Skip to content

Releases: ory/hydra

0.1-beta.2

14 Jun 11:05
@aeneasr aeneasr
0.1-beta.2
8dc1e1f
Compare
Choose a tag to compare
0.1-beta.2 Pre-release
Pre-release

This release improves production readiness by introducing better ways of dealing with secrets, certificates and debugging.

Feature spotlight

  • System secrets must now be at least 16 byte long (32 byte before).
  • Clients can be imported using the cli command hydra clients import.
  • The client secret can now be set using the CLI or the HTTP API. It must be at least 6 characters long.
  • TLS over HTTP can now be configured to use a file or an environment variable instead of the internal key store. See hydra help host for more information

Backwards Compatibility

This release contains a breaking change. The system secret is now generated using sha256(secret) instead of secret. This reduces key length requirements which are 32byte for AES-GCM.

Additionally, you must now provide the offline scope in order to receive OAuth2 refresh tokens

List of changes

  • cli: key is now sha256(secret) - closes #86
  • client: creating clients with predefined credentials - closes #91
  • client: always autogenerate secrets when using clients create
  • cli: CLI should have -dry option to show what the HTTP request looks like - closes #99
  • cli: fix issue where tls certificate is regenerated on boot - closes #93
  • cli: allow passing of tls certificates via env vars or files - closes #88
  • oauth2: add offline scope for refresh tokens - closes #97
  • jwk: support for x5c certificate chains - closes #92
  • all: minor changes - closes #89
  • client: resolved that secrets can not be set when using http or cli #102
Assets 8
Loading

0.1-beta1

29 May 09:54
@aeneasr aeneasr
0.1-beta1
00fd93c
Compare
Choose a tag to compare
0.1-beta1 Pre-release
Pre-release

When the first public prototype of Hydra gained unforseen attention, we knew that is access control is a rough topic for many developers. In our own experience, existing solutions are either expensive or hard to install and manage. We started to collect user feedback, analized conceptual issues and came up with a plan to re-write hydra with clear goals:

  • It must be easy to scale
  • It must be highly available
  • It must integrate with any identity provider
  • It must be secure
  • It must be easy to set up and use
  • It must be open source
  • It must be real time
  • It must be documented

As of today, 0.1-beta1 has landed. Try it, break it!

This release is a complete recode of the original code base. Instead of using postgres, Hydra now uses rethinkdb to keep data available in memory. Hydra now uses Fosite and a new Constent Flow. Please read the README for more information.

Assets 8
Loading