Previously, clients were created despite an error which said that the secret was too short. This patch changes that and improves error output in the CLI as well for this command.
-
Strips client secret from output when client is public (#765) (439267b), closes #737:
Previously a newly created public client had a secret send with the initial response and this secret was displayed in the CLI.
Now it is clear that there is no secret needed for public clients. It is not displayed in the CLI anymore.
-
Updates text for newsletter signup (#780) (459703f):
Before newsletter text did not seem to make clear that it is just for security information.
-
Use existing alpha-lower sequence (343cb09)
0.11.9 (2018-03-10)
metrics: Improves naming of traits (#803)
Closes #802
Unclassified
0.11.7 (2018-03-03)
cmd: Adds OpenID Connect refresh handler
Previously, it was impossible to refresh OpenID Connect ID Tokens. This is now possible as the factory has been added to the oauth2 factory in the host process.
Closes #794
Unclassified
-
Adds OpenID Connect refresh handler (7594eb4), closes #794:
Previously, it was impossible to refresh OpenID Connect ID Tokens. This is now possible as the factory has been added to the oauth2 factory in the host process.
0.11.6 (2018-02-07)
oauth2: Resolves possible session fixation attack
This patch resolves a vulnerability in the consent flow. This vulnerability affects versions 0.10.0 ~ 0.11.5 only. Versions < 0.10.0 are not affected.
The vulnerability can be exploited as follows:
- Malice initiates an OAuth 2.0 Authorization Code Flow: https://hydra/oauth2/auth?client=...
- Hydra redirects malice to the consent app and appends consent id "example-id": https://consent-app/?consent=example-id
- Malice convinces Bob to open url https://consent-app/?consent=example-id and authorize the access request.
- The consent app would redirect Bob back to
https://hydra/oauth2/auth?client=...&consent=example-id. However, through some means, Malice is able to prevent redirection of Bob's user agent. - Malice accesses the original auth code url and appends the consent id:
https://hydra/oauth2/auth?client=...&consent=example-id - As the consent request is granted but not claimed, and because Malice's user agent contains the valid CSRF token, Malice receives an authorize code that is meant to be issued to Bob.
- Malice can now act on Bob's behalf.
For this attack to work, the following preconditions must be met:
- Malice must be able to convince Bob to access the forged consent url.
- Malice must be able to convince Bob to grant the forged consent request.
- Malice must be able to prevent the consent app's redirect after successful consent request acceptance.
- Malice must be able to perform this attack within the expiry (10 minutes) of the consent request.
For these reasons, an exploit for this vulnerability is not likely, but possible.
This patch closes the described vulnerability by requiring a
consent_csrf value additional to the consent value in the query
parameters of the authorization url. Without that value, the authorization
code flow will not be successful. The consent_csrf is transmitted out-of-band
to the consent app and not accessible to Malice. Let's revisit the example
from above:
- Malice initiates an OAuth 2.0 Authorization Code Flow: https://hydra/oauth2/auth?client=...
- Hydra creates the consent request id and an additional CSRF token which is stored in the database and the encrypted cookie. Malice is not able to see the CSRF token.
- Hydra redirects malice to the consent app and appends consent id "example-id": https://consent-app/?consent=example-id
- Malice convinces Bob to open url https://consent-app/?consent=example-id and authorize the access request.
- The consent app would redirect Bob back to
https://hydra/oauth2/auth?client=...&consent=example-id&consent_csrf=csrf_token. The redirection URL is only accessible to the consent app and Bob's user agent. However, through some means, Malice is able to prevent redirection of Bob's user agent. - Malices does not know the value for
consent_csrf, accessinghttps://hydra/oauth2/auth?client=...&consent=example-idwithout settingconsent_csrfcauses the request to fail and the consent to be revoked.
This patch does not introduce breaking changes. Upgrading to the version which contains this patch does not require any code changes or deployment changes.
Unclassified
-
Resolves possible session fixation attack (69cc450):
This patch resolves a vulnerability in the consent flow. This vulnerability affects versions 0.10.0 ~ 0.11.5 only. Versions < 0.10.0 are not affected.
The vulnerability can be exploited as follows:
- Malice initiates an OAuth 2.0 Authorization Code Flow: https://hydra/oauth2/auth?client=...
- Hydra redirects malice to the consent app and appends consent id "example-id": https://consent-app/?consent=example-id
- Malice convinces Bob to open url https://consent-app/?consent=example-id and authorize the access request.
- The consent app would redirect Bob back to
https://hydra/oauth2/auth?client=...&consent=example-id. However, through some means, Malice is able to prevent redirection of Bob's user agent. - Malice accesses the original auth code url and appends the consent id:
https://hydra/oauth2/auth?client=...&consent=example-id - As the consent request is granted but not claimed, and because Malice's user agent contains the valid CSRF token, Malice receives an authorize code that is meant to be issued to Bob.
- Malice can now act on Bob's behalf.
For this attack to work, the following preconditions must be met:
- Malice must be able to convince Bob to access the forged consent url.
- Malice must be able to convince Bob to grant the forged consent request.
- Malice must be able to prevent the consent app's redirect after successful consent request acceptance.
- Malice must be able to perform this attack within the expiry (10 minutes) of the consent request.
For these reasons, an exploit for this vulnerability is not likely, but possible.
This patch closes the described vulnerability by requiring a
consent_csrfvalue additional to theconsentvalue in the query parameters of the authorization url. Without that value, the authorization code flow will not be successful. Theconsent_csrfis transmitted out-of-band to the consent app and not accessible to Malice. Let's revisit the example from above:- Malice initiates an OAuth 2.0 Authorization Code Flow: https://hydra/oauth2/auth?client=... - Hydra creates the consent request id and an additional CSRF token which is stored in the database and the encrypted cookie. Malice is not able to see the CSRF token.
- Hydra redirects malice to the consent app and appends consent id "example-id": https://consent-app/?consent=example-id
- Malice convinces Bob to open url https://consent-app/?consent=example-id and authorize the access request.
- The consent app would redirect Bob back to
https://hydra/oauth2/auth?client=...&consent=example-id&consent_csrf=csrf_token. The redirection URL is only accessible to the consent app and Bob's user agent. However, through some means, Malice is able to prevent redirection of Bob's user agent. - Malices does not know the value for
consent_csrf, accessinghttps://hydra/oauth2/auth?client=...&consent=example-idwithout settingconsent_csrfcauses the request to fail and the consent to be revoked.
This patch does not introduce breaking changes. Upgrading to the version which contains this patch does not require any code changes or deployment changes.
