From 89851896d563518909bc2b47a7ff91683eec4958 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Tue, 1 Sep 2020 15:03:37 +0200 Subject: [PATCH] refactor: rename strategies to methods This patch renames `strategies` such as "Username/Email & Password" to methods. BREAKING CHANGE: Configuration key `selfservice.strategies` was renamed to `selfservice.methods`. --- .schema/config.schema.json | 28 +++++++++---------- .../browser-redirect-flow-completion.mdx | 4 +-- .../openid-connect-oidc-oauth2.mdx | 8 +++--- .../credentials/username-email-password.mdx | 4 +-- .../account-recovery-password-reset.mdx | 6 ++-- ...n-with-github-google-facebook-linkedin.mdx | 4 +-- docs/docs/quickstart.mdx | 2 +- docs/docs/reference/jsonnet.mdx | 2 +- docs/docs/self-service.mdx | 8 +++--- .../self-service/flows/account-recovery.mdx | 10 +++---- .../password-reset-recovery-link.mdx | 8 +++--- .../flows/user-login-user-registration.mdx | 8 +++--- .../openid-connect-social-sign-in-oauth2.mdx | 14 +++++----- .../username-email-password.mdx | 10 +++---- .../docs/self-service/flows/user-settings.mdx | 16 +++++------ .../flows/user-settings/change-password.mdx | 6 ++-- .../link-unlink-openid-connect-oauth2.mdx | 8 +++--- .../user-settings/user-profile-management.mdx | 6 ++-- .../flows/verify-email-account-activation.mdx | 2 +- docs/docs/self-service/hooks.mdx | 8 +++--- driver/configuration/provider_viper.go | 2 +- driver/configuration/provider_viper_test.go | 2 +- .../configuration/stub/.defaults-password.yml | 2 +- .../stub/.defaults-verification.yml | 2 +- .../strategy/oidc/strategy_settings.go | 7 ++++- 25 files changed, 91 insertions(+), 86 deletions(-) diff --git a/.schema/config.schema.json b/.schema/config.schema.json index 40005de6ef7..b3ac9223d2d 100644 --- a/.schema/config.schema.json +++ b/.schema/config.schema.json @@ -149,7 +149,7 @@ "mapper_url" ] }, - "selfServiceAfterSettingsStrategy": { + "selfServiceAfterSettingsMethod": { "type": "object", "additionalProperties": false, "properties": { @@ -170,7 +170,7 @@ } } }, - "selfServiceAfterLoginStrategy": { + "selfServiceAfterLoginMethod": { "type": "object", "additionalProperties": false, "properties": { @@ -191,7 +191,7 @@ } } }, - "selfServiceAfterRegistrationStrategy": { + "selfServiceAfterRegistrationMethod": { "type": "object", "additionalProperties": false, "properties": { @@ -220,10 +220,10 @@ "$ref": "#/definitions/defaultReturnTo" }, "password": { - "$ref": "#/definitions/selfServiceAfterSettingsStrategy" + "$ref": "#/definitions/selfServiceAfterSettingsMethod" }, "profile": { - "$ref": "#/definitions/selfServiceAfterSettingsStrategy" + "$ref": "#/definitions/selfServiceAfterSettingsMethod" } } }, @@ -235,10 +235,10 @@ "$ref": "#/definitions/defaultReturnTo" }, "password": { - "$ref": "#/definitions/selfServiceAfterLoginStrategy" + "$ref": "#/definitions/selfServiceAfterLoginMethod" }, "oidc": { - "$ref": "#/definitions/selfServiceAfterLoginStrategy" + "$ref": "#/definitions/selfServiceAfterLoginMethod" } } }, @@ -250,10 +250,10 @@ "$ref": "#/definitions/defaultReturnTo" }, "password": { - "$ref": "#/definitions/selfServiceAfterRegistrationStrategy" + "$ref": "#/definitions/selfServiceAfterRegistrationMethod" }, "oidc": { - "$ref": "#/definitions/selfServiceAfterRegistrationStrategy" + "$ref": "#/definitions/selfServiceAfterRegistrationMethod" } } } @@ -508,7 +508,7 @@ } } }, - "strategies": { + "methods": { "type": "object", "additionalProperties": false, "properties": { @@ -518,7 +518,7 @@ "properties": { "enabled": { "type": "boolean", - "title": "Enables Profile Management Strategy", + "title": "Enables Profile Management Method", "default": true } } @@ -529,7 +529,7 @@ "properties": { "enabled": { "type": "boolean", - "title": "Enables Token-based Account Recovery Strategy", + "title": "Enables Token-based Account Recovery Method", "default": true } } @@ -540,7 +540,7 @@ "properties": { "enabled": { "type": "boolean", - "title": "Enables Password Strategy", + "title": "Enables Username/Email and Password Method", "default": true } } @@ -551,7 +551,7 @@ "properties": { "enabled": { "type": "boolean", - "title": "Enables OpenID Connect