github ory/kratos v0.2.0-alpha.2
on GitHub

latest releases: v1.1.0, v1.1.0-pre.0, v1.0.0...
pre-release3 years ago

This is a heavy release with over hundreds of commits and files changed! Let's
take a look at some of the highlights!

ORY Oathkeeper now optional

Using ORY Oathkeeper to protect your API is now optional. The basic quickstart
now uses a much simpler set up. Go
check it out now!

PostgreSQL, MySQL, CockroachDB support now tested and official!

All three databases now pass acceptance tests and are thus officially supported!

Self-Service Profile Flow

The self-service profile flow has been refactored into a more generic flow
allowing users to make modifications to their traits and credentials. Check out
the docs to learn
more
about the flow and it's features.

Please keep in mind that the flow's APIs have changed. We recommend re-reading
the docs!

Managing Privileged Profile Fields

Flows such as changing ones profile or primary email address should not be
possible unless the login session is fresh. This prevents your colleague or evil
friend to take over your account while you make yourself a coffee.

ORY Kratos now supports this by redirecting the user to the login screen if
changes to sensitive fields are made. The changes will only be applied after
successful reauthentication.

Changes to Hooks

This patch focuses on refactoring how self-service flows terminate and changes
how hooks behave and when they are executed.

Before this patch, it was not clear whether hooks run before or after an
identity is persisted. This caused problems with multiple writes on the HTTP
ResponseWriter and other bugs.

This patch removes certain hooks from after login, registration, and profile
flows. Per default, these flows now respond with an appropriate payload (
redirect for browsers, JSON for API clients) and deprecate the redirect hook.
This patch includes documentation which explains how these hooks work now.

Additionally, the documentation was updated. Especially the sections about hooks
have been refactored. The login and user registration docs have been updated to
reflect the latest changes as well.

BREAKING CHANGE: Please remove the redirect hook from both login,
registration, and settings after configuration. Please remove the session hook
from your login after configuration. Hooks have moved down a level and are now
configured at selfservice.<login|registration|settings>.<after|before>.hooks
instead of selfservice.<login|registration|settings>.<after|before>.
Hooks are now identified by hook: instead of job:. Please rename those
sections accordingly.

We recommend re-reading the
Hooks Documentation.

Changing Passwords

It's now possible to change your password using the Self-Service Settings Flow!
Lean more about this flow
here

End-To-End Tests

We added tons of end-to-end and integration tests to find and fix pesky bugs.

0.2.0-alpha.2 (2020-05-04)

Bug Fixes

  • Allow setting new password in profile flow (3b5fd5c)
  • Automatically append multiStatements parameter to mySQL URI (#374) (39f77bb)
  • Create pop connection without parsed connection options (#366) (10b6481)
  • Declare proper vars for setting version (#383) (2fc7556)
  • Decouple quickstart scenarios (#336) (17363b3), closes #262:

    Creates several docker compose examples which include various
    scenarios of the quickstart.

    The regular quickstart guide now works without ORY Oathkeeper
    and uses the standalone mode of the example app instead.

    Additionally, the Makefile was improved and now automatically pulls
    required dependencies in the appropriate version.

  • Document Schema API and serve over admin endpoint (#299) (4be417c), closes #287
  • Exempt whomai from csrf protection (#329) (31d4065)
  • Fix swagger annotation (#331) (5c5c78f):

    Closes ory/sdk#10

  • Move to ory sqa service (#309) (7c244e0)
  • Properly annotate error API (a6f1300)
  • Resolve docker build permission issues (f3612e8)
  • Resolve failing test issues (2e968e5)
  • Resolve NULL value for seen_at (#259) (a7d1e86), closes #244:

    Previously, errorx tests were not executed which caused several bugs.

  • Revert use host volume mount for sqlite (#272) (#285) (a7477ab):

    This reverts commit 230ab2d.

