ory/hydra v2.2.0-rc.3 on GitHub

Introduces logout compatibility with Ory Kratos.

Bug Fixes

Add exceptions for internal IP addresses (#3608) (1f1121c)
Add kid to verifiable credential header (#3606) (9f1c8d1)
Deflake ttl test (6741a49)
Docker build (#3609) (01ff9da)
Enable CORS with hot-reloaded origins (#3601) (6f592fc)
Only query access tokens by hashed signature (a21e945)
Racy random string generation (#3555) (1b26c4c)
Reject invalid JWKS in client configuration / dependency cleanup and bump (#3603) (1d73d83)
Restore ability to override auth and token urls for exemplary app (#3590) (dfb129a)
Return proper error when the grant request cannot be parsed (#3558) (26f2d34)
Use correct tracer in middleware (#3567) (807cbd2)

Code Generation

Pin v2.2.0-rc.3 release commit (ad8a4ba)

Features

Add hydra migrate status subcommand (#3579) (749eb8d)
Add more resolution to events and collect client metrics (#3568) (466e66b)
Add state override (b8b9154)
Add support for OIDC VC (#3575) (219a7c0):
This adds initial support for issuing verifiable credentials
as specified in https://openid.net/specs/openid-connect-userinfo-vc-1_0.html.
Because the spec is still in draft, public identifiers are
suffixed with draft_00.
Allow additional SQL migrations (#3587) (8900cbb)
Allow Go migrations (#3602) (8eed306)
Allow to disable claim mirroring (#3563) (c72a316):
This PR introduces another config option called oauth2:mirror_top_level_claims which may be used to disable the mirroring of custom claims into the ext claim of the jwt.
This new config option is an opt-in. If unused the behavior remains as-is to ensure backwards compatibility.
Example:
```
oauth2:
  allowed_top_level_claims:
    - test_claim
  mirror_top_level_claims: false # -> this will prevent test_claim to be mirrored within ext
```
Closes #3348
Bump fosite and add some more tracing (0b56f53)
cmd: Add route that redirects to the auth code url (4db6416)
Parallel generation of JSON web key set (#3561) (5bd9002)
Propagate logout to identity provider (#3596) (c004fee):
- feat: propagate logout to identity provider
This commit improves the integration between Hydra and Kratos when logging
out the user.
This adds a new configuration key for configuring a Kratos admin URL.
Additionally, Kratos can send a session ID when accepting a login request.
If a session ID was specified and a Kratos admin URL was configured,
Hydra will disable the corresponding Kratos session through the admin API
if a frontchannel or backchannel logout was triggered.
- fix: add special case for MySQL
- chore: update sdk
- chore: consistent naming
- fix: cleanup persister
Support different jwt scope claim strategies (#3531) (45da11e)

Changelog

2c452ef autogen(docs): regenerate and update changelog
551c359 autogen(docs): regenerate and update changelog
93ebaee autogen(docs): regenerate and update changelog
7cfba84 autogen(docs): regenerate and update changelog
cb64770 autogen(docs): regenerate and update changelog
938d4bb autogen(docs): regenerate and update changelog
0072ddf autogen(docs): regenerate and update changelog
c30de7f autogen(docs): regenerate and update changelog
6c298b2 autogen(docs): regenerate and update changelog
a547a74 autogen(docs): regenerate and update changelog
5704640 autogen(docs): regenerate and update changelog
e586cc2 autogen(docs): regenerate and update changelog
2bdad2c autogen(docs): regenerate and update changelog
dc878b8 autogen(docs): regenerate and update changelog
425c977 autogen(docs): regenerate and update changelog
339bf40 autogen(docs): regenerate and update changelog
ea40d44 autogen(docs): regenerate and update changelog
71d1853 autogen(docs): regenerate and update changelog
be85c29 autogen(docs): regenerate and update changelog
598c21d autogen(docs): regenerate and update changelog
42a9615 autogen(docs): regenerate and update changelog
330530d autogen(openapi): regenerate swagger spec and internal client
254a21b autogen(openapi): regenerate swagger spec and internal client
ad8a4ba autogen: pin v2.2.0-rc.3 release commit
6631c21 autogen: render config schema
59ec76b chore(deps): bump semver from 5.7.0 to 5.7.2 (#3569)
9fd59e2 chore(deps): bump semver from 5.7.0 to 5.7.2 in /test/e2e/oauth2-client (#3570)
3c5c126 chore(deps): bump tough-cookie, @cypress/request and wait-on (#3592)
48d5df4 chore: add hperl as codeowner (#3607)
efd9ca7 chore: bump deps (#3560)
d5099cb chore: remove fosite branch override (#3599)
3914585 chore: replace fosite rewrite (#3564)
8ed2a2d chore: support in README (#3565)
1a1f504 chore: update repository templates to ory/meta@ac80097
eb89af7 chore: update repository templates to ory/meta@af28aff
4db6416 feat(cmd): add route that redirects to the auth code url
749eb8d feat: add hydra migrate status subcommand (#3579)
466e66b feat: add more resolution to events and collect client metrics (#3568)
b8b9154 feat: add state override
219a7c0 feat: add support for OIDC VC (#3575)
8eed306 feat: allow Go migrations (#3602)
8900cbb feat: allow additional SQL migrations (#3587)
c72a316 feat: allow to disable claim mirroring (#3563)
0b56f53 feat: bump fosite and add some more tracing
5bd9002 feat: parallel generation of JSON web key set (#3561)
c004fee feat: propagate logout to identity provider (#3596)
45da11e feat: support different jwt scope claim strategies (#3531)
1f1121c fix: add exceptions for internal IP addresses (#3608)
9f1c8d1 fix: add kid to verifiable credential header (#3606)
6741a49 fix: deflake ttl test
01ff9da fix: docker build (#3609)
6f592fc fix: enable CORS with hot-reloaded origins (#3601)
a21e945 fix: only query access tokens by hashed signature
1b26c4c fix: racy random string generation (#3555)
1d73d83 fix: reject invalid JWKS in client configuration / dependency cleanup and bump (#3603)
dfb129a fix: restore ability to override auth and token urls for exemplary app (#3590)
26f2d34 fix: return proper error when the grant request cannot be parsed (#3558)
807cbd2 fix: use correct tracer in middleware (#3567)

Artifacts can be verified with cosign using this public key.