The ORY team and community is very proud to present the next ORY Kratos iteration!

ORY Kratos is now capable of handling native (iOS, Android, Windows, macOS, ...) login, registration, settings, recovery, and verification flows. As a goodie on top, we released a reference React Native application which you can find on GitHub.

We co-released our reference React Native application which acts as a reference on implementing these flows:

In total, almost 1200 files were changed in about 480 commits. While you can find a list of all changes in the changelist below, these are the changes we are most proud of:

We renamed login, registration, ... requests to "flows" consistently across the code base, APIs, and data storage. We now:
- Initiate a login, registration, ... flow;
- Fetch a login, registration, ... flow; and
- Complete a login, registration, ... flow using a login flow method such as "Log in with username and password".
All self-service flows are now capable of handling API-based requests that do not originate from Browser such as Chrome. This is set groundwork for handling native flows (see above)!
The self service documentation has been refactored and simplified. We added code samples, screenshots, payloads, and curl commands to make things easier and clearer to understand. Video guides have also been added to help you and the community get things done faster!
Documentation for rotating important secrets such as the cookie and session secrets was added.
The need for reverse proxies was removed by adding the ability to change the ORY Kratos Session Cookie domain and path! The kratos-selfservice-ui-node reference implementation no longer requires HTTP Request piping which greatly simplifies the network layout and codebase!
The ORY Kratos CLI is now capable of managing identities with an interface that works almost like the Docker CLI we all love!
Admins are now able to initiate account recovery for identities.
Email verification and account recovery were refactored. It is now possible to add additional strategies (e.g. recovery codes) in the future, greatly increasing the feature set and security capabilities of future ORY Kratos versions!
Lookup to Have I Been Pwnd is no longer a hard requirement, allowing registration processes to complete when the service is unavailable or the network is slow.
We contributed several issues and features in upstream projects such as justinas/nosurf, gobuffalo/pop, and many more!
The build pipeline has been upgraded to support cross-compilation of CGO with Go 1.15+.
Fetching flows no longer requires CSRF cookies to be set, improving developer experience while not compromising on security!
ORY Kratos now has ORY Kratos Session Cookies (set in the HTTP Cookie header) and ORY Kratos Session Tokens (set as a HTTP Bearer Authorization token or the X-Session-Token HTTP Header).

Additionally tons of bugs were fixed, tests added, documentation improved, and much more. Please note that several things have changed in a breaking fashion. You can find details for the individual breaking changes in the changelog below.

We would like to thank all community members who contributed towards this release (in no particular order):

Have fun exploring the new release, we hope you like it! If you haven't already, join the ORY Community Slack where we hold weekly community hangouts via video chat and answer your questions, exchange ideas, and present new developments!

0.5.0-alpha.1 (2020-10-15)

Bug Fixes

Add missing 'recovery' path in oathkeeper access-rules.yml (#763) (f180dba)
Add missing error handling (43c1446)
Add ory-prettier-styles to main repo (#744) (aeaddbc)
Add remote help description (f66bbe1)
Add serve help description (2eb072b)
Allow using json with form layout in password registration (bd2225c)
Annotate whoami endpoint with cookie and token (a8a781c)
Bump datadog version to fix build failure (4dfd322)
Change KRATOS_ADMIN_ENDPOINT to KRATOS_ADMIN_URL (763fdc5)
Clarify fetch use (8eb2e6f)
Complete verification by redirecting to UI with success (f0ecf51)
Correct cookie domain on logout (#646) (6d77e04), closes #645
Correct help message for import (a5f46d2)
Correct password and profile swagger annotations (668c184)
Correct password registration method api spec (08dd582)
Correct PHONY spelling (#739) (e3d3617)
Cover more test cases for persister (37d2e08)
Create decoder only once (34dc43b)
Deprecate packr2 dependency in makefile (be9a84d), closes #711 #750
Do not propagate parent validation error (bf6093d)
Don't resend verification emails once verified (#583) (a4d9969), closes #578
Enforce endpoint to be set (171ac18)
Escape jsx characters in api documentation (0946094)
Exit with code 1 on unimplemented CLI commands (66943d7)
Explicitly ignore fprint return values (f50e582)
Explicitly ignore fprintf results (a83dc50)
Fallback to default return url if logout after url is not defined (#594) (7edd367)
Favor packr2 over pkger (ac18a45):