  • Show log in ui only when unauthenticated or forced (df77310), closes #323
  • Use semver-regex replacer func (d5c9a47)
  • Use sqlite tag on make install (2c82784)
  • docker: Throw away build artifacts (481ec1b)
  • Remove unused returnTo (e64e5b0)
  • Resolve linux install script archive naming (#302) (c98b8aa)
  • Resolve password continuity issues (56a44fa)
  • Self-service error query parameter name (#308) (be257f5):

    The query parameter for the self-service errors endpoint was named id
    in the API docs, whereas it is the error param that is used by the
    handler.

  • Use host volume mount for sqlite (#272) (230ab2d)
  • Use resilient client for HIBP lookup (#288) (735b435), closes #261
  • Verified_at field should not be required (#353) (15d5e26):

    Closes ory/sdk#11

  • config: Rename config key stmp to smtp (#278) (ef95811)
  • session: Regenerate CSRF Token on principal change (#290) (1527ef4), closes #217
  • session: Whoami endpoint now supports all HTTP methods (#283) (4bf645b), closes #270
  • sql: Rename migrations with same version (#280) (07e46b9), closes #279
  • swagger: Move nolint,deadcode instructions to own file (#293) (1935510):

    Closes ory/docs#279

Code Refactoring

  • Move docs to this repository (#317) (aa0d726)
  • Prepare profile management payloads for credentials (44493f3)
  • Rename traits method to profile (4f1e033)
  • Rework hooks and self-service flow completion (#349) (a7c7fef), closes #348 #347 #179 #51 #50 #31:

    This patch focuses on refactoring how self-service flows terminate and
    changes how hooks behave and when they are executed.

    Before this patch, it was not clear whether hooks run before or
    after an identity is persisted. This caused problems with multiple
    writes on the HTTP ResponseWriter and other bugs.

    This patch removes certain hooks from after login, registration, and profile flows.
    Per default, these flows now respond with an appropriate payload (
    redirect for browsers, JSON for API clients) and deprecate
    the redirect hook. This patch includes documentation which explains
    how these hooks work now.

    Additionally, the documentation was updated. Especially the sections
    about hooks have been refactored. The login and user registration docs
    have been updated to reflect the latest changes as well.

    Also, some other minor, cosmetic, changes to the documentation have been made.

Documentation

Features

  • Add dsn: memory shorthand (#284) (e66a030), closes #228
  • Add and test id hint in reauth flow (2298f01), closes #323
  • Add cypress e2e tests (#334) (abc0e91)
  • Allow configuring same-site for session cookies (#303) (2eb2054), closes #257:

    It is now possible to set SameSite for the session cookie via the key security.session.cookie.same_site.

  • Enable CockroachDB integration (#260) (adc5153), closes #132 #155
  • Enable continuity management for settings module (009d755)
  • Enable updating auth related traits (#266) (65b88ba), closes #243
  • Implement password profile management flow (a31839a), closes #243
  • Introduce fallbacks for required configs (#376) (b3bcb25), closes #369 #352
  • Return 410 when selfservice requests expire (#289) (b414607), closes #235
  • Send verification emails on profile update (#333) (1cacc80), closes #267
  • continuity: Implement request continuity (135e047), closes #304 #311:

    This patch adds a module which is capable of aborting a request, waiting for
    another option to complete, and then resuming the request again.

    This feature makes use of a temporary cookie which keeps track of the
    request state.

    This feature is required for several workflows that update privileged
    fields such as passwords, 2fa recovery codes, email addresses.

    refactor: rename profile to settings flow

    Renames selfservice/profile to settings. The settings flow includes a strategy for managing profile information

  • login: Forced reauthentication (#248) (344fc9c), closes #243

Unclassified

  • u (0b6fa48)
  • Make format (b85e5af)
  • u (03fa4f0)
  • u (a3dfd9d)
  • u (616aa0f)
  • fix:add graceful shutdown to courier handler (#296) (235d784), closes #296 #295:

    Courier would not stop with the provided Background handler.
    This changes the methods of Courier so that the graceful package can be
    used in the same way as the http endpoints can be used.

