This release significantly alters what the Ory CLI is capable of and how you interact with it.
One major change we introduced is full compatibility with ARM architectures, including Apple Silicon (M1). We additionally added cryptographically signed signatures verifiable using cosign for both binaries as well as docker images. To celebrate this change, we cleaned up the ways you install Ory software, and will roll this out to all other projects soon:
There is now one central brew / bash curl / scoop repository:
-brew install ory/ory/ory
+brew install ory/tap/cli
-bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh)
+bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) ory
-scoop bucket add ory https://github.com/ory/scoop.git
+scoop bucket add scoop-ory https://github.com/ory/scoop-ory.git
scoop install scoop-oryThe Ory Proxy also underwent some significant changes. First of all, we no longer generate automatic TLS certificates for local environments. This process was slow, barely used, and only worked for some browsers.
Second, we merged ory proxy local and ory proxy production into one, simple to use command. The proxy no longer requires an Ory Cloud Personal Access Token, and it is now compatible with self-deployed instances of Ory Kratos!
Please note that the special URLs /.ory/init/login, /.ory/init/registration, /.ory/init/recovery, /.ory/init/verification, /.ory/init/settings have been removed. If you wish to point a user to the Ory Cloud hosted login domain, redirect them to the login page (/.ory/ui/login).
This command starts a reverse proxy which must be deployed in front of your application.
This proxy works both in development and in production, for example when deploying a
React, NodeJS, Java, PHP, ... app to a server / the cloud or when developing it locally
on your machine.
Now, let's learn more about using the Ory Proxy.
Before you start, you need to have a running instance of Ory Kratos / Ory Hydra / ... either
locally or in Ory Cloud. Set the environment variable ORY_SDK_URL to the path where Ory
is available. For Ory Cloud, this is the "SDK URL" which can be found in the "API & Services"
section of your Ory Cloud Console.
export ORY_SDK_URL=https://playground.projects.oryapis.com
# export ORY_SDK_URL=http://my-local-kratos.localhost:1234/
Alternatively, you can set this using the --sdk-url flag:
ory proxy --sdk-url https://playground.projects.oryapis.com \
...
The first argument [upstream] points to the location of your application. If you are
running the proxy and your app on the same host, this could be localhost.
The second argument [public-url] is optional. It refers to the public URL of your
application (e.g. https://www.example.org).
If [public-url] is not set, it will default to the default
host and port this proxy listens on:
You must set the [public-url] if you are not using the Ory Proxy in locally or in
development:
ory proxy \
http://localhost:3000 \
https://example.org
Please note that you can not set a path in the [public-url]!
Per default, the proxy listens on port 4000. If you want to listen on another port, use the
port flag:
ory proxy --port 8080 \
http://localhost:3000 \
https://example.org
If your public URL is available on a non-standard HTTP/HTTPS port, you can set that port in the [public-url]:
ory proxy \
http://localhost:3000 \
https://example.org:1234
If this proxy runs on a subdomain, and you want Ory's cookies (e.g. the session cookie) to
be available on all of your domain, you can use the following CLI flag to customize the cookie
domain:
ory proxy \
--cookie-domain example.org \
http://127.0.0.1:3000 \
https://ory.example.org
Breaking Changes
Use and installation of the Ory CLI have changed. Please check the patch description for more information!
Bug Fixes
- New download locations for binwrap (d90dce1)
Code Generation
- Pin v0.1.0 release commit (d452feb)
Code Refactoring
-
Significantly improve ory proxy experience (2ad0459), closes #113 #88 #80 #105:
This patch significantly alters what the Ory CLI is capable of and how you interact with it.
One major change we introduced is full compatibility with ARM architectures, including Apple Silicon (M1). We additionally added cryptographically signed signatures verifiable using cosign for both binaries as well as docker images. To celebrate this change, we cleaned up the ways you install Ory software, and will roll this out to all other projects soon:
There is now one central brew / bash curl / scoop repository:
-brew install ory/ory/ory +brew install ory/tap/cli -bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) +bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) ory -scoop bucket add ory https://github.com/ory/scoop.git +scoop bucket add scoop-ory https://github.com/ory/scoop-ory.git scoop install scoop-ory
The Ory Proxy also underwent some significant changes. First of all, we no longer generate automatic TLS certificates for local environments. This process was slow, barely used, and only worked for some browsers.
Second, we merged
ory proxy localandory proxy productioninto one, simple to use command. The proxy no longer requires an Ory Cloud Personal Access Token, and it is now compatible with self-deployed instances of Ory Kratos!Please note that the special URLs
/.ory/init/login,/.ory/init/registration,/.ory/init/recovery,/.ory/init/verification,/.ory/init/settingshave been removed. If you wish to point a user to the Ory Cloud hosted login domain, redirect them to the login page (/.ory/ui/login).This command starts a reverse proxy which must be deployed in front of your application.
This proxy works both in development and in production, for example when deploying a
React, NodeJS, Java, PHP, ... app to a server / the cloud or when developing it locally
on your machine.Now, let's learn more about using the Ory Proxy.
Before you start, you need to have a running instance of Ory Kratos / Ory Hydra / ... either
locally or in Ory Cloud. Set the environment variable ORY_SDK_URL to the path where Ory
is available. For Ory Cloud, this is the "SDK URL" which can be found in the "API & Services"
section of your Ory Cloud Console.export ORY_SDK_URL=https://playground.projects.oryapis.com # export ORY_SDK_URL=http://my-local-kratos.localhost:1234/
Alternatively, you can set this using the --sdk-url flag:
ory proxy --sdk-url https://playground.projects.oryapis.com
...The first argument
[upstream]points to the location of your application. If you are
running the proxy and your app on the same host, this could be localhost.The second argument
[public-url]is optional. It refers to the public URL of your
application (e.g. https://www.example.org).If
[public-url]is not set, it will default to the default
host and port this proxy listens on:You must set the [public-url] if you are not using the Ory Proxy in locally or in
development:ory proxy
http://localhost:3000
https://example.orgPlease note that you can not set a path in the
[public-url]!Per default, the proxy listens on port 4000. If you want to listen on another port, use the
port flag:ory proxy --port 8080
http://localhost:3000
https://example.orgIf your public URL is available on a non-standard HTTP/HTTPS port, you can set that port in the
[public-url]:ory proxy
http://localhost:3000
https://example.org:1234If this proxy runs on a subdomain, and you want Ory's cookies (e.g. the session cookie) to
be available on all of your domain, you can use the following CLI flag to customize the cookie
domain:ory proxy
--cookie-domain example.org
http://127.0.0.1:3000
https://ory.example.org
Changelog
d452feb autogen: pin v0.1.0 release commit
d90dce1 fix: new download locations for binwrap
2ad0459 refactor: significantly improve ory proxy experience
Docker images
docker pull oryd/ory:v0.1.0docker pull oryd/ory:v0docker pull oryd/ory:v0.1docker pull oryd/ory:v0.1.0
Artifacts can be verified with cosign using this public key.