This release finalizes the OpenID Connect and OAuth2 login, registration, and settings strategy with JsonNet data transformation! From now on, "Sign in with Google, Github, ..." is officially supported! It's also possible to link and unlink these connections using the Self-Service Settings Flow! The documentation has been updated to reflect those changes and includes guides to setting up "Sign in with GitHub" in under 5 Minutes! Please be aware that existing OpenID Connect connections will stop working. Check out the "Breaking Changes" section for more info! Want to learn more? Check out the docs!
We also changed the config validation output, making it easier than ever to find bugs in your config:
% kratos --config invalid-config.yml serve
INFO[0001] Config file loaded successfully. path=invalid-config.yml
ERRO[0001] The provided configuration is invalid and could not be loaded. Check the output below to understand why. config_file=invalid-config.yml
dsn: <nil>
^-- one or more required properties are missing
urls.whitelisted_return_to_urls: https://selfservice.office.example.com
^-- expected array, but got string
FATA[0001] The services failed to start because the configuration is invalid. Check the output above for more details.
This release concludes over 50 commits and 16.000 lines of code changed.
0.3.0-alpha.1 (2020-05-15)
Bug Fixes
-
Access rules of oathkeeper for quick start (#390) (5ed6d05), closes #389:
To access
/as dashboard -
Active field should not be required (#401) (aed2a5c), closes ory/sdk#14
-
Adopt jsonnet in e2e oidc tests (5e518fb)
-
Detect postgres unique constraint (3a777af)
-
Fix oidc strategy jsonnet test (f6c48bf)
-
Improve config validation error message (#414) (d1e6896), closes #413
-
Reset request id after parse (9550205)
-
Resolve regression issues and bugs (e6d5369)
-
Return correct error on id mismatch (5915f28)
-
Test and implement mapper_url for jsonnet (40ac3dc)
-
Transaction usage in the identity persister (#404) (7f5072d)
Code Refactoring
-
Adopt new request parser (ad16cc9)
-
Dry config and oidc tests (3e98756)
-
Improve oidc flows and payloads and add e2e tests (#381) (f9a5079), closes #387:
This patch improves the OpenID Connect login and registration user experience by simplifying the network flows and introduces e2e tests using ORY Hydra.
-
Move cypress files to test/e2e (df8e627)
-
Partition files and change creds structure (4f1eb94):
This patch changes the data model of the OpenID Connect strategy. Instead of using an array of providers as the base config item (e.g.
{"type":"oidc","config":[{"provider":"google","subject":"..."}]}) the credentials config is now an object with aproviderskey:{"type":"oidc","config":{"providers":[{"provider":"google","subject":"..."}]}}. This change allows introduction of future changes to the schema without breaking compatibility. -
settings: Use common request parser (ad6c402)
-
Replace oidc jsonschema with jsonnet (2b45e79), closes #380:
This patch replaces the previous methodology of merging OIDC data which used JSON Schema with Extensions and JSON Path in favor of a much easier to use approach with JSONNet.
Documentation
-
Document account enumeration defenses for oidc (266329c), closes #32
-
Document oidc strategy (#415) (9f079f4), closes #409 #124 #32
-
Explain that form data is merged with oidc data (#394) (b0dbec4), closes #127
-
Improve social sign in guide (#393) (647ced3), closes #49:
This patch changes the social sign in guide to represent more use cases such as Google and Facebook. Additionally, the example has been updated to work with Jsonnet.
This patch also documents limitations around merging user data from GitHub.
-
Prepare v0.3.0-alpha.1 (d6a6f43)
Features
-
Add format and lint for JSONNet files (0a1b244):
This patch adds two commands
kratos jsonnet formatandkratos jsonnet lintthat help with formatting and linting JSONNet code. -
Implement oidc settings e2e tests (919925c)
-
Introduce leaklog for debugging oidc map payloads (238d7a4)
-
Write tests and fix bugs for oidc settings (575a61f)
Unclassified
- Format code (bc7557a)
BREAKING CHANGES
- If you upgrade and have existing Social Sign In connections, it will no longer be possible to use them to sign in. Because the oidc strategy was undocumented and not officially released we do not provide an upgrade guide. If you run into this issue on a production system you may need to use SQL to change the config of those identities. If this is a real issue for you that you're unable to solve, please create an issue on GitHub.