0.11.4 (2018-01-23)
docs: Incorporates changes from version v0.11.3
Documentation
- Incorporates changes from version v0.11.3 (c9d1bf1)
0.11.3 (2018-01-23)
teleme: Improves telemetry module and upgrades to segment 3.0.0 (#752)
Documentation
- Incorporates changes from version v0.11.2 (bf03815)
Unclassified
0.11.2 (2018-01-22)
oauth2: Protects consent flow against session fixation (#754)
Closes #753
Unclassified
- Protects consent flow against session fixation (#754) (a4b6888), closes #753
- Returns 404 only when policy allows getting a client (#751) (7c5786e)
0.11.1 (2018-01-18)
Resolves issues with pagination (#750)
Unclassified
- Resolves issues with pagination (#750) (9258083), closes #750
- Adds method to return ClusterURL without trailing slashes (#748) (9bff6e7), closes #650
0.11.0 (2018-01-08)
group: Resolves CI test issues by removing group
Documentation
- Adds documentation on third-party deps (#728) (260aec8), closes #716
- Incorporates changes from version v0.10.10 (297215f)
Unclassified
- Adds list groups command (f9d5c75)
- Adds ListGroup and limit + offsets (c0099f3), closes #732
- Adds offline_access scope alias (#724) (691e598), closes #722
- Adds pagination parsing helper (b0d40b4)
- Adds php registry dummy (#733) (e170231)
- Prints debug message to logs and evaluate transmitting it to clients too (#727) (40fc5e6), closes #715
- Replaces pagination parser with helper (14ebadf)
- Resolves CI test issues by removing group (82480e5)
- Stop requiring x-forwarded-proto (#731) (b83541c), closes #726
- Updates SDKs to implement list group capabilities (2e34c36)
0.10.10 (2017-12-16)
docs: Resolves issue with broken 5-minute tutorial
Closes #717
Documentation
- Incorporates changes from version v0.10.9 (61c4611)
- Resolves issue with broken 5-minute tutorial (1d1b945), closes #717
Unclassified
-
sdk/go: Resolves incorrect error message (#713) (1290660), closes #713 #686
-
Adds a dedicated command for importing policies (be54a75), closes #701
-
Adds list of supported auth methods to OIDC discovery (cba05b4), closes #695
-
Corrects group scope documentation (#710) (a58624c), closes #702
-
Makes scopes in token command configurable (#712) (ed2bc01), closes #711
-
Removes check for authorize code error in auth endpoint (0d08851)
-
Removes unknown claims from userinfo endpoint (7cb4ad2)
-
Sets requested at value in session (dd1a3f4)
-
Updates to fosite 0.15.2 (05354cb):
Improves detection of non-conform OIDC authorizations.
0.10.9 (2017-12-13)
pkg: Fixes returning nil instead of empty array in split
Documentation
- Incorporates changes from version v0.10.8 (a5583f0)
Unclassified
- Fixes returning nil instead of empty array in split (e852207)
0.10.8 (2017-12-12)
Reintroduces alpine based docker image
Closes #703
Documentation
- Adds introspection breaking change to upgrade guide (072e54b)
- Incorporates changes from version v0.10.7 (ad79f6c)
Unclassified
0.10.7 (2017-12-09)
oauth2: Redirects authorize code errors to consent app
Documentation
- Incorporates changes from version v0.10.6 (499a1a6)
Unclassified
-
Hydrates auth time value in id token (f10e49a):
This is only a preliminary solution and must be added to the consent flow.
-
Redirects authorize code errors to consent app (62547eb)
0.10.6 (2017-12-09)
oauth2: Adds ability to configure OIDC Discovery
Unclassified
-
Adds ability to configure OIDC Discovery (34c5f30)
-
Adds tests for userinfo endpoint and auth code exchange (e167aba)
-
Upgrades to fosite 0.14.2 (c208020)
-
Upgrades to fosite 0.15.0 (9e370de):
Improves conformity with OpenID Connect Certification.
0.10.5 (2017-12-09)
oauth2: Allows POST for userinfo endpoint
Documentation
- Incorporates changes from version v0.10.4 (3abcb69)
Unclassified
- Allows POST for userinfo endpoint (ae3904f)
0.10.4 (2017-12-09)
oauth2: Adds userinfo endpoint and improves OIDC discovery
Documentation
- Incorporates changes from version v0.10.3 (b2e7a8d)
Unclassified
- Adds basic userinfo endpoint (d404328), closes #652
- Adds userinfo endpoint and improves OIDC discovery (fabee0d)
0.10.3 (2017-12-08)
docs: Removes code climate badge
Documentation
- Removes code climate badge (25a123e)
0.10.2 (2017-12-08)
ci: Adds sudo for install doctoc globally in changelog task
Continuous Integration
- Adds sudo for install doctoc globally in changelog task (f1fb016)
0.10.1 (2017-12-08)
ci: Resolves permission denied issue in changelog
Continuous Integration
- Resolves permission denied issue in changelog (0a52ab8)
0.10.0 (2017-12-08)
ci: Adds git config to changelog task
Continuous Integration
- Adds git config to changelog task (ad3a1f7)
Documentation
-
Adds alt tags to images and resolves markdown typos (9587754)
-
Adds consent state machine (7b697b1)
-
Adds guideline for disclosing vulnerabilities (1b263ef)
-
Adds rest calls to consent state diagram (d3838f7)
-
Fixes RS256 -> HS256 typo in upgrade notes (a477ba7)
-
Fixes SDK links in guide (d4a9f23)
-
Improves changelog and release process (a0cdbb2)
-
Improves upgrade notes (4aa82fb)
-
Removes adopter list (e8427aa), closes #659:
Adopters have been removed as most do not want to be publicly identified, in case of security issues with the open source software.
-
Removes alpha tags from docker images (c24eb35)
-
Updates history.md for 0.10.0-alpha.22 release (df1c91e)
-
Updates upgrade notes to 0.10.0 (c939999)
-
Use docker network instead of links in installation tutorial (7963ed0), closes #555
Unclassified
- Makes policy resource names prefixes configurable (#672) (aee603b), closes #672
- Adds storing subject in token tables (#674) (7d5d857), closes #658
- Adds test for LogError (#682) (9fb69ee)
- Fixes clients being able to revoke any token (#677) (df8e6eb), closes #676
- Removes incorrect audience field from introspection response (c630f8e)
- Renames ES521 key generation algorithm to ES512 (233aa79), closes #651
- Requires firewall check for introspecting access tokens (#678) (f5b6558)
- Update telemetry identification (#654) (84bcd68)
- Updates CLI outputs and adds newlines (0a54cdf)
0.10.0-alpha.21 (2017-11-27)
cmd: Fix 'hydra policies subjects remove ' adding the subject instead. (#665)
Signed-off-by: James Nicolas james.nicolas@tulip.io
Unclassified
0.10.0-alpha.20 (2017-11-26)
cmd: Added cors support to host process
Closes #506
Unclassified
0.10.0-alpha.19 (2017-11-26)
vendor: Upgraded ladon and dockertest versions
Documentation
- Update hydra versions (9b39795)
Unclassified
- Make low entropy RSA key generation explicit in function name (bb960fe)
- Upgraded ladon and dockertest versions (0a83f1b)