Strategy", + "title": "Enables OpenID Connect Method", "default": false }, "config": { diff --git a/docs/docs/concepts/browser-redirect-flow-completion.mdx b/docs/docs/concepts/browser-redirect-flow-completion.mdx index fb7076b252b..1907c33bc23 100644 --- a/docs/docs/concepts/browser-redirect-flow-completion.mdx +++ b/docs/docs/concepts/browser-redirect-flow-completion.mdx @@ -34,8 +34,8 @@ selfservice: # ... ``` -You may also set redirect URLs per strategy (overrides -`selfservice..default_return_to`): +You may also set redirect URLs per method (overrides +`selfservice.flows..default_return_to`): ```yaml file="path/to/my/kratos.config.yml" selfservice: diff --git a/docs/docs/concepts/credentials/openid-connect-oidc-oauth2.mdx b/docs/docs/concepts/credentials/openid-connect-oidc-oauth2.mdx index 58e84525be9..3a083f15942 100644 --- a/docs/docs/concepts/credentials/openid-connect-oidc-oauth2.mdx +++ b/docs/docs/concepts/credentials/openid-connect-oidc-oauth2.mdx @@ -22,7 +22,7 @@ You can configure multiple OAuth2 / OpenID Connect providers. First, enable the ```yaml title="path/to/my/kratos/config.yml" # $ kratos -c path/to/my/kratos/config.yml serve selfservice: - strategies: + methods: oidc: enabled: true ``` @@ -42,7 +42,7 @@ The provider configuration looks as follows: ```yaml title="path/to/my/kratos/config.yml" # $ kratos -c path/to/my/kratos/config.yml serve selfservice: - strategies: + methods: oidc: providers: - # REQUIRED - The ID of the provider. @@ -119,7 +119,7 @@ referencing that in your ORY Kratos config file: ```yaml title="path/to/my/kratos/config.yml" # $ kratos -c path/to/my/kratos/config.yml serve selfservice: - strategies: + methods: oidc: providers: - id: github @@ -289,4 +289,4 @@ until the identity's traits are valid against the defined JSON Schema. For more information on this flow (network flow, examples, UI, ...) head over to the -[OpenID Connect and OAuth2 Self-Service Strategy Documentation](../../self-service/flows/user-login-user-registration/openid-connect-social-sign-in-oauth2.mdx). +[OpenID Connect and OAuth2 Self-Service Method Documentation](../../self-service/flows/user-login-user-registration/openid-connect-social-sign-in-oauth2.mdx). diff --git a/docs/docs/concepts/credentials/username-email-password.mdx b/docs/docs/concepts/credentials/username-email-password.mdx index 28e14b82191..97e724869e6 100644 --- a/docs/docs/concepts/credentials/username-email-password.mdx +++ b/docs/docs/concepts/credentials/username-email-password.mdx @@ -19,7 +19,7 @@ Enabling this method is as easy as setting ```yaml title="path/to/my/kratos/config.yml" # $ kratos -c path/to/my/kratos/config.yml serve selfservice: - strategies: + methods: password: enabled: true ``` @@ -38,7 +38,7 @@ hashers: key_length: 32 ``` -When a user signs up using this strategy, the Default Identity JSON Schema (set +When a user signs up using this method, the Default Identity JSON Schema (set using `identity.default_schema_url`) is used: ```yaml title="path/to/my/kratos/config.yml" diff --git a/docs/docs/guides/account-recovery-password-reset.mdx b/docs/docs/guides/account-recovery-password-reset.mdx index 5a70f84ef29..b9f91def991 100644 --- a/docs/docs/guides/account-recovery-password-reset.mdx +++ b/docs/docs/guides/account-recovery-password-reset.mdx @@ -58,13 +58,13 @@ in your ORY Kratos Config File (`kratos serve -c /home/kratos/.kratos.yml`): # ... ``` -You also need to enable account recovery and have the `link` strategy enabled: +You also need to enable account recovery and have the `link` method enabled: ```diff selfservice: - strategies: + methods: link: - # Defaults to true, so left out. If you explicitly want to disable this strategy, + # Defaults to true, so left out. If you explicitly want to disable this method, # set the value to `false`. # # enabled: true diff --git a/docs/docs/guides/sign-in-with-github-google-facebook-linkedin.mdx b/docs/docs/guides/sign-in-with-github-google-facebook-linkedin.mdx index 955f3cf2018..7f7f1c03de8 100644 --- a/docs/docs/guides/sign-in-with-github-google-facebook-linkedin.mdx +++ b/docs/docs/guides/sign-in-with-github-google-facebook-linkedin.mdx @@ -109,7 +109,7 @@ Now, enable the GitHub provider in the ORY Kratos config located at ```yaml title="contrib/quickstart/kratos/email-password/.kratos.yml" # $ kratos -c path/to/my/kratos/config.yml serve selfservice: - strategies: + methods: oidc: enabled: true config: @@ -179,7 +179,7 @@ Enable the Microsoft provider in the ORY Kratos config located at ```yaml title="contrib/quickstart/kratos/email-password/.kratos.yml" selfservice: - strategies: + methods: oidc: enabled: true config: diff --git a/docs/docs/quickstart.mdx b/docs/docs/quickstart.mdx index a17ead860a2..67b206475af 100644 --- a/docs/docs/quickstart.mdx +++ b/docs/docs/quickstart.mdx @@ -648,7 +648,7 @@ UI or the Mailslurper. If you want to change the redirects happening after registration,login or a settings change, take a look at this document: -[Hooks](self-service/hooks/index). +[Hooks](self-service/hooks). If you delete the `session` hook from `kratos.yml`, the user will _not_ be immediately signed in after registration. diff --git a/docs/docs/reference/jsonnet.mdx b/docs/docs/reference/jsonnet.mdx index f70a27d4b9d..f1b67f384b3 100644 --- a/docs/docs/reference/jsonnet.mdx +++ b/docs/docs/reference/jsonnet.mdx @@ -4,7 +4,7 @@ title: Data Mapping with Jsonnet --- Some modules like the -[OpenID Connect and OAuth2 Strategy](../concepts/credentials/openid-connect-oidc-oauth2.mdx) +[OpenID Connect and OAuth2 Method](../concepts/credentials/openid-connect-oidc-oauth2.mdx) support [Jsonnet](https://jsonnet.org), allowing you to easily write code that modifies your identity's data and load it into ORY Kratos. diff --git a/docs/docs/self-service.mdx b/docs/docs/self-service.mdx index ca302c9b921..17801caa34c 100644 --- a/docs/docs/self-service.mdx +++ b/docs/docs/self-service.mdx @@ -49,17 +49,17 @@ Research, Troy Hunt, ...) and implements the following flows: Some flows break down into "flow methods" which implement some of the flow's business logic: -- The `password` strategy implements the +- The `password` method implements the [login and registration with "email or/and username and password" method](self-service/flows/user-login-user-registration/username-email-password), and ["change your password" user settings method](self-service/flows/user-settings/change-password). -- The `oidc` (OpenID Connect, OAuth2, Social Sign In) strategy implements +- The `oidc` (OpenID Connect, OAuth2, Social Sign In) method implements ["Sign in with ..." login and registration method](self-service/flows/user-login-user-registration/openid-connect-social-sign-in-oauth2) and ["un/link another social account" user settings method](self-service/flows/user-settings/link-unlink-openid-connect-oauth2). -- The `profile` strategy implements the +- The `profile` method implements the ["update your profile", "change your first/last name, ..." user settings method)](self-service/flows/user-settings/user-profile-management). -- The `link` strategy implements the +- The `link` method implements the ["click this link to reset your password" account recovery method](self-service/flows/user-settings/user-profile-management). Some flows additionally implement the ability [to run hooks](self-service/hooks) diff --git a/docs/docs/self-service/flows/account-recovery.mdx b/docs/docs/self-service/flows/account-recovery.mdx index db3edc679ad..06249aa4b22 100644 --- a/docs/docs/self-service/flows/account-recovery.mdx +++ b/docs/docs/self-service/flows/account-recovery.mdx @@ -22,7 +22,7 @@ To recover an account, two principal flows are supported: (Swift), Android (Java), Microsoft (.NET), React Native, Electron, and others. The flow described here is implemented by the -[link](account-recovery/password-reset-recovery-link) strategy. +[link](account-recovery/password-reset-recovery-link) method. ## Self-Service Account Recovery for Browser Applications @@ -95,7 +95,7 @@ HTML. Instead, you need to implement the HTML code in your application (e.g. NodeJS + ExpressJS, Java, PHP, ReactJS, ...), which gives you extreme flexibility and customizability in your user interface flows and designs. -Each Recovery Strategy +Each Recovery Method ([Recovery Link](account-recovery/password-reset-recovery-link.mdx), ...) is