See markbates/pkger#117
Find and replace "request" references (41fb673)
Force exe buildmode for windows CGO (e017bb5)
Html form parse regression issue (6b07cbb)
Ignore x/net false positives (7044b95)
Improve debugging output for login hook and restructure files (dabac40)
Improve debugging output for registration hook and restructure files (ec11775)
Improve expired error responses (124a92e)
Improve hook tests (55ba485)
Improve makefile dependency building (8e1d69a)
Improve pagination when listing identities (c60bf44)
Improve post login hook log and audit messages (ddd5d5a)
Improve post registration hook log and audit messages (2495629)
Improve registration hook tests (8163152)
Improve session max-age behavior (65189fe), closes #42
Keep HTML form type on registration error (#698) (6c9e756), closes #670
Lowercase emails on login (244b4dd)
Mark flow methods' fields as required (#708) (834c607)
Merge public and admin login flow fetch handlers (48c4906)
Missing write in registration error handler (3b2af53)
Properly annotate swagger password parameters (2ef57c4)
Properly fetch identity for session (7be4086)
Recursive loop on network errors in password validator (#589) (b4d5a42), closes #316:

The old code no error when ignoreNetworkErrors was set to true, but did not set a hash result which caused an infinite loop.
Remove incorrect security specs (4c3d46d)
Remove obsolete tests (f102f95):

The test is no longer valid as CSRF checks now happen after checking for login sessions in settings flows.
Remove redirector from code base (6689ecf)
Remove stray debug statements (a8e1ec4)
Rename import to put (8003e0f)
Rename quickstart config files and path (#671) (be8b9e5)
Rename quickstart schema file name (e943c90)
Rename recovery models and generate SDKs (d764435)
Resolve and test for missing data when updating flows (045ecab)
Resolve broken csrf tests (6befe2e)
Resolve broken docs links (56f4a39)
Resolve broken migrations and bump fizz (1ed9c70)
Resolve broken OIDC tests and disallow API flows (9986d8f)
Resolve cookie issues (6e2b6d2)
Resolve e2e headless test failures (82d506e)
Resolve e2e test failures (2627db2)
Resolve failing test cases (f8647b4)
Resolve flaky passwort setting tests (#582) (c42d936), closes #581 #577
Resolve handler testing issue (4f6bafd)
Resolve identity admin api issues (#586) (feef8a7), closes #435 #500:

This patch resolves several issues that occurred when creating or updating identities using the Admin API. Now, all hooks are running properly and updating privileged properties no longer causes errors.
Resolve interface type issues (064b305)
Resolve logout csrf issues (#761) (74c0aac)
Resolve migratest failures (e2f34d3)
Resolve migratest ordering failing tests (dffecc0)
Resolve migration issues (b545e15)
Resolve panic on serve (ae34155)
Resolve panic when DSN="memory" (#574) (05e55f3):

Executing the migration logic in registry.go cause a panic as the registry is not initalized at that point. Therefore we decided to move the handling to driver_default.go, after the registry has been initialized.
Resolve pkger issues (294066c)
Resolve remaining testing issues (af40d93)
Resolve SQL persistence tester issues (4952df4)
Resolve swagger issues and regenerate SDK (be4c7e4)
Resolve template loading issue (145fb20)
Resolve test issues introduced by new csrf protection (625ef5e)
Resolve verification sql errors (784da53)
Resolves a bug that prevents sessions from expiring (#612) (86b281a), closes #611
Revert disabling swagger flatten during sdk generation (98c7915)
Set correct path for kratos in oathkeeper set up (414259f)
Set quickstart logging to trace (d3e9192)
Support browser flows only in redirector (cab5280)
Swagger models (1b5f9ab):

The swagger:parameters <id> definitions for updateIdentity and createIdentity where defined two times with the same ID. They had some old definition swagger used. The internal/httpclient should now work again as expected.
Tell tls what the smtps server name is (#634) (b724038)
Type (e264c69)
Update cli documentation examples (216ea7f)
Update contrib samples (79d24b4)
Update crdb quickstart version (249a6ba)
Update import description (aef1e1a)
Update quickstart kratos config (e3246e5)
Update recovery token field and column names (42abfa1)
Update status help description (b147831)
Update swagger names and fix broken tests (85b7fb1)
Update version help description (8bf4a79)
Use and test for csrf tokens and prevent api misuse (a4e3bc5)
Use correct HTTP method for password login (4f4fcee)
Use correct log message (53c384a)
Use correct redirection for registration (8d47113)
Use correct security annotation (c9bebe0)
Use correct swagger tags and regenerate (df99d8c)
Use helpers to create flow (aba8610)
Use nosurf fork to address VerifyToken bug (cd84e51)
Use params per_page and page for pagination (5dfb6e3)
Use proper pwd in makefile (52e22c3)
Use public instead of common sdk (dcb4a36)
Use relative threshold to judge longest common substring in password policy (#585) (3e9f8cc), closes #581
Whoami returns 401 not 403 (3b3b78c), closes #729