0.10.0-alpha.18 (2017-11-06)
ci: Use sudo to update npm in release job
Continuous Integration
- Use sudo to update npm in release job (d67d703)
0.10.0-alpha.17 (2017-11-06)
ci: Upgrade npm in release job
Continuous Integration
- Upgrade npm in release job (dd8a20d)
0.10.0-alpha.16 (2017-11-06)
ci: Fix typo in workflow job
Continuous Integration
- Fix typo in workflow job (de53535)
Documentation
Unclassified
- Add run command to docker test (f2ed30f)
- Fix typo in invalid credentials message (a69ba65)
- Resolve static build issues (811293a)
0.10.0-alpha.15 (2017-11-06)
docker: Make hydra executable
Unclassified
- Make hydra executable (93242ce)
0.10.0-alpha.14 (2017-11-06)
oauth2: Resolve race condition in consent memory manager
Closes #600
Unclassified
- Resolve race condition in consent memory manager (39e7dfe), closes #600
- Resolve race condition in fosite memory manager (c465e57)
0.10.0-alpha.13 (2017-11-06)
docker: Stop building from source in docker image (#645)
closes #374
Unclassified
0.10.0-alpha.12 (2017-11-06)
doc: write history for 0.10.0-alpha.11
Documentation
Unclassified
- Add license header to all source files (#644) (dcbd6d8), closes #644 #643
- Require url-encoding of root client id and secret (#641) (232caa7)
- Write history for 0.10.0-alpha.11 (8c12bf1)
0.10.0-alpha.10 (2017-10-26)
ci: use node 8.x branch with npm for publish
Continuous Integration
- Use node 8.x branch with npm for publish (3175a70)
Documentation
- Update build status badge in readme to circleci (c5e0622)
0.10.0-alpha.9 (2017-10-25)
tests: resolve issue with postgresql connectivity
Documentation
-
Fix bash command and version used in tutorial (#622) (4a060a4):
-
bash command that contain regex needs to be quoated, version doesnt exists
-
bumped version up to 0.10.0-alpha.8
-
-
Fixed spelling and wording (#624) (8dd21bd):
-
updated some language words and corrected spelling
-
updated docs to list that hydra now supports OpenID Connect Discovery
-
-
Update history.md for 0.10.0-alpha.9 (525214c)
-
Updated hydra version in the tutorial to v0.10.0-alpha.8 and consent app to v0.10.0-alpha.9 (#625) (affa64e)
-
Updated links to apiary as the old ones didn't link to the correct section of the page (#626) (6ecbfdc)
Unclassified
- Add curl to docker files (1475611)
- Remove unused numeric package (491a4dc)
- Resolve issue with postgresql connectivity (3850ce7)
- Run database tests in parallel (6aa2178), closes #617
- Update to jwk-go 0.3 and replace glide with dep (0b34388), closes #631
- Use cryptopasta library (aff8137)
- Use postgres and add consent manager test (d1ec310)
0.10.0-alpha.8 (2017-10-18)
cmd/server: SQLConnection should load SQLRequestManager
Closes #613
Documentation
Unclassified
- cmd/server: SQLConnection should load SQLRequestManager (bb1bf68), closes #613
- Add tests (2fdcc9d)
- Format js sdk and remove mock tests (#609) (14ad3e0)
- Gofmt (afdb1ab)
- Remove unused helpers (1182790)
0.9.14 (2017-10-06)
docs: remove old consent policy example
Documentation
- Remove old consent policy example (c74e4c2)
Unclassified
- Update docker compose file (5e1ceec)
0.10.0-alpha.7 (2017-10-06)
docker: update to consent app alpha.7
Unclassified
- sdk/js: resolve lower case issue in consent request model (e15bdf4)
- Update to consent app alpha.7 (0eff6b8)
0.10.0-alpha.6 (2017-10-05)
travis: run predeploy after success on tags
This is required because before_deploy is ran twice if multiple providers exist, see travis-ci/travis-ci#2570
Unclassified
-
Run predeploy after success on tags (7de505d):
This is required because before_deploy is ran twice if multiple providers exist, see travis-ci/travis-ci#2570
0.10.0-alpha.5 (2017-10-05)
scripts: make run-deploy executable
Unclassified
- Make run-deploy executable (5661c3e)
0.10.0-alpha.4 (2017-10-05)
travis: move deploy scripts to its own file
This is required because before_deploy is ran twice if multiple providers exist, see travis-ci/travis-ci#2570
Unclassified
-
Move deploy scripts to its own file (90d1086):
This is required because before_deploy is ran twice if multiple providers exist, see travis-ci/travis-ci#2570
-
Skip cpu intense jwk generation in short mode (2c4539b)
0.10.0-alpha.3 (2017-10-05)
travis: resolve deployment issues
Unclassified
- Resolve deployment issues (c93dcdb)
0.10.0-alpha.2 (2017-10-05)
travis: resolve deployment issues
Documentation
- Fix sdk links (26a29ef)
Unclassified
- Re-add goveralls (945a3b4)
- Remove deprecated http manager (6dc05a4)
- Resolve deployment issues (39c02c6)
0.10.0-alpha.1 (2017-10-05)
docker: update to go 1.9 and update compose.yml
Documentation
- Add API version note (ac169d5)
- Add wildcard scope strategy documentation (cff04d7)
- Clarify tls termination functionality (703f2c8)
- Clean up stale contribute.md (0c458d3)
- Document go and js sdk (c20a461)
- Document go sdk (4c40a48)
- Fix exists -> exits typo (2e7d02b)
- Improve 0.10.0 history (b99e7ac)
- Link history.md to new consent flow section (6004275)
- Notify upgrades of scope change (9ab6d97)
- Remove consent jwk hints (1dd4b67)
- Remove old resources (39801ea)
- Scopes are now wildcard matches (df9ae75)
- Write docs on new consent flow (e6f014b)
- Write down changes to history.md (fb4935a)
Unclassified
- sdk/js: set version to latest to prevent accidental publish (8991798)
- sdk/go: add helpers for oauth2 configuration (44194be)
- docs/sdk: link sdk docs to readme files (bcb5459)
- sdk/js: officially publish nodejs sdk (c007c78)
- sdk/go: write interfaces for APIs & responses (3785212), closes #593
- warden/group: refactor group sdk and group management interface (7366b1e)
- cmd/cli: implement policy handler based on swagger client (fbdd4eb)
- cmd/cli: fake-tls-termination and refactoring errors checks (4486d4c)
- cmd/client: use new sdk for client cli (e941e0e)
- sdk/go: switch to resty master for oauth2 compatibility (9692e9f)
- sdk/go: move go sdk to appropriate package (3633b90)
- cmd/cli: typo connection -> policy (#592) (94eb5ac), closes #592 #583
- Adapt to new consent manager (6c5a7bb)
- Add go-resty to glide dependencies (5805e69)
- Add gofmt testing (4ca7780)
- Add hydra to swagger tags (b6c01d5)
- Add memory manager instantiator (4f77e67)
- Add node and go SDK from swagger codegen (a6e4809)
- Add short mode for tests (fa46211)
- Add swagger codegen cli to repo (b1484f5)
- Allow redirects in resty client (b703388)
- Appropriately handle client secret responses (96df498)
- Clean up sdk tests (c026f4b)
- Finalize SDK tests (cc970d9)
- Finalize tests and format (fcb14db)