  • fix(sql) change courier body to text field (#276) (ed5268d), closes #276 #269

BREAKING CHANGES

  • Please remove the redirect hook from both login,
    registration, and settings after configuration. Please remove
    the session hook from your login after configuration. Hooks
    have moved down a level and are now configured at
    selfservice.<login|registration|settings>.<after|before>.hooks
    instead of
    selfservice.<login|registration|settings>.<after|before>.hooks.
    Hooks are now identified by hook: instead of job:. Please
    rename those sections accordingly.
  • continuity: Several profile-related URLs have and payloads been updated. Please consult the most recent documentation.
  • The payloads of the Profile Management Request API
    that previously were set in { "methods": { "traits": { ... } }} have now moved to
    { "methods": { "profile": { ... } }}.
  • This patch introduces a refactor that is needed
    for the profile management API to be capable of handling (password,
    oidc, ...) credential changes as well.

To implement this, the payloads of the Profile Management Request API
that previously were set in {"form": {...} } have now moved to
{"methods": { "traits": { ... } }}.

In the future, as more credential updates are handled, there will
be additional keys in the forms key
{"methods": { "traits": { ... }, "password": { ... } }}.

Changelog

4b3edb3 Update isntall (#355)
dd9c4c0 autogen(docs): generate and format documentation
6beabef autogen(docs): generate and format documentation
cd79d60 autogen(docs): generate and format documentation
fe75328 autogen(docs): generate and format documentation
de0eaf7 autogen(docs): generate and format documentation
b7ff67e autogen(docs): generate and format documentation
6d36970 autogen(docs): generate and format documentation
18220f2 autogen(docs): regenerate and update changelog
aa74935 autogen(docs): regenerate and update changelog
a94622d autogen(docs): regenerate and update changelog
9915749 autogen(docs): regenerate and update changelog
6de5cb7 autogen(docs): regenerate and update changelog
b94e4fd autogen(docs): regenerate and update changelog
eae48b3 autogen(docs): regenerate and update changelog
51240c5 autogen(docs): regenerate and update changelog
8c4ec1d autogen(docs): regenerate and update changelog
182fdf9 autogen(docs): regenerate and update changelog
2b0b40f autogen(docs): regenerate and update changelog
14ecab5 autogen(docs): regenerate and update changelog
ad7f703 autogen(docs): regenerate and update changelog
c498f5d autogen(docs): regenerate and update changelog
1e1e422 autogen(docs): regenerate and update changelog
2593478 autogen(docs): regenerate and update changelog
a6f8fbb autogen(docs): regenerate and update changelog
0e1aea6 autogen(docs): regenerate and update changelog
58c38aa autogen(docs): regenerate and update changelog
1e1a444 autogen(docs): regenerate and update changelog
5d926bf autogen(docs): regenerate and update changelog
f6bd923 autogen(docs): regenerate and update changelog
67add43 autogen(docs): regenerate and update changelog
35e10ef autogen(docs): regenerate and update changelog
64d4c5c autogen(docs): regenerate and update changelog
7c8ca58 autogen(docs): regenerate and update changelog
011274c autogen(docs): regenerate and update changelog
b0223ae autogen(docs): regenerate and update changelog
34c973d autogen(docs): regenerate and update changelog
7e8b008 autogen(docs): regenerate and update changelog
fd9a5f2 autogen(docs): regenerate and update changelog
515714f autogen(docs): regenerate and update changelog
77cd821 autogen(docs): regenerate and update changelog
361eff7 autogen(docs): regenerate and update changelog