different, but they all boil down to the same abstract sequence: @@ -228,7 +228,7 @@ methods you want to support: ``` For details on payloads and potential HTML snippets consult the individual -Self-Service Strategies for: +Self-Service Methods for: - [Recovery Link](account-recovery/password-reset-recovery-link.mdx) @@ -306,7 +306,7 @@ recovery request. Your Server-Side Application makes a `GET` request to `http://kratos:4434/self-service/browser/flows/requests/recovery?request=abcde`. ORY Kratos responds with a JSON Payload that contains data (form fields, error -messages, ...) for all enabled Account Recovery Strategies: +messages, ...) for all enabled Account Recovery Methods: ```json5 { @@ -323,7 +323,7 @@ messages, ...) for all enabled Account Recovery Strategies: } ``` -Once the strategy is completed successfully (e.g. an email has been entered into +Once the method is completed successfully (e.g. an email has been entered into the form and the user clicked submit), the user will be signed in and sent to the [User Settings](user-settings.mdx) page with a privileged session, meaning that he/she is able to change the password in the next e.g. 15 minutes. diff --git a/docs/docs/self-service/flows/account-recovery/password-reset-recovery-link.mdx b/docs/docs/self-service/flows/account-recovery/password-reset-recovery-link.mdx index c924e34d0d6..dcbf3c7ad4c 100644 --- a/docs/docs/self-service/flows/account-recovery/password-reset-recovery-link.mdx +++ b/docs/docs/self-service/flows/account-recovery/password-reset-recovery-link.mdx @@ -14,10 +14,10 @@ Please read the [Account Recover Documentation](../account-recovery.mdx) first. ::: -The `link` strategy performs account recovery (also known as password reset) by +The `link` method performs account recovery (also known as password reset) by sending an email containing a recovery link to the user. -There are two email types sent by this strategy: +There are two email types sent by this method:

@@ -59,7 +59,7 @@ selfservice: privileged_session_max_age: 15m ``` -This strategy does not implement any other flow. +This method does not implement any other flow. ## Browser Clients @@ -467,7 +467,7 @@ recovery request will be initiated and she/he will be asked to retry the flow: ## API Clients -API-based login and registration using this strategy will be addressed in a +API-based login and registration using this method will be addressed in a future release of ORY Kratos. ## Security diff --git a/docs/docs/self-service/flows/user-login-user-registration.mdx b/docs/docs/self-service/flows/user-login-user-registration.mdx index 08d585e62d8..510d9915e84 100644 --- a/docs/docs/self-service/flows/user-login-user-registration.mdx +++ b/docs/docs/self-service/flows/user-login-user-registration.mdx @@ -20,7 +20,7 @@ There are two login and registration flow types supported in ORY Kratos: The login and registration flows documented here are the foundation for the [password](user-login-user-registration/username-email-password.mdx) and [social](user-login-user-registration/openid-connect-social-sign-in-oauth2.mdx) -sign in and sign up strategies. +sign in and sign up methods. :::note @@ -263,10 +263,10 @@ A react example is currently in the making. -For details on payloads consult the individual Self-Service Strategies for: +For details on payloads consult the individual Self-Service Methods for: -- [Username and Password Strategy](user-login-user-registration/username-email-password.mdx) -- [Social Sign In Strategy](user-login-user-registration/openid-connect-social-sign-in-oauth2.mdx) +- [Username and Password Method](user-login-user-registration/username-email-password.mdx) +- [Social Sign In Method](user-login-user-registration/openid-connect-social-sign-in-oauth2.mdx) ## Self-Service User Login and User Registration for API Clients diff --git a/docs/docs/self-service/flows/user-login-user-registration/openid-connect-social-sign-in-oauth2.mdx b/docs/docs/self-service/flows/user-login-user-registration/openid-connect-social-sign-in-oauth2.mdx index 84fe4d29a58..af81cd4c71d 100644 --- a/docs/docs/self-service/flows/user-login-user-registration/openid-connect-social-sign-in-oauth2.mdx +++ b/docs/docs/self-service/flows/user-login-user-registration/openid-connect-social-sign-in-oauth2.mdx @@ -13,7 +13,7 @@ first. ::: -The Social Sign In Strategy enables you to use +The Social Sign In Method enables you to use - [GitHub](http://github.com/); - [Apple](https://developer.apple.com/sign-in-with-apple/); @@ -28,15 +28,15 @@ as the Identity Provider. It implements several flows, specifically and [identity Settings](../identity-settings.mdx). Because OAuth2 and OpenID Connect (OIDC) require the identity to interact with a -browser, this strategy does not work with API-only flows. You cannot log in or -sign up a identity using this strategy +browser, this method does not work with API-only flows. You cannot log in or +sign up a identity using this method - with REST API or AJAX requests only; - without a browser. This document summarizes exemplary request payloads for performing "Sign in with ..." flows using the identity login and registration flow with the `oidc` -strategy. +method. ORY Kratos automatically converts registration to login flows and vice versa. A user that's already signed up with his/her Google account will be logged in even @@ -65,7 +65,7 @@ Here we use a configuration with 3 providers: ```yaml title="path/to/my/kratos/config.yml" selfservice: - strategies: + methods: oidc: enabled: true config: @@ -84,7 +84,7 @@ selfservice: Redirecting the browser to the [Self-Service Login and Registration Endpoint](../user-login-user-registration.mdx#user-login-and-user-registration-process-sequence) -initiates the flow. If the `oidc` strategy is enabled and at least one provider +initiates the flow. If the `oidc` method is enabled and at least one provider is configued, the Registration Request Response Payload will include an `oidc` method. The method contains different providers, based on your OpenID Connect Provider configuration: @@ -287,7 +287,7 @@ the `Set-Cookie` HTTP header. Redirecting the browser to the [Self-Service Login and Registration Endpoint](../user-login-user-registration.mdx#user-login-and-user-registration-process-sequence) -initiates the flow. If the `oidc` strategy is enabled and at least one provider +initiates the flow. If the `oidc` method is enabled and at least one provider is configued, the Login Request Response Payload will include an `oidc` method. The method contains different providers, based on your OpenID Connect Provider configuration: diff --git a/docs/docs/self-service/flows/user-login-user-registration/username-email-password.mdx b/docs/docs/self-service/flows/user-login-user-registration/username-email-password.mdx index 2556a948b95..08b6213ae8f 100644 --- a/docs/docs/self-service/flows/user-login-user-registration/username-email-password.mdx +++ b/docs/docs/self-service/flows/user-login-user-registration/username-email-password.mdx @@ -17,7 +17,7 @@ import CodeFromRemote from '@theme/CodeFromRemote' This document summarizes exemplary request payloads for performing "login or sign up with email/username and password" flows using the user login and -registration flow with the `password` strategy. +registration flow with the `password` method. We will use the following JSON Schema in all examples on this page: @@ -35,7 +35,7 @@ Page Apps (ReactJS, AngularJS, ...). Redirecting the browser to the [Self-Service Login and Registration Endpoint](../user-login-user-registration.mdx#user-login-and-user-registration-process-sequence) -initiates the flow. If the `password` strategy is enabled, the Registration +initiates the flow. If the `password` method is enabled, the Registration Request Response Payload will include a `password` method. ORY Kratos uses the Identity JSON Schema defined in @@ -185,7 +185,7 @@ the `Set-Cookie` HTTP header. Redirecting the browser to the [Self-Service Login and Registration Endpoint](../user-login-user-registration.mdx#user-login-and-user-registration-process-sequence) -initiates the flow. If the `password` strategy is enabled, the Login Request +initiates the flow. If the `password` method is enabled, the Login Request Response Payload will include a `password` method. In