Code Refactoring

Add flow methods to verification (00ee828):
Completely refactors the verification flow to support other methods. The original email verification flow now moved to the "link" method also used for recovery.
Additionally, several upstream bugs in gobuffalo/pop and gobuffalo/fizz have been addressed, patched, and merged which improves support for SQLite and CockroachDB migrations:
- gobuffalo/fizz#97
- gobuffalo/fizz#96
Add method and rename request to flow (006bf56)
Change oidc callback URL (36d9380)
Complete login flow refactoring (ad2b3db)
Dry up login.NewFlow (f261c44)
Improve CSRF infrastructure (7e367e7)
Improve login test reuse (b4184e5)
Improve NewFlowExpiredError (1caefac)
Improve registration tests with testhelpers (9bf4530)
Improve selfservice method tests (df4d06d)
Improve settings helper functions (fda17ca)
Move samesite config to cookie parent-key (753eb86)
Moved clihelpers to ory/x (#756) (6ccffa8):

Contributes to ory/hydra#2124.
Profile settings method is now API-able (c5f361f)
Remove common keyword from API spec (6619562)
Remove need for reverse proxy in selfservice-ui (beb4c32), closes #661
Rename session.sid to session.id (809fe73)
Rename login request to login flow (9369d1b), closes #635:

As part of this change, fetching a login flow over the public API no longer requires Anti-CSRF cookies to be sent.
Rename LoginRequestErrorHandler to LoginFlowErrorHandler (66ae029)
Rename package recoverytoken to link (f87fb54)
Rename recovery request to flow internally (16c5618)
Rename recovery request to recovery flow (b0f433d), closes #635:

As part of this change, fetching a login flow over the public API no longer requires Anti-CSRF cookies to be sent.
Rename registration request to flow (8437ebc)
Rename registration request to registration flow (0470956), closes #635:

As part of this change, fetching a registration flow over the public API no longer requires Anti-CSRF cookies to be sent.
Rename request_lifespan to lifespan (#677) (3c8d5e0), closes #666
Rename strategies to methods (8985189):

This patch renames strategies such as "Username/Email & Password" to methods.
Rename verify to verificaiton (#597) (0ecd69a)
Replace all occurrences of login request to flow (1b3c491)
Replace all registration request occurrences with registration flow (308ef47)
Replace packr2 with pkger fork (4e2acae)
Restructure login package (c99e2a2)
Use session token as cookie identifier (60fd9c2)

Documentation

Add administrative user management guide (b97e0c6)
Add code samples to session checking (eba8eda)
Add configuring introduction (#630) (b8cfb35)
Add descriptions to cobra commands (607b76d)
Add documentation for configuring cookies (e3dbc8a), closes #516
Add domain, subdomain, multi-domain cookie guides (3eb1e59), closes #661
Add github video tutorial (#622) (0c4222c)
Add guide for cors (a8ae759)
Add guide for cors (91fd278)
Add guide for dealing with login sessions (4e2718c)
Add identity state (fb4aedb)
Add login session to navbar (b212d64)
Add milestones to sidebar (aae13ec)
Add missing GitLab provider to the list of supported OIDC providers (#766) (a43ed33)
Add missing TOC entries (#748) (bd7edfb)
Add pagination docs (7fe0901)
Add secret key rotation guide (3d6e21a)
Add sequence diagrams for browser/api flows (590d767)
Add session hook to ssi guide (#623) (1bbed39)
Add terminology section (29b81a7)
Add theme helpers and decouple mermaid (7c3eb32)
Add video to OIDC guide (#619) (f286980)
Added sidebar cli label (5d24a29):

clidoc.Generate expects to find an entry under sidebar.json/Reference that contains the substring "CLI" in it's label. Because that was missing, a new entry was appended on every regeneration of the file.
Added sidebar item (#639) (8574761):

Added Kratos Video Tutorial Transcripts document to sidebar.
Added transcript (#627) (cec7f1f):

Added Login with Github Transcript
Adds twitch oidc provider guide (#760) (339e622)
Bring oidc docs up to date (7d0e470)
Changed transcript location (#642) (c52764d):

