github ory/kratos v0.10.0

latest releases: v1.3.1, v1.3.0, v1.3.0-pre.0...
2 years ago

We achieved a major milestone - Ory Kratos is out of alpha! Ory Kratos had no major changes in the APIs for the last months and feel confident that no large breaking changes will need to be introduced in the near future.

This release focuses on quality-of-live improvements, resolves several bugs, irons out developer experience issues, and introduces session renew capabilities!

Breaking Changes

Please be aware that the SDK method signatures for submitSelfServiceRecoveryFlow, submitSelfServiceRegistrationFlow, submitSelfServiceLoginFlow, submitSelfServiceSettingsFlow, submitSelfServiceVerificationFlow might have changed in your SDK.

This patch moves several CLI command to comply with the Ory CLI command structure:

- ory identities get ...
+ ory get identity ...

- ory identities delete ...
+ ory delete identity ...

- ory identities import ...
+ ory import identity ...

- ory identities list ...
+ ory list identities ...

- ory identities validate ...
+ ory validate identity ...

- ory jsonnet format ...
+ ory format jsonnet ...

- ory jsonnet lint ...
+ ory lint jsonnet ...

This patch moves several CLI command to comply with the Ory CLI command structure:

- ory identities get ...
+ ory get identity ...

- ory identities delete ...
+ ory delete identity ...

- ory identities import ...
+ ory import identity ...

- ory identities list ...
+ ory list identities ...

- ory identities validate ...
+ ory validate identity ...

- ory jsonnet format ...
+ ory format jsonnet ...

- ory jsonnet lint ...
+ ory lint jsonnet ...

Bug Fixes

  • Add flow id when return_to is passed to the verification (#2482) (c2b1c23)

  • Add indices for slow queries (e0cdbc9)

  • Add legacy session value (ecfd052), closes #2398

  • auth0: Created_at workaround (#2492) (52a965d), closes #2485

  • Avoid excessive memory allocations in HIBP cache (#2389) (ee2d410), closes #2354

  • Change SQLite database mode to 0600 (#2344) (0e5d3b7):

    The default mode is 0644, which is allows broader access than necessary.

  • Compile issues from merge conflict (#2419) (85a90c8)

  • Correct location (b249aaa)

  • courier: Add ability to specify backoff (#2349) (bf970f3)

  • Do not expose debug in a response when a schema is not found (#2348) (aee2b1e)

  • Do not fail release if no changes needed (114c93e)

  • Dockerfile: Use existing builder base image (#2390) (37de25a)

  • Embed schema (b797bba)

  • Get user first name and last name from Apple (#2331) (4779909)

  • Improve error reporting from OpenAPI (8a1009b)

  • Improve performance of identity schema call (af28de2)

  • Internal Server Error on Empty PUT /identities/id body (#2417) (5a50231)

  • Load return_to and append to errors (#2333) (5efe4a3), closes #2275 #2279 #2285

  • Make delete formattable (0005f35)

  • Mark body as required (#2479) (c9ae117)

  • New issue templates (b9ad684)

  • Openapi regression (#2465) (37a3369)

  • Quickstart docker-compose (#2490) (9717762), closes #2488

  • Refresh is always false when session exists (d3436d7), closes #2341

  • Remove required legacy field (#2410) (638d45c)

  • Remove wrong templates (4fe2d25)

  • Reorder transactions (78ca4c6)

  • Resolve index naming issues (d5550b5)

  • Resolve MySQL index issues (50bdba9)

  • Resolve otelx panics (6613a02)

  • sdk: Improved OpenAPI specifications for UI nodes (#2375) (a42a0f7), closes #2357

  • Serve.admin.request_log.disable_for_health behaviour (#2399) (0a381fa)

  • sql: Add additional join argument to resolve MySQL query issue (854e5cb), closes #2262

  • Unreliable HIBP caching strategy (#2468) (93bf1e2)

  • Use path instead of filepath to join http route paths (16b1244), closes #2292

  • Use JOIN instead of iterative queries (0998cfb), closes #2402

  • Use pointer of string for PasswordIdentifier in example code (#2421) (61f12e7)

  • Use predictable SQLite in memory DSNs (#2415) (51a13f7), closes #2059

Code Generation

  • Pin v0.10.0 release commit (87e0de7)

Code Refactoring

  • Deprecate fizz renderer (5277668)
  • Move CLI commands to match Ory CLI structure (d11a9a9)
  • Move CLI commands to match Ory CLI structure (73910a3)

Documentation

  • Add docs about change in default schema (#2447) (5093cd4)
  • Remove notice importing credentials not possible (#2418) (b80ed69)

Features

  • Add certificate based authentication for smtp client (#2351) (7200037)

  • Add ID to the recovery error when already logged in (#2483) (29e4a51)

  • Add localName to smtp config (#2445) (27336b6), closes #2425

  • Add render-schema script (a0c006e)

  • Add session renew capabilities (#2146) (4348b86), closes #615

  • Add support for netID provider (#2394) (ee7fc79)

  • Add tracing to persister (391c54e)

  • identity: Add admin and public metadata fields (562e340), closes #2388 #47:

    This patch adds two new keys to identities, metadata_public and metadata_admin that can be used to store additional metadata about identities in Ory.