contrast to the Registration sequence, this payload does not change when the Identity JSON Schema changes: @@ -756,7 +756,7 @@ there is a sufficient "Edit-Distance") between the identifier and the password. It also makes sure that the identifier and password have a small enough longest common substring. -Furthermore the `password` strategy comes with a build-in check against the +Furthermore the `password` method comes with a build-in check against the ["Have I been pwned"](https://haveibeenpwned.com) breach database. This way ORY Kratos makes sure your users cannot use passwords like "password", "123456" or any other commonly used one. To protect the value of the password the @@ -789,7 +789,7 @@ a service: - During registration: "A user with this email address exists already" - During password reset: "No user with this email address was found" -To mitigate this attack, the following strategies need to be deployed: +To mitigate this attack, the following methods need to be deployed: - The login form should return the same message regardless of whether the password is wrong or the email/username does not exist: "The provided diff --git a/docs/docs/self-service/flows/user-settings.mdx b/docs/docs/self-service/flows/user-settings.mdx index abb2d8e57a1..a70ca65e247 100644 --- a/docs/docs/self-service/flows/user-settings.mdx +++ b/docs/docs/self-service/flows/user-settings.mdx @@ -18,7 +18,7 @@ The flow described here is implemented by the [profile](user-settings/user-profile-management.mdx), [password](user-login-user-registration/username-email-password.mdx), and [oidc](user-login-user-registration/openid-connect-social-sign-in-oauth2.mdx) -strategy. +method. ## Self-Service User Settings for Browser Applications @@ -72,7 +72,7 @@ HTML. Instead, you need to implement the HTML code in your application (e.g. NodeJS + ExpressJS, Java, PHP, ReactJS, ...), which gives you extreme flexibility and customizability in your user interface flows and designs. -Each Settings Strategy ([Profile](user-settings/user-profile-management.mdx), +Each Settings Method ([Profile](user-settings/user-profile-management.mdx), [Username and Password](user-login-user-registration/username-email-password.mdx), [Social Sign In](user-login-user-registration/openid-connect-social-sign-in-oauth2.mdx), Passwordless, ...) works a bit different but they all boil down to the same @@ -210,11 +210,11 @@ methods you want to support: ``` For details on payloads and potential HTML snippets consult the individual -Self-Service Strategies for: +Self-Service Method for: -- [Username and Password Strategy](user-login-user-registration/username-email-password.mdx) -- [Social Sign In Strategy](user-login-user-registration/openid-connect-social-sign-in-oauth2.mdx) -- [Profile](user-settings/user-profile-management.mdx) +- [Username and Password Method](user-login-user-registration/username-email-password.mdx) +- [Social Sign In Method](user-login-user-registration/openid-connect-social-sign-in-oauth2.mdx) +- [User Profile Method](user-settings/user-profile-management.mdx) ### Server-Side Browser Applications @@ -287,7 +287,7 @@ stateDiagram 1. Your Server-Side Application makes a `GET` request to `http://kratos:4434/self-service/browser/flows/requests/settings?request=abcde`. ORY Kratos responds with a JSON Payload that contains data (form fields, - error messages, ...) for all enabled User Profile Strategies: + error messages, ...) for all enabled User Profile Method: ```json5 { id: 'abcde', @@ -302,7 +302,7 @@ stateDiagram 1. Your Server-Side applications renders the data however you see fit. The User interacts with it and completes the flow by e.g. updating the password or some other profile data. -1. The User's browser makes a request to one of ORY Kratos' Strategy URLs (e.g. +1. The User's browser makes a request to one of ORY Kratos' Method URLs (e.g. `http://127.0.0.1:4455/.ory/kratos/public/self-service/browser/flows/settings/strategies/profile?request=abcde` or `/self-service/browser/flows/settings/strategies/password?request=abcde`). ORY Kratos validates the data: diff --git a/docs/docs/self-service/flows/user-settings/change-password.mdx