86e3568 autogen(docs): regenerate and update changelog
7882f0f autogen(openapi): Regenerate swagger spec and internal client
7bf07ff autogen(openapi): Regenerate swagger spec and internal client
fca0f23 autogen(openapi): Regenerate swagger spec and internal client
f5a05e8 chore: add semver-cli to deps
2c2e16d chore: bump go mods
68aa15e chore: bump ory/x to have csv parsing from env vars (#312)
317b0ea chore: fix lint issues
12b63a3 chore: moved watchAndValidateViper to viperx (#307)
21b3722 chore: pin v0.2.0-alpha.1 release commit
ab91689 chore: pin v0.2.0-alpha.2 release commit
57d3ce5 chore: pin v1.5.0-beta.1 release commit
597a65d chore: pin v1.5.0-beta.2 release commit
77d5f77 chore: remove node_modules
f7af58a chore: update docusaurus template (#318)
e77fc8b chore: update docusaurus template (#319)
dd0ccb4 chore: update docusaurus template (#320)
4ee9f04 chore: update docusaurus template (#321)
595a7e7 chore: update docusaurus template (#324)
8d26e65 chore: update docusaurus template (#337)
68d7275 chore: update docusaurus template (#340)
7e6a2a4 chore: update ory/x dependency and add test case (#305)
1722a45 ci: adopt new release pipeline
5fa9344 ci: bump ci orbs
a49184c docs(concepts): fix typo
1c841c2 docs(concepts): properly close code tag
87b47ba docs: Regenerate and update changelog
48a2eca docs: Regenerate and update changelog
e8d2d10 docs: Regenerate and update changelog
4c58b6d docs: Regenerate and update changelog
8a71948 docs: Regenerate and update changelog
41eeb75 docs: Regenerate and update changelog
e60e2df docs: Regenerate and update changelog
537d496 docs: Regenerate and update changelog
a726eb2 docs: Regenerate and update changelog
48bcc70 docs: Regenerate and update changelog
468105a docs: Regenerate and update changelog
816a55c docs: Regenerate and update changelog
175b626 docs: Regenerate and update changelog
ad3d510 docs: Regenerate and update changelog
85d5866 docs: Regenerate and update changelog
367927e docs: Regenerate and update changelog
7d4ed98 docs: Regenerate and update changelog
38f4019 docs: Regenerate and update changelog
8414520 docs: Regenerate and update changelog
00e6af9 docs: Regenerate and update changelog
4ed74d2 docs: Regenerate and update changelog
9f865a2 docs: Typo in README.md (#265)
4cf0323 docs: Update self service reg docs (#367)
1be738d docs: Updates issue and pull request templates (#298)
299063c docs: Updates issue and pull request templates (#313)
d5ae452 docs: Updates issue and pull request templates (#314)
8b68db1 docs: Updates issue and pull request templates (#315)
2e5c591 docs: add HA docs
8a9dfbb docs: add banner kratos
cac2948 docs: add csrf and cookie debug section (#342)
4f9e8b0 docs: add database connection documentation (#332)
55b5fe0 docs: add hook changes to upgrade guide
6eeeb5d docs: add info to oidc (#382)
ed2ccb9 docs: add more examples to config schema (#372)
74f082a docs: add quickstart notes for docker debugging
478cd9c docs: add settings docs and improve flows (#375)
df7591f docs: declare api frontmatter properly
9be1064 docs: document 0.2.0 high-level changes
891594d docs: document multi-tenant set up
52aa4cf docs: fix broken images in quickstart
c2adc73 docs: fix broken link
bf7843c docs: fix broken link
f24fc1b docs: fix broken mermaid links
3ce6b4a docs: fix spelling in quickstart (#356)
a973ca7 docs: improve changelog (#384)
3cc0979 docs: improve profile section and restructure nav (#373)
292c986 docs: update banner url
3039191 docs: update forum and chat links
57dbc77 docs: update github templates (#338)
eb13dc1 docs: update github templates (#343)
faf2f30 docs: update github templates (#350)