- Fix binary building (#596) (22ca5b8)
- Force linefeed (653f175)
- Force linefeed on windows (7943f59)
- Force swagger array type in list response (a440d8a)
- Implement policy sdk and tests based on swagger (c47d8d1)
- Implement swagger based SDK and write tests (433e57c)
- Implement swagger-based sdk (7837071)
- Implement swagger-based sdk (87b893e)
- Improve scripts (b9bb146)
- Improve swagger definitions (0c05da3)
- Improve swagger documentation of all modules (6fe4bb2)
- Improve swagger spec and generate/test client for revoke (412667b)
- Make scripts executable (989bfce)
- Move sdk one directory down (364cd90)
- Ran gofmt and goimports (57fdfe9)
- Reduce tags to one and clean up sdk (8fcc8cb)
- Remove obsolete http manager (81bfdf2)
- Remove outdated consent helper (5d29fda)
- Remove payload from warden token response name (2dcee12)
- Remove swagger-codegen jar from git (94bd5bd)
- Rename audience to client_id/clientId (6c51606), closes #595
- Replace HierarchicScopeStrategy with WildcardScopeStrategy (a62b9f9), closes #550
- Replace jwk-based with http-based consent flow (fc3ee34), closes #578
- Replace pkg.AssertError with testify error checks (8560a1c)
- Replace response shorthands with more readable names (becafd0)
- Resolve failing test (e600d28)
- Resolve race issue (adf99e0)
- Return array instead of object on list endpoint (b4faac6)
- Return consent deny reason to oauth2 initiator (a835a54)
- Revert audience changes (1754b6f)
- Run gofmt (459b6f5)
- Run gofmt (b786e70)
- Scripts now format sdk files as well (cf5ab6b)
- Update format script (2c79a31)
- Update fosite dependency (463314e)
- Update glide.lock (89fa18e)
- Update scripts and format code (5b9c7f8)
- Update sdk definitions (b5109f8)
- Update sdk generator script (c99e401)
- Update swagger definitions (d43a594)
- Update swagger definitions (52e83a8)
- Update swagger definitions and codegens (97636bf)
- Update swagger definitions and combine in hydra interface (5a27d4b)
- Update swagger definitions and fix failing tests (92fe6bb)
- Update swagger location (dc9738c)
- Update to fosite 0.11.0 (d0a7e77), closes #460 #550 #556
- Update to go 1.9 and update compose.yml (f8dd4a1)
- Write swagger docs (635d0a1)
- Write test for handling consent deny (df5f415), closes #597
- Write test for swagger codegen sdk (c71c1e7)
0.9.13 (2017-09-26)
health: disable TLS restriction for health check (#587)
Removes TLS restriction on health endpoint when termination is set - closes #586
Documentation
- Install.md port typo (#566) (5a4325d)
- Update banner (df91ba6)
- Update banner in readme (3a78859)
- Update banner in readme (87999b1)
- Update gatekeeper section (53f7d64)
- Update readme (2f0ccb9)
- Update readme (f831da8)
- Update readme (f53e0f2)
- Update readme (c94ba07)
Unclassified
- Update README.md (12bb9c3)
- Update README.md (d55bf91)
- Update README.md (4569f1b)
- Update README.md (478a19d)
token usershould use clusterurl instead of empty string (#582) (89d429e), closes #581- Disable TLS restriction for health check (#587) (b1169ad), closes #586
- Give meaningful hint when subject claim is empty (#554) (3f01ff8), closes #460
- Update to ladon 0.8.2 (#570) (c2adce2)
- Update various dependencies (#579) (f4176a6), closes #571
0.9.12 (2017-07-06)
vendor: update glide lock
Documentation
-
Move install section on top of security in toc (97c2237)
-
Update badge alignment (1d41a50)
-
Update badges, install guide and tutorial (#545) (07a7fdd):
- docs: update badges in readme
- docs: update install guide and tutorial
-
Update header (50aa87b)
-
Update ocs section (e0fe736)
-
Update ocs section in the reademe (4622f97)
Unclassified
- cmd/token/user: fix auth and token-url mixup (34d8404)
- Gofmt -w -s (13c6915)
- Refresh tokens are no longer proof of authZ (d38dcf3), closes #549
- Resolve broken import (9efe853)
- Resolve logrus case mess (b480a3e)
- Update glide lock (4651a23)
0.9.11 (2017-06-30)
docs: added step-by-step install guide
Documentation
- Add issue template (749dd2e)
- Add pr tempalte (9f15309)
- Add product teasers (#543) (32c0c14)
- Added step-by-step install guide (9268e02)
Unclassified
- cmd/token/user: cluster is now auth-url/token-url (705b473)
- Create CODE_OF_CONDUCT.md (c689e33)
- Update PULL_REQUEST_TEMPLATE.md (42f5eeb)
- Update ISSUE_TEMPLATE.md (8b5ff5f)
- Remove skip-tls-verify warning (e30b3c3)
- Return "ok" response instead of 204 (888ec56)
0.9.10 (2017-06-29)
vendor: update fosite to remove forced nonce (#542)
Documentation
- Clarify health check section in install (57022eb)
- Update "Build from source" section to actual state (#534) (10ff151)
- Update install.md (5d1bd50)
Unclassified
- cmd/host: move status info to dedicated endpoint (b872f0b), closes #532
- Form-urldecode authorization basic header (#537) (0868e80), closes #536
- Update fosite to remove forced nonce (#542) (1e2ad84)
0.9.9 (2017-06-17)
cmd: add test for get handler
Unclassified
- cmd/policy/create: exit on error - closes #527 (4fd7e9d), closes #527
- cmd/cli/client: added get handler (075b4c2)
- Add test for get handler (bb31d76)
0.9.8 (2017-06-17)
oauth2: resolve session issue with deep nested session
Closes #512
Documentation
- Add consent app client guidance to faq (6abd26d)
Unclassified
- Added failing test case for #512 (0f98e88)
- Resolve session issue with deep nested session (a89a470), closes #512
- Update to ladon 0.8.0 - closes #503 (#528) (23902a0)
0.9.7 (2017-06-16)
cmd/server: supply admin client policy with id
Documentation
Unclassified
- cmd/server: supply admin client policy with id (1ff9838)
0.9.6 (2017-06-15)
all: add ability to load database connectors from plugins
Unclassified
- Add ability to load database connectors from plugins (f64771f)
0.9.5 (2017-06-15)
vendor: upgrade ladon to 0.7.7 (#523)
Unclassified
0.9.4 (2017-06-14)
all: improve test exports (#521)
Documentation
Unclassified
0.9.3 (2017-06-14)
oauth2: use issuer-prefixed auth URL in challenge redirect (#509)
In order to support running Hydra with a different path prefix behind a proxy, issue a challenge token with an issuer-prefixed auth redirect URL instead of the URL received with the auth request.
Signed-off-by: Wyatt Anderson wanderson@gmail.com
Documentation
Unclassified
-
Add tests for refresh token grant (8af0df5)
-
Use issuer-prefixed auth URL in challenge redirect (#509) (688103c):
In order to support running Hydra with a different path prefix behind a proxy, issue a challenge token with an issuer-prefixed auth redirect URL instead of the URL received with the auth request.