- This is a breaking change as previous OIDC configurations will not work. Please consult the newly written documentation on OpenID Connect to learn how to use OIDC in your login and registration flows. Since the OIDC feature was not publicly broadcasted yet we have chosen not to provide an upgrade path. If you have issues, please reach out on the forums or slack.
Changelog
15ce3d8 autogen(docs): generate and format documentation
1b4567b autogen(docs): generate and format documentation
6b0ce46 autogen(docs): regenerate and update changelog
bb68c58 autogen(docs): regenerate and update changelog
97b9895 autogen(docs): regenerate and update changelog
d901354 autogen(docs): regenerate and update changelog
c7a994e autogen(docs): regenerate and update changelog
59ec837 autogen(docs): regenerate and update changelog
a7fc31b autogen(docs): regenerate and update changelog
0577f64 autogen(docs): regenerate and update changelog
b76d380 autogen(docs): regenerate and update changelog
b1544f4 autogen(docs): regenerate and update changelog
3a29e11 autogen(openapi): Regenerate swagger spec and internal client
138c6cc chore: add go.sum for hydra integration
4bc7a51 chore: make scripts executable
43b693a chore: pin v0.3.0-alpha.1 release commit
1652b24 ci: update mailchimp segment
266329c docs: document account enumeration defenses for oidc
088b30f docs: document new oidc jsonnet mapper (#392)
9f079f4 docs: document oidc strategy (#415)
b0dbec4 docs: explain that form data is merged with oidc data (#394)
efb6102 docs: fix links in README
647ced3 docs: improve social sign in guide (#393)
2915b8f docs: improve the identity data model page (#410)
5aaebff docs: include redirect doc in nav
d6a6f43 docs: prepare v0.3.0-alpha.1
4db674d docs: ui should show only active form sections (#395)
6e646b0 docs: update github templates (#408)
0a1b244 feat: add format and lint for JSONNet files
919925c feat: implement oidc settings e2e tests
238d7a4 feat: introduce leaklog for debugging oidc map payloads
575a61f feat: write tests and fix bugs for oidc settings
5ed6d05 fix: Access rules of oathkeeper for quick start (#390)
aed2a5c fix: active field should not be required (#401)
5e518fb fix: adopt jsonnet in e2e oidc tests
3a777af fix: detect postgres unique constraint
f6c48bf fix: fix oidc strategy jsonnet test
d1e6896 fix: improve config validation error message (#414)
9550205 fix: reset request id after parse
ac4acfc fix: resolve flaky swagger generation (#416)
e6d5369 fix: resolve regression issues and bugs
5915f28 fix: return correct error on id mismatch
40ac3dc fix: test and implement mapper_url for jsonnet
7f5072d fix: transaction usage in the identity persister (#404)
ad6c402 refactor(settings): use common request parser
ad16cc9 refactor: adopt new request parser
3e98756 refactor: dry config and oidc tests
f9a5079 refactor: improve oidc flows and payloads and add e2e tests (#381)
df8e627 refactor: move cypress files to test/e2e
8a0967d refactor: moved scanner json to ory/x (#412)
4f1eb94 refactor: partition files and change creds structure
2b45e79 refactor: replace oidc jsonschema with jsonnet
bc7557a styles: format code
Docker images
docker pull oryd/kratos:v0docker pull oryd/kratos:v0.3docker pull oryd/kratos:v0.3.0docker pull oryd/kratos:v0.3.0-alpha.1docker pull oryd/kratos:latestdocker pull oryd/kratos:v0-sqlitedocker pull oryd/kratos:v0.3-sqlitedocker pull oryd/kratos:v0.3.0-sqlitedocker pull oryd/kratos:v0.3.0-alpha.1-sqlitedocker pull oryd/kratos:latest-sqlite