ory/hydra v1.10.1

on GitHub

We are excited to announce Ory Hydra v1.10.0!

This release adds significant data management improvements. As such, we introduce the new "hydra janitor" command which cleans up stale data and can be run, for example, as a (Kubernetes) CronJob.

The new janitor command is able to clean up invalid and expired access and refresh tokens as well as login and consent requests. This solves issues observed in installations with lots of traffic.

This patch refactors the internal file embed system by migrating to Go 1.16, simplifying and speeding up the build process.

To follow OAuth2 best-practice, refresh tokens will now invalidate the whole access and refresh token chain if reused.

1.10.1 (2021-03-25)

Bug Fixes

• Add docs/node_modules make target (b302501)

• Add network specific error message to avoid confusion (#2367) (56d71e6), closes #2338

• Adds sqa section to config.schema.json (#2360) (89df8d7), closes #2358:

  Move from viper to koanf caused env vars without corresponding
  paths in config.schema.json to be ignored. This commit adds
  missing sqa section, so the SQA_OPT_OUT env var has effect again.

• Adopt new cli renderer pipeline (02483ce)

• Better http resiliency and sqlite updates (883a84f)

• Improve cache and update CI images to go 1.16 (#2388) (7803202)

• Increase conformance test timeout (e9bd064)

• Record cypress videos (c9d0a26)

• Resolve clidoc issues (8257cb2)

• Resolve docs build issues (6612099)

• Resolve e2e test issues (4812f54)

• Resolve migrator duplicate files (b1f63ff)

• Resolve migrator regression issues (cdfc03d)

• Revert mode default and maximum values (#2349) (b20fc48):

  I made a mistake in previous pull request, these socket mode values are in decimal, not octal format. Sorry.

• Update janitor help (b7965c6)

• Use appropriate migrations with precedence (b61d05c)

• Use gelf windows hotfix (0cac0f1)

• Use go 1.16 in conformity suite (3fbda05)

Documentation

• Faq custom data (#2334) (471e85d)

• Fix basic examples for the golang SDK (#2399) (6806865)

• Fix subject identifier algorithms to match configuration (#2400) (dd19b86):

  On https://www.ory.sh/hydra/docs/reference/configuration/ under 'subject identifiers' the name for defining which subject identifier algorithms are supported it is called "supported_types", not "enabled" as in these pages.

• Improve readme tests section (#2380) (277afe9)

• Quickstart config (#2328) (f20f645)

• Update config.schema.json default values (#2348) (8494822):

  Updated wrong config schema values

• Update examples to new helm install command format (#2369) (f006556):

  Tried example with helm 3.5.2 and it does not support --name flag. So I moved name and repository to first line of commands.

Features

• Add --no-shutdown flag to "hydra token user" to prevent auto-termination (#2382) (#2386) (a17d10e)

• Add front/backchannel logout params to client cli (#2387) (055f801), closes #1487

• Flush inactive/expired login and consent requests (#2381) (f039ebb), closes #1574:

  This patch resolves various table growth issues caused by expired/inactive login and consent flows never being purged from the database.

  You may now use the new hydra janitor command to remove access & refresh tokens and login & consent requests which are no longer valid or used. The command follows the notAfter safe-guard approach to ensure records needed to be kept are not deleted.

  To learn more, please use hydra help janitor.

  This patch phases out the /oauth2/flush endpoint as the janitor is better suited for background tasks, is easier to run in a targeted fashion (e.g. as a singleton job), and does not cause HTTP timeouts.

• Flush refresh tokens for service oauth2/flush (#2373) (b46a14c), closes /github.com/ory/hydra/issues/1574#issuecomment-736684327

• Move to go 1.16 and static embed files (6fa591c)

• Refresh token reuse detection (#2383) (bc349f1), closes #2022:

  This patch adds support for Refresh Token reuse Detection introduced by ory/fosite#567. Ory Hydra's persister no longer deletes refresh tokens when using them, but instead deactivates them - similar to how authorization codes work.

Tests

• Bump cypress to newer version and add resilience (c76309c)
• Bump ory/x and resolve regressions (1a03c07)
• Fix record arg (b248406)
• Improve e2e script and add record option (9d4764d)
• Resolve flaky cypress tests (356b05f)
• Resolve migration regression (e59e2bc)
• Use cypress fetchers (2aa0980)
• Use go 1.16 in conformity (ccd983d)

Unclassified

• Do not send 404 on revoke consent / delete login (#2397) (854b9ee)
• Resolve oidc conformity regression (1049602)