0.9.2 (2017-06-13)
cmd/server: print full error message on http startup (#514)
Towards #513
Unclassified
0.9.1 (2017-06-12)
client: export tests (#510)
Unclassified
- Add auto migration image (#502) (62eb355)
- Export tests (#510) (e6920d3)
- Improve metrics (#508) (163b439)
0.9.0 (2017-06-07)
metrics: add metrics and telemetry package (#500)
Documentation
- Add FAQ on missing migrate in docker image (#498) (6f38157), closes #484
- Add scopes to oauth2 (#495) (8b412fc)
Unclassified
- warden/group: add rollback to transactions (#494) (6feffb2), closes #494
- Add metrics and telemetry package (#500) (a04e6f2)
- Add simple example of hydra sdk (#499) (4d3a6ad), closes #358
- Upgrade to ladon 0.7.4 - closes #350 (#497) (874c62d)
0.8.7 (2017-06-05)
client/manager_sql: return an empty slice if string is empty (#491)
Signed-off-by: Mohamedh Fazal mohamedhfazal@gmail.com
Unclassified
- client/manager_sql: return an empty slice if string is empty (#491) (e88fdb7), closes #491
- oauth2/introspect>: resolve 401 on invalid token (#492) (9e0cb23), closes #492 #457
- Implement --fake-tls-termination flag (#493) (79580e1)
0.8.6 (2017-06-05)
oauth2: allow redirection to client if consent was denied (#489)
- oauth2: allow redirection to client if consent was denied
Closes #371
- oauth2: allow redirection to client if consent was denied
Closes #371
Documentation
-
Add health check to swagger and resolve swagger issues (#488) (ddca997), closes #355
-
Added sections on install errors (6c22c4a)
-
Update docker instructions in readme (485f073)
-
Update swagger definition for warden groups (#476) (401466e):
-
update swagger group members
-
update
Signed-off-by: pbarker pbarker@datapipe.com
- swagger update
Signed-off-by: pbarker pbarker@datapipe.com
-
Unclassified
-
oauth2/introspect: send issuer in introspection (a9f500b), closes #399
-
pkg/errors: make ErrNotFound return a status code (#486) (6688b94), closes #486 #348
-
jwk/handler: nest ac check and resolve stray log message (#487) (694bf57), closes #487 #271
-
cmd/policies: description is a string field, not slice (#485) (0f73971), closes #485 #472
-
client/manager: remove merging of stored and updated client (#478) (af88368), closes #478
-
Allow redirection to client if consent was denied (#489) (48c229b), closes #371 #371:
- oauth2: allow redirection to client if consent was denied
-
Update to latest versions (2f617c5)
-
Update to latest versions (#482) (83118d1):
-
vendor: update to latest versions
-
vendor: update to latest versions
-
vendor: update to latest versions
-
vendor: update to latest versions
-
0.8.5 (2017-06-01)
cmd/server: resolve gorilla session mem leak - closes #461
Unclassified
- cmd/server: resolve gorilla session mem leak - closes #461 (baf60d2), closes #461
- Fix spelling of challenge (#471) (851fea5)
- Remove unused implicit grant storage (#469) (8acf0f9)
0.8.4 (2017-05-24)
config: connect to cleaned DSN
Closes #464
Documentation
- Add running hydra in production section (138c7cd)
- Hint to kubernetes helm chart - see #430 (69f0c2f)
- Update jwk resource names in consent app guide (8f1330b)
Unclassified
0.8.3 (2017-05-23)
config: remove sql control parameters from dsn before connecting
Closes #464
Documentation
- Change readme sections and ordering of sponsors (6e631ab)
- Update banner (1ca4780)
- Update ory hydra for enterprise section (e81bf43)
- Update readme header (4cb2d2f)
Unclassified
- Remove sql control parameters from dsn before connecting (7d6a6e7), closes #464
- Resolve issue with offset and limit in policy listing (#459) (9d833a2)
0.8.2 (2017-05-10)
oauth2: add key id to jwt header - closes #433
Signed-off-by: pbarker pbarker@datapipe.com
Unclassified
- Add key id to jwt header - closes #433 (0d64c67)
- Adds /.well-known/openid-configuration - closes #379 (3769676)
- Improve error message for when database tables are missing (a0a6ad1)
0.8.1 (2017-05-08)
ci: resolve publishing travis go 1.8
Continuous Integration
- Resolve publishing travis go 1.8 (1205c34)
0.8.0 (2017-05-07)
ci: resolve travis issues
Continuous Integration
- Resolve travis issues (b16c0f3)
Documentation
✏️ minor grammar typo in security doc (#452) (ebac781)- Add faq sections for ropc and mobile (1170093)
- Add history doc (85b69b8)
- Add oauth2 native link (5cd1253)
- Add offline scope to swagger (8750718)
- Add scopes docs, move swagger json to yaml (0fd52b2)
- Add security section (5af56c3)
- Add swagger docs for the client endpoint (ede8768)
- Add swagger spec for listing clients (a9d50cf)
- Add who is using it section (4c7551c)
- Beef up security docs (52c7336)
- Improve client swagger specs and add jwk specs (c613540)
- Improve documentation (dcc090d)
- Re-add tutorial on consent app by @matteosuppo (67ffe33)
- Remove rethinkdb from readme (fb84d5e)
- Update security section in readme (b88abf1)
- Update swagger description (c536685)
- Update typos in history (1f898ba)
Unclassified
- docker-demo: get dockerfile working again (d47410e)
- warden/group: fix c&p typos (7efb71f)
- config/sql: implement ability to handle sql parallelism (d9ae845)
- Add migrate dummies (5b2e737)
- Added swagger docs for the rest of the apis (0ebf0ec)
- Allow setting SkipTLSVerify option value (#448) (3cfab4e)
- Finalize ladon and logrus changes (b764c8e)
- Fix typo (b3a4486)
- Goimports (1f65068)
- Goimports (0985a59)
- Goimports (91dc026)
- Goimports (9be2ff3)
- Implement better migration handling (819d4b4)
- Implement list functionality (bde0aa6)
- Implement listing policies (f16cb77)
- Improve openid connect error message - closes #439 (dbf2b33)
- Introduce log_format and log_level (ada626c)
- Limit maximum open connections, document timeout options through DSN (fa8d15c), closes #359
- Move move most writers in handlers to ory/herodot (708c1a2)
- Move move ory-am/ladon to ory/ladon (e02b017)
- Move to new ladon structure (9cae465)
- Move to new org (e912acc)
- Move to one logrus instance (2869ed1)
- Reflect ladon memory manager changes (e3a3837)
- Remove context from herodot calls (ca898d6)
- Remove graceful (15ca194)
- Remove redis and rethinkdb adapters (af52e68)
- Rename GetAll to List (2313570)
- Resolve issues with jwk manager (11da23b)
- Resolve remaining test issues (cb97cd1)
- Resolve test issues (f7ce565)
- Resolve test issues with memory adapter (2c3c8e3)
- Update glide lockfile (4fdda53)
- Upgrade consent app image (c95ab53)
- Upgrade glide (6f696b1)
- Upgrade glide (d6b12cc)
0.7.13 (2017-05-03)
vendor: upgrade fosite to resolve regression issue (#446)
Documentation
Unclassified
0.7.12 (2017-04-30)
herodot: resolve issue with infinite loop caused by certain error chain (#442)
Closes #441
Unclassified
0.7.11 (2017-04-28)
vendor: resolve issues with glide lock file (#438)
Unclassified
0.7.10 (2017-04-14)
vendor: update redis imports
Documentation
- Add enterprise edition note to readme (31954ad)
- Changes apiary url to current version (d8ce401)
- Remove references to uname from docs (#423) (842e140)
- Resolve broken build instructions in readme - closes #420 (#421) (a209990)
- Update apiary links in readme (#409) (48b0677)
- Update enterprise edition section (6ebe835)
- Update enterprise edition section (e152ce6)
Unclassified
-
docs/tutorial: update bash command (#412) (e40db39), closes #412:
updating bash command to
/bin/sh -
Improves doc by dropping brackets in cmd usage (#415) (d60625d)
-
Update gorethink imports (77deb6c)
-
Update redis imports (d6fd930)
0.7.9 (2017-04-02)
vendor: updated ladon version in glide.lock (#404)
Unclassified
- Add golang consent example (22e33c4)
- Fix typo (4827507)
- Updated ladon version in glide.lock (#404) (de2c4bb)
0.7.8 (2017-03-24)
sdk: improve consent api and docs
Documentation
- Add articles section (4722b8c)
- Add example policy for consent app signing (#389) (879d05b)
- Added information about auth code exchange to oauth2 docs (#392) (26a1284)
- Update docker hub repo references (b08d521)
Unclassified
- Add consent helper - closes #397 (e182085)
- Add documentation to the consent sdk (63f8dc4)
- Deleting a group creates it - closes #383 (2038e8c)
- Gitter link doesn't work - closes #386 (dd6ad40)
- Gofmt -w -s (b22d26f)
- Improve consent api and docs (93bb521)
- Introduction (e4e5199)
- New constent app image (1a347a3)
- Redirect_uri domains are case-sensitive - closes #380 (b5378d4)
- Reduce docker image size (b8c10c3)
- Resolve ci issues and improve readme (51fd393)
- Resolve typo in host command (#391) (a910a35)
- Update libraries section (681dc8c)
- Update libraries section and introduction (57e0055)
0.7.7 (2017-02-11)
oauth2: invalid consent response causes panic - closes #369
Unclassified
0.7.6 (2017-02-11)
config: remove unused import
Unclassified
- Force hydra-idp-react version (7cf5d79)
- Remove unused import (0401de9)
- Resolve issue with cookie store (5331bbb)
- Update ory references (8fc3c7b)
0.7.3 (2017-01-22)
policy: investigate potential sql connection leak - closes #363
Unclassified
-
policy: investigate potential sql connection leak - closes #363 (fe31f1f), closes #363
-
Update fosite_store_redis.go (#361) (65b4584):
There was an additional quote on the JSON struct tag.