b/docs/docs/self-service/flows/user-settings/change-password.mdx index 10eac8eb9d6..5ab8925ce23 100644 --- a/docs/docs/self-service/flows/user-settings/change-password.mdx +++ b/docs/docs/self-service/flows/user-settings/change-password.mdx @@ -12,7 +12,7 @@ and [User Settings Documentation](../user-settings.mdx) first. ::: This document summarizes exemplary request payloads for performing "change -password" flows using the user settings flow with the `password` strategy. +password" flows using the user settings flow with the `password` method. ORY Kratos will prompt the user to re-authenticate before the password is changed, similar to the @@ -33,7 +33,7 @@ selfservice: Redirecting the browser to the [Self-Service Settings Endpoint](../user-settings.mdx#user-settings-process-sequence) -initiates the flow. If the `password` strategy is enabled, the Settings Request +initiates the flow. If the `password` method is enabled, the Settings Request Response Payload will include a `password` method: ```json5 title="$ curl http:///self-service/browser/flows/requests/settings?request=71da1753-e135-441c-b4df-e7b7cd90ad88" @@ -129,7 +129,7 @@ A successful flow will be marked with: ## API Clients -API-based login and registration using this strategy will be addressed in a +API-based login and registration using this method will be addressed in a future release of ORY Kratos. ## Security and Defenses diff --git a/docs/docs/self-service/flows/user-settings/link-unlink-openid-connect-oauth2.mdx b/docs/docs/self-service/flows/user-settings/link-unlink-openid-connect-oauth2.mdx index 13524015dbb..728376ba5a9 100644 --- a/docs/docs/self-service/flows/user-settings/link-unlink-openid-connect-oauth2.mdx +++ b/docs/docs/self-service/flows/user-settings/link-unlink-openid-connect-oauth2.mdx @@ -13,15 +13,15 @@ and [User Settings Documentation](../user-settings.mdx) first. ::: Because OAuth2 and OpenID Connect (OIDC) require the user to interact with a -browser, this strategy does not work with API-only flows. You cannot log in or -sign up a user using this strategy +browser, this method does not work with API-only flows. You cannot log in or +sign up a user using this method - with REST API or AJAX requests only; - without a browser. This document summarizes exemplary request payloads for performing "link / unlink your account from Google, Github, ..." flows using the user settings flow -with the `oidc` strategy. +with the `oidc` method. ORY Kratos will prompt the user to re-authenticate before the password is changed, similar to the @@ -63,7 +63,7 @@ selfservice: Redirecting the browser to the [Self-Service Settings Endpoint](../user-settings.mdx#user-settings-process-sequence) -initiates the flow. If the `oidc` strategy is enabled, the Settings Request +initiates the flow. If the `oidc` method is enabled, the Settings Request Response Payload will include a `oidc` method. A provider can be unlinked if there is at least one other method (credential) of diff --git a/docs/docs/self-service/flows/user-settings/user-profile-management.mdx b/docs/docs/self-service/flows/user-settings/user-profile-management.mdx index cdb3ff179f7..f3b2671dd43 100644 --- a/docs/docs/self-service/flows/user-settings/user-profile-management.mdx +++ b/docs/docs/self-service/flows/user-settings/user-profile-management.mdx @@ -10,7 +10,7 @@ first. ::: -The `profile` strategy allows a user to change their identity traits +The `profile` method allows a user to change their identity traits ("profile"). The updated traits must be valid against the Identity JSON Schema defined for @@ -32,7 +32,7 @@ selfservice: privileged_session_max_age: 1m ``` -This strategy does not implement any other flow. +This method does not implement any other flow. ## Browser Clients @@ -137,7 +137,7 @@ A successful flow will be marked with: ## API Clients -API-based login and registration using this strategy will be addressed in a +API-based login and registration using this method will be addressed in a future release of ORY Kratos. ## Security diff --git a/docs/docs/self-service/flows/verify-email-account-activation.mdx b/docs/docs/self-service/flows/verify-email-account-activation.mdx