  • Read subject id from https://graph.microsoft.com/v1.0/me for microsoft (#2347) (852f24f):

    Adds the ability to read the OIDC subject ID from the https://graph.microsoft.com/v1.0/me endpoint. This introduces a new field subject_source to the OIDC configuration.

    Closes #2153

  • sdk: Add cookie headers to all form submissions (#2467) (9a969fd), closes #2003 #2454

  • sdk: Add csrf cookie for login flow submission (#2454) (2bffee8)

  • Support argon2i password (#2395) (8fdadf9)

  • Switch to opentelemetry tracing (#2318) (121a4d3)

  • tracing: Improved tracing for requests (#2475) (b90a558)

  • Upgrade to Go 1.18 (725d202)

Tests

Unclassified

  • BREAKING CHANGES: This patch group updates the tracing provider from OpenTracing to OpenTelemetry. Due to these changes, tracing providers Zipkin, DataDog, Elastic APM have been deactivated temporarily. The best way to re-add support for them is to make a pull request at https://github.com/ory/x/tree/master/otelx and check the status of ory/x#499 (7165fa0):

    The configuration has not changed, and thus no changes to your system are required if you use Jaeger.

Changelog

  • 7165fa0 BREAKING CHANGES: This patch group updates the tracing provider from OpenTracing to OpenTelemetry. Due to these changes, tracing providers Zipkin, DataDog, Elastic APM have been deactivated temporarily. The best way to re-add support for them is to make a pull request at https://github.com/ory/x/tree/master/otelx and check the status of ory/x#499
  • 895aa89 autogen(docs): generate and bump docs
  • b682689 autogen(docs): regenerate and update changelog
  • d942c5d autogen(docs): regenerate and update changelog
  • 794c2fd autogen(docs): regenerate and update changelog
  • d950320 autogen(docs): regenerate and update changelog
  • b85c0e6 autogen(docs): regenerate and update changelog
  • d1375ea autogen(docs): regenerate and update changelog
  • e505513 autogen(docs): regenerate and update changelog
  • 9097a60 autogen(docs): regenerate and update changelog
  • 1fbabc2 autogen(docs): regenerate and update changelog
  • 2db9377 autogen(docs): regenerate and update changelog
  • 744b84e autogen(docs): regenerate and update changelog
  • 2c07b17 autogen(docs): regenerate and update changelog
  • de77602 autogen(docs): regenerate and update changelog
  • 51cdc34 autogen(docs): regenerate and update changelog
  • 083e67f autogen(docs): regenerate and update changelog
  • 8f29d45 autogen(docs): regenerate and update changelog
  • d2b729a autogen(docs): regenerate and update changelog
  • 7f87bca autogen(docs): regenerate and update changelog
  • 5ed4ca4 autogen(docs): regenerate and update changelog
  • 72c17ac autogen(docs): regenerate and update changelog
  • ca1dab8 autogen(docs): regenerate and update changelog
  • 77f5bbd autogen(docs): regenerate and update changelog
  • 96bcba0 autogen(docs): regenerate and update changelog
  • d8727cb autogen(docs): regenerate and update changelog
  • d1f5748 autogen(docs): regenerate and update changelog
  • 75d0826 autogen(docs): regenerate and update changelog
  • e6b38c2 autogen(docs): regenerate and update changelog
  • 9adbcc4 autogen(docs): regenerate and update changelog
  • 2e26dde autogen(openapi): regenerate swagger spec and internal client
  • d3df719 autogen(openapi): regenerate swagger spec and internal client
  • a2009ff autogen(openapi): regenerate swagger spec and internal client
  • 6735be5 autogen(openapi): regenerate swagger spec and internal client
  • 7d66e5c autogen(openapi): regenerate swagger spec and internal client
  • e0fc0df autogen(openapi): regenerate swagger spec and internal client
  • db638cd autogen(openapi): regenerate swagger spec and internal client
  • 9c9477a autogen: add v0.9.0-alpha.3 to version.schema.json
  • 87e0de7 autogen: pin v0.10.0 release commit
  • 1fea802 autogen: pin v0.10.0-pre.0 release commit
  • 1090a82 chore(deps): bump ory/x
  • fe69e29 chore(deps): bump ansi-regex from 4.1.0 to 4.1.1 in /test/e2e/proxy
  • 1828247 chore(deps): bump minimist from 1.2.5 to 1.2.6
  • f23ef2f chore(deps): bump minimist from 1.2.5 to 1.2.6 in /test/e2e
  • 92c1a2f chore(deps): bump minimist from 1.2.5 to 1.2.6 in /test/e2e/proxy