0.7.2 (2017-01-02)
vendor: update to fosite 0.6.12 - closes #342
Unclassified
- Improve sql migration routine and add test (4f931cd)
- Remove stray log (971d7ba)
- Update to fosite 0.6.11 - closes #338 (c59d8a4)
- Update to fosite 0.6.12 - closes #342 (699163f)
0.7.1 (2016-12-30)
groups: fix issue with sql migration
Unclassified
- Fix issue with sql migration (5b42537)
0.7.0 (2016-12-30)
oidc: at_hash / c_hash mismatch - closes #338
Documentation
- Update five minute tutorial (fc830c5)
Unclassified
- oidc: at_hash / c_hash mismatch - closes #338 (fcdf664), closes #338
- api docs (57d2d5b)
- groups improve (ffc9ad4)
- oauth2/consent: force jti echo in consent response -closes #322 (e93840d), closes #322
- cmd: add configuration options for
hydra token user- closes #327 (f5f371d), closes #327 - Add group management - closes #68 (ce46d45)
- Add sql migrations - closes #194 (40bcc24)
- Clean up docker files (0316825)
- Correct error wrapping (07441f9)
- Fix tests (136453f)
- Glide update (86e88b8)
- Gofmt -w -s . (0383022)
- Gofmt -w -s . (5aed256)
- Improve error handling (00cc2ca)
- Improve error handling (def560c)
- Provide rest endpoint for policy updates - closes #305 (257a447)
- Remove api spec (491dcf8)
- Resolve issue with firewall set up (bdd3d88)
- Resolve issues with SQL migration and update dockerfiles (35548a8)
- Update glide dependencies (9ff9fd4)
0.6.10 (2016-12-26)
oauth2: improve error responses returned by http introspector
Unclassified
0.6.9 (2016-12-20)
openid: support response_type=code id_token - closes #332
Documentation
- Make it clear that docker-compose is only for the example (20c8681)
Unclassified
-
openid: support response_type=code id_token - closes #332 (9dcc41b), closes #332
-
Replace newline in HTTP_TLS (5a4a2e8):
HTTPS_TLS_CERT and HTTPS_TLS_KEY environment variables can contain \n see:https://github.com/ory-am/hydra/blob/master/cmd/host.go This commit replaces the \n character with an actual newline to allow the tls package to correctly create a X509 key pair.
-
Resolve issues with LOG_LEVEL and log confidentiality (37be2ba), closes #324
0.6.8 (2016-12-06)
oauth2: resolve issue with expires_in value
Unclassified
- Http introspector should return well known error (0abfbfd)
- Resolve issue with expires_in value (c06dc36)
0.6.7 (2016-12-04)
vendor: update glide yaml
Unclassified
- Improve cli and oauth2 error reporting (3d61a70)
- Migrate to dockertest v3 and resolve broken tests (6f356d1)
- Update glide yaml (c9a77fa)
0.6.6 (2016-12-04)
cmd/connect: allow passing values as flags
Documentation
Unclassified
- cmd/connect: allow passing values as flags (3b0b943)
- --name should be before the image's name (9a71e18)
0.6.5 (2016-11-28)
store/redis: redis backend for hydra (#313)
Signed-off-by: Son Dinh son.dinh@blacksquaremedia.com
- oauth2: Add Redis manager
- jwk: Add Redis manager
- cmd/server: Add Redis handlers to factories
- config: Add Redis connections
- core: Update documentation; update Redis deps
- docker: Add redis container to compose
- oauth2/redis: Remove tokens signatures from set store on revoke
- cmd/host: Change Redis documentation port to database default
- docker: Comment out non-default Hydra backends on compose
Unclassified
-
store/redis: redis backend for hydra (#313) (32f5caf), closes #313:
- oauth2: Add Redis manager
- jwk: Add Redis manager
- cmd/server: Add Redis handlers to factories
- config: Add Redis connections
- core: Update documentation; update Redis deps
- docker: Add redis container to compose
- oauth2/redis: Remove tokens signatures from set store on revoke
- cmd/host: Change Redis documentation port to database default
- docker: Comment out non-default Hydra backends on compose
0.6.4 (2016-11-22)
oauth2/recovation: resolve issues with tests
Unclassified
- oauth2/recovation: resolve issues with tests (2e58355)
- docs: clean up TokenValid leftovers - closes #310 (994b596), closes #310
- oauth2/revocation: token revocation fails silently with sql store - closes #311 (7d3cb4e), closes #311
0.6.3 (2016-11-17)
oauth2: resolve issues with token introspection on user tokens (#309)
Documentation
Unclassified
0.6.2 (2016-11-05)
client/mysql: fix missing client_name (#303)
Signed-off-by: John Wu johnwu96822@gmail.com
Unclassified
0.6.1 (2016-10-26)
0.6.1 (#301)
- manager/mysql: MySQL DB not creating on start – JSON column types only supported from MySQL 5.7 and onwards - closes #299
- docs: improve gitbook front page
Documentation
- Fix some minor typos and the broken tutorial links (#298) (1bbd6ed)
- More docs (955200c)
- Update readme (1215e98)
- Update README (bce141f)
- Update README (eff6b86)
Unclassified
0.6.0 (2016-10-25)
0.6.0 (#293)
- oauth2: scopes should be separated by %20 and not +, to ensure javascript compatibility - closes #277
- oauth2/introspect: make endpoint rfc7662 compatible - closes #289
- warden: make it clear that ladon.Request.Subject is not required or break bc and remove it - closes #270
- travis: execute gox build only when new commit is a new tag - closes #285
- docs: improve introduction (#267)
- core: (health) monitoring endpoint - closes #216
- oauth2/introspect: make endpoint rfc7662 compatible - closes #289
- connections: remove connections API - closes #265
- oauth2: token revocation endpoint - closes #233
- vendor: update to fosite 0.5.0
- core: add sql support #292
- connections: remove connections API - closes #265
- all: coverage report is missing covered lines of nested packages - closes #296
- cmd: prettify the
hydra token useroutput - closes #281 - travis: make it possible for travis-ci to build forked repos - closes #295
Unclassified
- 0.6.0 (#293) (8256356), closes #293 #277 #289 #270 #285 #267 #216 #289 #265 #233 #292 #265 #296 #281 #295
- Build only on tags and go1.7 (#288) (f5299a1)
- Fix typo in host command help text (#291) (6b9dd26)
0.5.8 (2016-10-06)
oauth2: refresh token does not migrate session object to new token - closes #283 (#284)
Unclassified
0.5.7 (2016-10-04)
jwk: add use parameter to generated JWKs - closes #279 (#280)
Unclassified
0.5.6 (2016-10-03)
oauth2: scopes should be separated by %20 and not +, to ensure javascript compatibility (#278)
- herodot: improve error logging
- oauth2: scopes should be separated by %20 and not +, to ensure javascript compatibility - closes #277
Unclassified
-
Fix #272 typos in the host command controls (#276) (efc7e58)
-
Replace HYDRA_PROFILING with PROFILING - closes #274 (#275) (16209f6)
-
Scopes should be separated by %20 and not +, to ensure javascript compatibility (#278) (e33df89), closes #277:
- herodot: improve error logging
0.5.5 (2016-09-29)
docker: fix typo in docker-http image
Unclassified
- Fix typo in docker-http image (7d16c7e)