index 1ef0832ea75..fbe78933fcf 100644 --- a/docs/docs/self-service/flows/verify-email-account-activation.mdx +++ b/docs/docs/self-service/flows/verify-email-account-activation.mdx @@ -80,7 +80,7 @@ can do so by defining the following section in your Identity JSON Schema: } ``` -You can also combine this with the password strategy login identifier. +You can also combine this with the password method login identifier. ```json5 title="path/to/identity.schema.json" { diff --git a/docs/docs/self-service/hooks.mdx b/docs/docs/self-service/hooks.mdx index 07f3382a881..d83ad2d171f 100644 --- a/docs/docs/self-service/hooks.mdx +++ b/docs/docs/self-service/hooks.mdx @@ -36,7 +36,7 @@ selfservice: flows: login: after: - : + : - hook: revoke_active_sessions # can not be configured ``` @@ -44,7 +44,7 @@ selfservice: ## Registration Hooks running after successful user registration are defined per Self-Service -Registration Strategy in ORY Kratos' configuration file. +Registration Method in ORY Kratos' configuration file. ### After @@ -95,7 +95,7 @@ selfservice: flows: registration: after: - : + : - hook: session # can not be configured ``` @@ -141,7 +141,7 @@ the session hook is the last hook in your configuration! ## Settings Hooks running after successfully updating user settings and are defined per -Self-Service Settings Strategy in ORY Kratos' configuration file. +Self-Service Settings Method in ORY Kratos' configuration file. ### After diff --git a/driver/configuration/provider_viper.go b/driver/configuration/provider_viper.go index 2e01529da5b..c56c3c9ef97 100644 --- a/driver/configuration/provider_viper.go +++ b/driver/configuration/provider_viper.go @@ -61,7 +61,7 @@ const ( ViperKeySessionPath = "session.cookie.path" ViperKeySessionPersistentCookie = "session.cookie.persistent" - ViperKeySelfServiceStrategyConfig = "selfservice.strategies" + ViperKeySelfServiceStrategyConfig = "selfservice.methods" ViperKeySelfServiceBrowserDefaultReturnTo = "selfservice." + DefaultBrowserReturnURL ViperKeyURLsWhitelistedReturnToDomains = "selfservice.whitelisted_return_urls" diff --git a/driver/configuration/provider_viper_test.go b/driver/configuration/provider_viper_test.go index bf0643d5eaf..7cdd4ce7464 100644 --- a/driver/configuration/provider_viper_test.go +++ b/driver/configuration/provider_viper_test.go @@ -111,7 +111,7 @@ func TestViperProvider(t *testing.T) { }, p.SecretsSession()) }) - t.Run("group=strategies", func(t *testing.T) { + t.Run("group=methods", func(t *testing.T) { for _, tc := range []struct { id string config string diff --git a/driver/configuration/stub/.defaults-password.yml b/driver/configuration/stub/.defaults-password.yml index 86d554eda68..b8bb832931a 100644 --- a/driver/configuration/stub/.defaults-password.yml +++ b/driver/configuration/stub/.defaults-password.yml @@ -1,5 +1,5 @@ selfservice: - strategies: + methods: password: enabled: true flows: diff --git a/driver/configuration/stub/.defaults-verification.yml b/driver/configuration/stub/.defaults-verification.yml index eae84dd5759..a6529b742d5 100644 --- a/driver/configuration/stub/.defaults-verification.yml +++ b/driver/configuration/stub/.defaults-verification.yml @@ -1,5 +1,5 @@ selfservice: - strategies: + methods: password: enabled: true diff --git a/selfservice/strategy/oidc/strategy_settings.go b/selfservice/strategy/oidc/strategy_settings.go index 5d8e492929d..454abc4912c 100644 --- a/selfservice/strategy/oidc/strategy_settings.go +++ b/selfservice/strategy/oidc/strategy_settings.go @@ -434,10 +434,15 @@ func (s *Strategy) handleSettingsError(w http.ResponseWriter, r *http.Request, c } } + var i *identity.Identity if ctxUpdate.Flow != nil { ctxUpdate.Flow.Methods[s.SettingsStrategyID()].Config.ResetMessages() ctxUpdate.Flow.Methods[s.SettingsStrategyID()].Config.SetCSRF(s.d.GenerateCSRFToken(r)) } - s.d.SettingsFlowErrorHandler().WriteFlowError(w, r, s.SettingsStrategyID(), ctxUpdate.Flow, ctxUpdate.Session.Identity, err) + if ctxUpdate.Session != nil { + i = ctxUpdate.Session.Identity + } + + s.d.SettingsFlowErrorHandler().WriteFlowError(w, r, s.SettingsStrategyID(), ctxUpdate.Flow, i, err) }