Changed the location so it is in the right place.
Clarify 302 redirect on expired login flows (ca31b53)
Clarify api flow use (a38b4a1)
Clarify feature-set (2266ae7)
Clarify kratos config snippet (e7732f3)
Clean up docs and correct samples (8627ec5)
Complete registration documentation (b3af02b)
Consistent formatting of badges (#745) (b391a03)
Correct settings and verification redir (30e25e7)
Docker image documentation (#573) (bfe032e)
Document APi flows in self-service overview (71ed0bd)
Document how to check for login sessions (9ad73b8)
Explain high-level API and browser flows (fe3ee0a)
Fix logout url (#593) (f0971d4)
Fix sidebar missing comment (d90123a)
Fix typo (c2f94da)
Fix typo on index page (#656) (907add5)
Fix url of admin-api /recovery/link (#650) (e68c7cb)
Fixed link (c2aebbd)
Fixed link (#629) (ad1276f)
Fixed typos/readability (#620) (7fd3ce0):

Fixed a few typos, and moved some sentences around to improve readability.
Fixed typos/readability (#621) (c4fc75f)
Import mermaid (#696) (6f75004)
Improve charts and examples in self-service overview (312c91d)
Improve documentation and add tests (3dde956)
Improve long messages and render cli documentation (e5fc02f)
Make assumptions neutral in concepts overview (e89d980)
Move development section (2e6f643)
Move hooks (c02b588)
Move to json sidebar (504af3b)
Password login and registration methods for API clients (5a44356)
Prettify all files (#743) (d9d1bfd)
Quickstart next steps (#676) (ee9dd0d):

Added a section outlining some easy config changes, that users can apply to the quickstart to test out different scenarios and configurations.
Refactor login and registration documentation (c660a04)
Refactor settings and recovery documentation (11ca9f7)
Refactor verification docs (70f2789)
Regenerate clidocs with up-to-date binary (e53289c)
Remove make tools task (ec6e664), closes #711 #750:

This task does not exist any more and the dependency building is much smarter now.
Remove contraction (#747) (cd4f21d)
Remove duplicate word (b84e659)
Remove duplicate word (#700) (a12100e)
Remove react native guide for now (daa5f2e)
Rename self service and add admin section (639c424)
Replace ampersand (#749) (8337b80)
Resolve regression issues (0470fd7)
Resolve typo in message IDs (562cfc4)
Resolve typo in message IDs (#607) (f7688f0)
Update cli docs (085efca)
Update link to mfa issue (d03a706)
Update links (a06fd88)
Update MFA link to issue (#690) (7a744ad):

MFA issue was pushed to a later milestone. Update the documentation to point to the issue instead of the milestone.
Update repository templates (f422485)
Update repository templates (#678) (bdb6875)
Update sidebar (ea15c20)
Update ts examples (65cb46e)
Use correct id for multi-domain-cookies (b49288a)
Use correct path in 0.4 docs (9fcaac4), closes #588
Use NYT Capitalization for all Swagger headlines (#675) (6c96429), closes #664

Features

Add ability to configure session cookie domain/path (faeb332), closes #516
Add and improve settings testhelpers (10a43fc)
Add bearer helper (ec6ca20)
Add config version schema (#608) (d218662), closes #590
Add discord oidc provider (#767) (487296d)
Add enum to form field type (96028d8)
Add flow type to login (ce9133b)
Add HTTP request flow validator (1a6e847)
Add new prometheus metrics endpoint #672 (#673) (0f5c436):

Adds endpoint /metrics for prometheus metrics collection to the Admin API Endpoint.
Add nocache helpers (54dcc4d)
Add pagination tests (e3aa81b)
Add session token security definition (d36c26f):

Adds the new Session Token as a Swagger security definition to allow setting the session token as a Bearer token when calling /sessions/whoami.
Add stub errors to errorx (5d452bb), closes #610
Add test helper for fetching settings requests (3646383)
Add tests and helpers to test recovery/verifiable addresses (#579) (29979e6), closes #576
Add tests to cover auth (c9d3a15)
Add texts for settings (795548c)
Add the already declared (and settable) tracer as a middleware (#614) (e24fffe)
Add token to session (08c8c78)
Add type to all flows in SQL (5515776)
Allow import/validation of arrays (d11ac32)
Bump cli and migration render tasks (6dcb42a)
Finalize tests for registration flow refactor (8e52c3a)
Finish off client cli (36d60c7)
Implement administrative account recovery (f5f9c43)
Implement API flow for recovery link method (d65bf66)
Implement API-based tests for password method settings flows (60664aa)
Implement max-age for session cookie (2e642ff), closes #326
Implement tests and anti-csrf for API settings flows (8b8b6e5)
Implement tests for new migrations (e08ece9)
Improve test readability for password method (a896d9b)
Log successful hook execution (f6026cf)
Log successful hook execution (1e7d044)
Make login error handle JSON aware (88f581f)
Make password settings method API-able (0cf6027)
Make public cors configurable (863a0d4), closes #712
Oidc provider claims config option (#753) (bf94a40), closes #735
Reply with cache-control: 0 for browser-facing APIs (1a45b53), closes #360
Schemas are now static assets (1776d58)
Support and document api flow in session issuer hook (91f3cc7)
Support application/json in registration (3476b97), closes #44
Support custom session token header (56bec76):