0.5.4 (2016-09-29)
docker: resolve issue with docker-http image
Unclassified
- Resolve issue with docker-http image (407d650)
0.5.3 (2016-09-29)
docker: add http-only dockerfile and upgrade to go 1.7 base image (#273)
Documentation
- Fix typo in consent.md (575f2e5)
Unclassified
0.5.2 (2016-09-23)
client: owner should be fetched from original client when updating
Unclassified
- Owner should be fetched from original client when updating (06077e9)
0.5.1 (2016-09-22)
0.5.0 (#243)
- cmd: hydra token user should show id token in browser - closes #224
- cli: hydra clients import doesn't print client's secret - closes #221
- travis: ld flags are wrong - closes #242
- all: resolve naming inconsistencies in jwk set names used in hydra - closes #239
- sdk: resolve naming inconsistencies - closes #226
- docs: resolve gitbook issue with image assets
- jwk: anonymous request can't read public keys - closes #253
- client: add ability to update client - closes #250
- core: document hard-wired JWK sets - closes #247
- docs: fix images in readme - closes #261
Documentation
- Add notes on operational considerations (#252) (777e45b)
- Resolve gitbook issue with image assets (3c3b93e)
Unclassified
0.4.3 (2016-09-03)
travis: fix gox build process
Unclassified
- Fix gox build process (0575b43)
0.4.2-alpha.3 (2016-09-02)
travis: dpl is not accepting API keys
Unclassified
- Dpl is not accepting API keys (05fe98d)
0.4.2-alpha.2 (2016-09-01)
travis: resolve issues with autodeploy
Unclassified
- Resolve issues with autodeploy (a0ae42d)
0.4.2-alpha.1 (2016-09-01)
travis: resolve deploy issues
Unclassified
- Resolve deploy issues (30350ca)
0.4.2-alpha (2016-09-01)
Documentation
- Add 3rd party section to readme (3f80cc9)
- Add a feature overview (a12f353)
- Add section "what's it good for" (c77f435)
- Add what is hydra / what is hydra not section (975b2ce)
- Fix broken tutorial link in readme (107c94c)
Unclassified
- docs/demo: improve tutorial (837476d)
- docs/sdk: fix typo in policy condition (448fc3e)
- docs/sdk: improve sdk examples (8eea29f)
- Firewal.Audience overridden with requesting clients subject in TokenAllowed and TokenValid (#236) (d5c267f)
- Resolve regression issue in tests and wrong scope definition (8911e0f)
- Update fosite 0.3.0 (39b3fc3)
- Updated jwt-go to 3.0.0. Also fixed a few go vet issues. (7ab95c5)
- Versioned automated builds (76c23f8), closes #210 #218
0.4.1 (2016-08-18)
cmd: resolve issue with token user flow (#212)
Unclassified
- 0.4.0 (#203) (cd6daed), closes #203 #199 #201 #200 #205 #198 #204
- Update book.json (c8c67dc)
- Create book.json (27cc32f)
- Add introspection to the sdk (4b24be4)
- Fix broken image links (c1d3e88)
- Fix broken links (b9b755a)
- Instantiate token introspection (56a9eda)
- Resolve issue with token user flow (#212) (8230eac)
0.3.1 (2016-08-17)
all: resolve and test for issues in rethinkdb coldstart - closes #207
Documentation
- Resolve broken examples in the docs, add badges and code documentation (0baa04e)
Unclassified
0.3.0 (2016-08-09)
0.3.0 (#195)
- cmd: resolve broken formatting issue
- client: field scopes should be scope
- config: fix broken system secret method and add test case for it
- client: scope should be scope in rethinkdb too
- client: scope should be scope in rethinkdb too
- oauth2: resolve import paths broken by goimports
Unclassified
-
0.3.0 (#195) (95ff77d), closes #195:
- cmd: resolve broken formatting issue
- client: field scopes should be scope
- config: fix broken system secret method and add test case for it
- client: scope should be scope in rethinkdb too
- client: scope should be scope in rethinkdb too
- oauth2: resolve import paths broken by goimports
0.2.0 (2016-08-09)
- warden: rename
assertiontotoken- closes #158 - config: do not log database credentials - closes #147
- oauth2: upgrade fosite - close #160
- config: do not store database config in hydra config - closes #164
- oauth2: id_token at_hash / c_hash is null - closes #129
- jwk: improve error message of wrong system secrect - closes #104
- readme: improve images, add benchmarks - closes #161
- cmd: improve connect dialogue - closes #170
- cmd: fix --dry option - closes #157
- firewall: document warden interface sdk
- readme: link openid connect and oauth2 introduction
- cmd: introduce FORCE_ROOT_CLIENT_CREDENTIALS env var - closes #140
- readme: document error redirect to identity provider - closes #96
- internal: fosite store must be consistent to avoid errors - closes #176
- client: add GetConcreteClient to http manager
- cmd: host process now logs basic information on all http requests - closes #178
- all: add memory profiling - closes #179
- warden: resolve nil pointer issue - closes #181
- cmd: clean up env to struct mapping, add more controls
- cmd: bcrypt cost should be configurable - closes #184
- cmd: token lifespans should be configurable - closes #183
- cmd: resolve issues with envirnoment config - closes #182
- cmd: implement tls termination capability - closes #177
- cmd: resolve issues with redirect logic and TLS
- oauth2: implement default oauth2 consent endpoint - closes #185
- warden - closes #188
- oauth2: id token claims should be set by using id_token - closes #188
- oauth2: oauth2 implicit flow should allow custom protocols - closes #180
- oauth2: core scope should not be mandatory - closes #189
- warden: warden sdk should not make distinction between token and request - closes #190
- warden: rename authorized / allowed endpoints to something more meaningful - closes #162
- ci: improve travis config
Documentation
Unclassified
-
🔥 0.2.0 (#165) (a297f7e), closes #165 #158 #147 #160 #164 #129 #104 #161 #170 #157 #140 #96 #176 #178 #179 #181 #184 #183 #182 #177 #185 #188 #188 #180 #189 #190 #162 -
ensure client endpoint is initialised for CLI "clients import" command (6070a80)
-
Resolve issues with warden and client api (#120) (c77d2dc), closes #120 #118 #119
-
🔥 0.1-beta2 (#90)🔥 (8593699), closes #90 #86 #91 #99 #93 #88 #97 #92 #89 -
⚡ vendor: switch to versioned gorethink api (#81) (15242e2), closes #81:- vendor: switch to versioned gorethink api
- readme: bug bounty / hall of fame
- readme: add fosite and ladon reference
-
🔥 0.1-beta🔥 (00fd93c) -
Update README.md (f0b40f1)
-
Remove go get of govet in .travis.yml (cff9754):
Fix error where vet cmd package cannot be found. The package seems to be included in go now. No need to download it anymore.
-
oauth/google: fixed status code error message (0b7b163)
-
oauth/google: fixed status code error message (8ed78e5)
-
Update README.md (acae0e7):
README: Updated smaller typo
-
Storage/RethinkDB: Added RethinkDB as backend storage. (cb9c2f4):
Storage/PostgreSQL: Updated some PostgreSQL tests. Hydra: Fixed smaller bugs.