  • 1605603 chore: Fix typo in README (#2411)
  • 1ff1d79 chore: add missing down migrations (#2476)
  • e38ecbc chore: bump SQLite for better JSON support
  • b5b4ba7 chore: bump alpine image version
  • f04a58e chore: go mod tidy
  • 10badcc chore: resolve lint and formatting issues
  • 9519978 chore: update go mod
  • 617949c chore: update repository templates
  • 37cb4ce ci: add codeball
  • 5093cd4 docs: add docs about change in default schema (#2447)
  • b80ed69 docs: remove notice importing credentials not possible (#2418)
  • 562e340 feat(identity): add admin and public metadata fields
  • 9a969fd feat(sdk): add cookie headers to all form submissions (#2467)
  • 2bffee8 feat(sdk): add csrf cookie for login flow submission (#2454)
  • b90a558 feat(tracing): improved tracing for requests (#2475)
  • 29e4a51 feat: add ID to the recovery error when already logged in (#2483)
  • 7200037 feat: add certificate based authentication for smtp client (#2351)
  • 27336b6 feat: add localName to smtp config (#2445)
  • a0c006e feat: add render-schema script
  • 4348b86 feat: add session renew capabilities (#2146)
  • ee7fc79 feat: add support for netID provider (#2394)
  • 391c54e feat: add tracing to persister
  • 852f24f feat: read subject id from https://graph.microsoft.com/v1.0/me for microsoft (#2347)
  • 8fdadf9 feat: support argon2i password (#2395)
  • 121a4d3 feat: switch to opentelemetry tracing (#2318)
  • 725d202 feat: upgrade to Go 1.18
  • 37de25a fix(Dockerfile): use existing builder base image (#2390)
  • 52a965d fix(auth0): created_at workaround (#2492)
  • bf970f3 fix(courier): add ability to specify backoff (#2349)
  • a42a0f7 fix(sdk): improved OpenAPI specifications for UI nodes (#2375)
  • 854e5cb fix(sql): add additional join argument to resolve MySQL query issue
  • 5a50231 fix: Internal Server Error on Empty PUT /identities/id body (#2417)
  • c2b1c23 fix: add flow id when return_to is passed to the verification (#2482)
  • e0cdbc9 fix: add indices for slow queries
  • ecfd052 fix: add legacy session value
  • ee2d410 fix: avoid excessive memory allocations in HIBP cache (#2389)
  • 0e5d3b7 fix: change SQLite database mode to 0600 (#2344)
  • 85a90c8 fix: compile issues from merge conflict (#2419)
  • b249aaa fix: correct location
  • aee2b1e fix: do not expose debug in a response when a schema is not found (#2348)
  • 114c93e fix: do not fail release if no changes needed
  • b797bba fix: embed schema
  • 4779909 fix: get user first name and last name from Apple (#2331)
  • 8a1009b fix: improve error reporting from OpenAPI
  • af28de2 fix: improve performance of identity schema call
  • 5efe4a3 fix: load return_to and append to errors (#2333)
  • 0005f35 fix: make delete formattable
  • c9ae117 fix: mark body as required (#2479)
  • b9ad684 fix: new issue templates
  • 37a3369 fix: openapi regression (#2465)
  • 9717762 fix: quickstart docker-compose (#2490)
  • d3436d7 fix: refresh is always false when session exists
  • 638d45c fix: remove required legacy field (#2410)
  • 4fe2d25 fix: remove wrong templates
  • 78ca4c6 fix: reorder transactions
  • 50bdba9 fix: resolve MySQL index issues
  • d5550b5 fix: resolve index naming issues
  • 6613a02 fix: resolve otelx panics
  • 0a381fa fix: serve.admin.request_log.disable_for_health behaviour (#2399)
  • 93bf1e2 fix: unreliable HIBP caching strategy (#2468)
  • 0998cfb fix: use JOIN instead of iterative queries
  • 16b1244 fix: use path instead of filepath to join http route paths Windows users were broken since #2292, as routes were registered with backslashes.
  • 61f12e7 fix: use pointer of string for PasswordIdentifier in example code (#2421)
  • 51a13f7 fix: use predictable SQLite in memory DSNs (#2415)
  • 5277668 refactor: deprecate fizz renderer
  • d11a9a9 refactor: move CLI commands to match Ory CLI structure
  • 73910a3 refactor: move CLI commands to match Ory CLI structure
  • b5b1361 test: fix incorrect assertion
  • dd44593 test: resolve regressions

Artifacts can be verified with cosign using this public key.

Don't miss a new kratos release

NewReleases is sending notifications on new releases.