Changelog

ce7ee75 autogen(docs): generate and format documentation
74bfe9c autogen(docs): generate and format documentation
ec93526 autogen(docs): generate and format documentation
4cc8012 autogen(docs): generate and format documentation
21c6285 autogen(docs): generate and format documentation
67d9b38 autogen(docs): generate and format documentation
dc97559 autogen(docs): generate and format documentation
a11527f autogen(docs): generate and format documentation
e18e966 autogen(docs): generate and format documentation
9ad9c1d autogen(docs): generate and format documentation
d3697cd autogen(docs): generate cli docs
83f8ebd autogen(docs): generate cli docs
7731121 autogen(docs): generate cli docs
d6c8209 autogen(docs): generate cli docs
8f939da autogen(docs): generate cli docs
5005c9a autogen(docs): regenerate and update changelog
48b75ab autogen(docs): regenerate and update changelog
97e3f80 autogen(docs): regenerate and update changelog
69e7bef autogen(docs): regenerate and update changelog
003a682 autogen(docs): regenerate and update changelog
c1e9b38 autogen(docs): regenerate and update changelog
eb5c530 autogen(docs): regenerate and update changelog
5210a0f autogen(docs): regenerate and update changelog
4eafcfe autogen(docs): regenerate and update changelog
c84fcdf autogen(docs): update milestone document
d4d243f autogen(docs): update milestone document
1cce525 autogen(docs): update milestone document
ac95a33 autogen(openapi): Regenerate swagger spec and internal client
f6ef751 autogen(openapi): Regenerate swagger spec and internal client
cc7a8e4 autogen(openapi): Regenerate swagger spec and internal client
b660fa3 autogen(openapi): Regenerate swagger spec and internal client
72a2e2f autogen(openapi): Regenerate swagger spec and internal client
756f19f autogen(openapi): Regenerate swagger spec and internal client
f5b993a autogen(openapi): Regenerate swagger spec and internal client
577ad1b autogen(openapi): Regenerate swagger spec and internal client
582aca3 autogen(openapi): Regenerate swagger spec and internal client
27dc147 autogen: add v1.9.2 to version.schema.json
ed096e9 autogen: add v1.9.3-pre.5 to version.schema.json
bf8f805 autogen: pin v1.10.0 release commit
60b2434 autogen: pin v1.10.0 release commit
2287ac5 autogen: pin v1.10.1 release commit
c3833af autogen: pin v1.10.1-pre.1 release commit
01af32f autogen: pin v1.10.1-pre.2 release commit
440d171 autogen: pin v1.9.3-pre.0 release commit
38b6317 autogen: pin v1.9.3-pre.1 release commit
149db76 autogen: pin v1.9.3-pre.2 release commit
26615cb autogen: pin v1.9.3-pre.3 release commit
bf65299 autogen: pin v1.9.3-pre.4 release commit
be012b6 autogen: pin v1.9.3-pre.5 release commit
d2aecf8 chore(deps): bump pug-code-gen in /test/e2e/oauth2-client (#2376)
d0ef3e3 chore: fix go mod
ab06db3 chore: fix link (#2359)
4b595e8 chore: update docusaurus template
1565336 chore: update docusaurus template (#2424)
785e743 chore: update package lock
f4ed887 chore: update repository templates
9662765 chore: update repository templates
cb64d68 chore: update repository templates
1d31410 chore: update repository templates (#2362)
a329556 chore: update repository templates (#2378)
e3d6032 ci: add trailing slash to prettier check (#2389)
e819e7b ci: adopt new swagger ignorepkgs
0afd9fc ci: bump orbs
7f806e5 ci: fix yaml syntax error
0326699 ci: link to cypress project
d8ad323 ci: reorder e2e execution
94593db ci: run e2e tests in one container (#2391)
d17f505 ci: use nancy command instead of job (#2390)
854b9ee consent: do not send 404 on revoke consent / delete login (#2397)
471e85d docs: faq custom data (#2334)
6806865 docs: fix basic examples for the golang SDK (#2399)
dd19b86 docs: fix subject identifier algorithms to match configuration (#2400)
277afe9 docs: improve readme tests section (#2380)
f20f645 docs: quickstart config (#2328)
8494822 docs: update config.schema.json default values (#2348)
f006556 docs: update examples to new helm install command format (#2369)
a17d10e feat: add --no-shutdown flag to "hydra token user" to prevent auto-termination (#2382) (#2386)
055f801 feat: add front/backchannel logout params to client cli (#2387)
f039ebb feat: flush inactive/expired login and consent requests (#2381)
b46a14c feat: flush refresh tokens for service oauth2/flush (#2373)
6fa591c feat: move to go 1.16 and static embed files
bc349f1 feat: refresh token reuse detection (#2383)
b302501 fix: add docs/node_modules make target
56d71e6 fix: add network specific error message to avoid confusion (#2367)
89df8d7 fix: adds sqa section to config.schema.json (#2360)
02483ce fix: adopt new cli renderer pipeline
883a84f fix: better http resiliency and sqlite updates
7803202 fix: improve cache and update CI images to go 1.16 (#2388)
e9bd064 fix: increase conformance test timeout
c9d0a26 fix: record cypress videos
8257cb2 fix: resolve clidoc issues
6612099 fix: resolve docs build issues
4812f54 fix: resolve e2e test issues
b1f63ff fix: resolve migrator duplicate files
cdfc03d fix: resolve migrator regression issues
b20fc48 fix: revert mode default and maximum values (#2349)
b7965c6 fix: update janitor help
b61d05c fix: use appropriate migrations with precedence
0cac0f1 fix: use gelf windows hotfix
3fbda05 fix: use go 1.16 in conformity suite
c76309c test: bump cypress to newer version and add resilience
1a03c07 test: bump ory/x and resolve regressions
b248406 test: fix record arg
9d4764d test: improve e2e script and add record option
356b05f test: resolve flaky cypress tests
e59e2bc test: resolve migration regression
2aa0980 test: use cypress fetchers
ccd983d test: use go 1.16 in conformity
1049602 tests: resolve oidc conformity regression

Docker images

• docker pull oryd/hydra:v1-sqlite
• docker pull oryd/hydra:v1.10-sqlite
• docker pull oryd/hydra:v1.10.1-sqlite
• docker pull oryd/hydra:v1.10.1-sqlite
• docker pull oryd/hydra:latest-sqlite
• docker pull oryd/hydra:v1
• docker pull oryd/hydra:v1.10
• docker pull oryd/hydra:v1.10.1
• docker pull oryd/hydra:v1.10.1
• docker pull oryd/hydra:latest
• docker pull oryd/hydra:v1-alpine
• docker pull oryd/hydra:v1.10-alpine
• docker pull oryd/hydra:v1.10.1-alpine
• docker pull oryd/hydra:v1.10.1-alpine
• docker pull oryd/hydra:latest-alpine