-
handler.go:300: no formatting directive in Sprintf call (6ee1376)
-
handle multiple return values from gopass (8124765)
-
update accounts CLI Usage (9881e2a)
-
Update README.md (2fadfae)
-
Add Gitter badge (4f3d9ce)
-
oauth/provider/signin/signin.go: arg err for printf verb %d of wrong type: error (16fddf2)
-
cli/hydra-host/handler/tls.go: no formatting directive in Errorf call (78698d5)
-
Update README.md (be43ff6)
-
jwt/oauth: refresh grant now is tested and works properly (8d88305)
-
Update README.md (3e2e81a)
-
Update README.md (8510dd9)
-
Update LICENSE (62f7c67)
-
Update CONCEPTS.md (dd4df17)
-
Initial commit (5df442b)
-
Adapt ladon policy api changes (b8bacb0)
-
Add basic debug log level support (9686a91)
-
Add glide command to develop snippet (e513d2a)
-
Add glide command to install snippet (e62b3d3)
-
Add google group (ed5be40)
-
Add managed hydra note (3450300)
-
Add refact warning (07da6a0)
-
Add test cases for methods returning slices or maps of entities (#152) (e62e385)
-
Added benchmark section (39d2802)
-
Added connection and client handlers (47070f5)
-
Added godeps (ff027b5)
-
Added google provider (9ae9316)
-
Added heroku app.json (7c1d25e)
-
Added heroku deployment notes (98b83d7)
-
Added http/2 description (1f0d6f9)
-
Added microsoft and improved existing providers (b2d3e06)
-
Added mock for easier testing (fe25be6)
-
Added mock for easier testing (c4c1166)
-
Added policy endpoint to host process (c62cec5)
-
Added port and host env var descriptions (c32ac10)
-
Added possibility to skip CA check (09094f4)
-
Added procfile (1a38744)
-
Added start, client create and user create (69d39ca)
-
Added status section (cea52c6)
-
Added vagrant, fixed minor issues, added login capabilities, added examples (b79b547)
-
Allow loading certificates directly from env vars (62ecd3d)
-
Always return non-nil error when validation fails. (aca141d)
-
Attached policy handler to router (2d15cd7)
-
Authorization requests now properly set the code token subject (df189d6)
-
Badgemania (bb02665)
-
Beta preparations (5ab50dc)
-
Clarified storage message (8b9d41e)
-
Cleanup (0621e1a)
-
Cleanup (0fb905e)
-
Cleanup and issue resolving (29c943f)
-
Client libraries and refactoring (e77940f)
-
Client middleware works now (18d46f8)
-
Connect to rethinkdb with custom root certificate (#116) (74432b0):
-
Connect to rethinkdb with a custom certificate
-
Test importRethinkDBRootCA
Signed-off-by: Matteo Suppo matteo.suppo@gmail.com
- Move backend_connections tests
Signed-off-by: Matteo Suppo matteo.suppo@gmail.com
-
-
Create MAINTAINERS (adefff9)
-
Created provider handler (9338754)
-
Database connection is now only opened when required. (6ac8de5)
-
DROPBOX_CALLBACK's default value is now smarter (5f6457b)
-
Export AuthKey (0bec260)
-
Fix broken link in TOC (b40beda)
-
Fix client.GetClients() for multiple clients (#151) (93dc837), closes #150
-
Fix idiom (ebfc9a9):
"What it looks like", not "how it looks like" (Very common mistake)
-
Fix osin.CheckBasicAuth return value inconsistency (57d5427)
-
Fix typo in exemplary policy (386fb0c)
-
Fix typos (873a816)
-
Fixed default TLS and JWT filepaths (53827a2)
-
Fixed environment issues (d816e92)
-
Fixed error response (f2ee621)
-
Fixed issue when account is not existing (741ee9f)
-
Fixed nil pointer issue (7695692)
-
Fixed nil pointer issue (f09bc08)
-
Fixed null pointer in cli call to oauthHandler (e7a827f)
-
Fixed permission typo and tests (5a4ec4a)
-
Fixed smaller bugs and typos in RethinkDB and PostgreSQL. (aebd9d6), closes #53
-
Fixed tests on linux hosts (82c7431)
-
Fixed typos, improved instructions (546a109)
-
Fosite note (f09cf2d)
-
Go highlight code examples (3d59681)
-
Godep cleanup (a43a6fc)
-
Godep save (2b0df43)
-
Godep save (42335ee)
-
Godep save (1b84d53)
-
Godep save (560a6a0)
-
Godep update (e4e9b03)
-
Godep update (aac79e9)
-
Godir (988824d)
-
Gofmt (ae5b637)
-
Gofmt (46bcfda)
-
Gofmt (1a6aba1)
-
Goimports (9b51600)
-
Handler updates and tests (911fc88)
-
HTTP/2 + TLS support, refactored jwt and tls commands (e5b5a47)
-
HttpErrorHandler is now WriteError (a3f809f)
-
Implemented hash and account (4c345d3)
-
Implemented jwt, middleware, test coverage and handlers. (10ba9ef)
-
Implemented provider "sso" flow (6f365ff)
-
Improved cli options, improved provider workflow (f1021e8)
-
Improved provider workflow and resolved dropbox issues (d8f2c03)
-
Improved signature (0358b6b)
-
Improved tests (5359952)
-
Increased coverage (e20043b)
-
Increased test coverage (5b4f6ac)
-
Log refactoring (90a0a8c)
-
Make access token lifetime configurable (2f69644)
-
Migrated ladon policy struct changes (1d97e00)
-
Mocks and tests (848d6db)
-
Moved package pkg to ory-am/common (71d870b)
-
New concept, moved backend to postgres, added tests, cleaned up legacy code (a48297d)
-
New go vendor format (fa710a8)
-
Now ContextAdapter is chainable, decreasing middleare code complexity a lot. (e6e3799):
Chainable model is inspired by https://github.com/justinas/alice
-
Now tries to refresh when token is invalid (29c16dc)
-
Oauth and guard endpoints now accept basic auth instead of token auth. (7d6b191)
-
Policy import (3afd199)
-
Print out newlines at string end (0a0ff98)
-
Refactor, more endpoints and tests (ff69586)
-
Refactored the DATABASE_URL to accept given database technology instead of using an extra environment variable DATABASE (as per discussions in #53). (c9ef33d)
-
Refactored usage and added tests (9fd1676)
-
Refactoring, added introspection (adec4ae)
-
Remove godeps and keep removed until release (6a2176a)
-
Remove http2 dependency (1c8c770)
-
Remove wait time on boot and use restart unless-stopped option instead (#105) (eb72850)
-
Removed skipping of CA checks and instead added option to use HTTP without TLS (6f3411a)
-
Resolve date and scope issues (24d34b3), closes #126 #125 #124
-
Resolve issues with the sdk and cli, set scopes in token user cmd (#142) (b8673b7), closes #141 #137 #138
-
Resolve race condition (0a17528)
-
Resolve rethinkdb and warden endpoint issues (ac7710d), closes #122 #121:
- rethinkdb: resolve an issue where missing refresh tokens cause duplicate key error
-
Resolved remaining issues with jwt and middlewares (bfcd40f)
-
Resolved that secrets can not be set when using http or cli (#102) (8dc1e1f)
-
Return client secret on POST and remove it from GET (#117) (8ab555d), closes #113
-
Revert (1e23f45)
-
Test cleaup (219318a)
-
Test for errors (d981f52)
-
Tests are now more verbose and fixed issues in tests (b7a9916)
-
Tests have to wait for database to be booted (a5ad3fb)
-
Tls should also allow certificates from env (89e8922)
-
Update cli usage (2863e25)
-
Update faq section (b11a44d)
-
Update jwt-go to versioned package and update dependencies (#111) (fc2ad6a)
-
Update performance section (1e48e18)
-
Update sections on environment variables (f441885)
-
Updates (ea2196f)
-
Username instead of email, token revocation, introspect spec alignments, more tests (3994ef0)
-
Username instead of email, token revocation, introspect spec alignments, more tests (1585866)