20ff289 docs: update github templates (#351)
3b8e549 docs: update linux install guide
ec49cae docs: update linux install guide (#354)
45dc3a5 docs: update user-settings-profile-management.md (#322)
2d2562b docs: use git checkout in quickstart (#339)
135e047 feat(continuity): implement request continuity
344fc9c feat(login): forced reauthentication (#248)
adc5153 feat: Enable CockroachDB integration (#260)
e66a030 feat: add dsn: memory shorthand (#284)
2298f01 feat: add and test id hint in reauth flow
abc0e91 feat: add cypress e2e tests (#334)
2eb2054 feat: allow configuring same-site for session cookies (#303)
009d755 feat: enable continuity management for settings module
65b88ba feat: enable updating auth related traits (#266)
a31839a feat: implement password profile management flow
b3bcb25 feat: introduce fallbacks for required configs (#376)
b414607 feat: return 410 when selfservice requests expire (#289)
1cacc80 feat: send verification emails on profile update (#333)
ef95811 fix(config): Rename config key stmp to smtp (#278)
481ec1b fix(docker): throw away build artifacts
1527ef4 fix(session): Regenerate CSRF Token on principal change (#290)
4bf645b fix(session): whoami endpoint now supports all HTTP methods (#283)
ed5268d fix(sql) change courier body to text field (#276)
07e46b9 fix(sql): rename migrations with same version (#280)
1935510 fix(swagger): Move nolint,deadcode instructions to own file (#293)
a7d1e86 fix: Resolve NULL value for seen_at (#259)
a7477ab fix: Revert use host volume mount for sqlite (#272) (#285)
230ab2d fix: Use host volume mount for sqlite (#272)
735b435 fix: Use resilient client for HIBP lookup (#288)
3b5fd5c fix: allow setting new password in profile flow
39f77bb fix: automatically append multiStatements parameter to mySQL URI (#374)
10b6481 fix: create pop connection without parsed connection options (#366)
2fc7556 fix: declare proper vars for setting version (#383)
17363b3 fix: decouple quickstart scenarios (#336)
4be417c fix: document Schema API and serve over admin endpoint (#299)
31d4065 fix: exempt whomai from csrf protection (#329)
5c5c78f fix: fix swagger annotation (#331)
7c244e0 fix: move to ory sqa service (#309)
a6f1300 fix: properly annotate error API
e64e5b0 fix: remove unused returnTo
f3612e8 fix: resolve docker build permission issues
2e968e5 fix: resolve failing test issues
c98b8aa fix: resolve linux install script archive naming (#302)
56a44fa fix: resolve password continuity issues
be257f5 fix: self-service error query parameter name (#308)
df77310 fix: show log in ui only when unauthenticated or forced
d5c9a47 fix: use semver-regex replacer func
2c82784 fix: use sqlite tag on make install
15d5e26 fix: verified_at field should not be required (#353)
235d784 fix:add graceful shutdown to courier handler (#296)
aa0d726 refactor: move docs to this repository (#317)
44493f3 refactor: prepare profile management payloads for credentials
4f1e033 refactor: rename traits method to profile
a7c7fef refactor: rework hooks and self-service flow completion (#349)
b85e5af styles: make format
0b6fa48 u
616aa0f u
a3dfd9d u
03fa4f0 u

Docker images

  • docker pull oryd/kratos:v0
  • docker pull oryd/kratos:v0.2
  • docker pull oryd/kratos:v0.2.0
  • docker pull oryd/kratos:v0.2.0-alpha.2
  • docker pull oryd/kratos:latest
  • docker pull oryd/kratos:v0-sqlite
  • docker pull oryd/kratos:v0.2-sqlite
  • docker pull oryd/kratos:v0.2.0-sqlite
  • docker pull oryd/kratos:v0.2.0-alpha.2-sqlite
  • docker pull oryd/kratos:latest-sqlite
Check out latest releases or
releases around ory/kratos v0.2.0-alpha.2

Don't miss a new kratos release

NewReleases is sending notifications on new releases.

Get notifications