The /sessions/whoami endpoint now accepts the ORY Kratos Session Token in the X-Session-Token HTTP header.
Support GitLab OIDC Provider (#519) (8580d96), closes #518
Support json payloads for login and password (354e8b2)
Support JSON payloads in password login flow (dd32c23)
Support session token bearer auth and lifecycle (c12600a):

This patch adds support for issuing, validating, and revoking session tokens. Session tokens carry a reference to a session, and are equal to session cookies but can be used on environments which do not support cookies (e.g. React Native) by sending them in the Bearer Authorization.
Update migration tests (fb28173)
Use uri-reference for ui_url etc. to allow relative urls (#617) (2dba450)
Write request -> flow rename migrations (d7189a9)

Tests

Add handler update tests (aea1fb8), closes #325
Add init browser flow tests (f477ece)
Add test for no-cache on public router (b8aa63b)
Add test for registration request (79ed63c)
Add tests for registration flows (4772f71)
Complete test suite for API-based auth (fb9d62f)
Implement API login password tests (8bfd5f2)
Implement API registration password tests (db178b7)
Replace e2e-memory with unit test (52bd839), closes #580
Resolve broken decoder tests (07add1b)
Use correct hook in test (421320c)

Unclassified

Format (e61a51d)
Format (1e5b738)
Format code (c3b5ff5)
u (e207a6a)
As part of this change, fetching a settings flow over the public API no longer requires Anti-CSRF cookies to be sent. (31d560e), closes #635
Create labels.json (68b1f6f)
Add codedoc to identifier hint block (6fe840f)

BREAKING CHANGES

The "common" keyword has been removed from the Swagger 2.0 spec which deprecates the common module / package / class (depending on the generated SDK). Please use public or admin instead!

Additionally, the SDK for TypeScript now uses the fetch API which allows the SDK to be used in both client-side as well as server-side contexts. Please note that several methods and parameters in the generated TypeScript SDK have changed. Please check the TypeScript results to see what needs to be changed!

This patch changes the OpenID Connect and OAuth2 ("Sign in with Google, Facebook, ...") Callback URL from http(s)://<kratos-public>/self-service/browser/flows/strategies/oidc/<provider> to http(s)://<kratos-public>/self-service/methods/oidc/<provider>. To apply this patch, you need to update these URLs at the OAuth2 Client configuration pages of the individual OpenID Conenct providers (e.g. GitHub, Google).
Configuration key selfservice.strategies was renamed to selfservice.methods.
This patch significantly changes how email verification works. The Verification Flow no longer uses its own system but now re-uses the API and Browser flows and flow methods established in other components such as login, recovery, registration.

Due to the many changes these patch notes does not cover how to upgrade this particular flow. We instead want to kindly ask you to check out the updated documentation for this flow at: https://www.ory.sh/kratos/docs/self-service/flows/verify-email-account-activation

This patch changes the SQL schema and thus requires running the SQL Migration command (e.g. ... migrate sql).
Never apply SQL migrations without backing up your database prior.

Configuration items selfservice.flows.<name>.request_lifespan have been renamed to selfservice.flows.<name>.lifespan to match the new flow semantics.
Wording has changed from "Self-Service Recovery Request" to "Self-Service Recovery Flow" to follow community feedback and practice already applied in the documentation. Additionally, fetching a recovery flow over the public API no longer requires Anti-CSRF cookies to be sent.

This patch renames several important recovery flow endpoints:

/self-service/browser/flows/recovery is now /self-service/recovery/browser without functional changes.
/self-service/browser/flows/requests/recovery?request=abcd is now /self-service/recovery/flows?id=abcd and no longer needs anti-CSRF cookies to be available.

Additionally, the URL for completing the password and oidc recovery method has been moved. Given that this endpoint is typically not manually called, you can probably ignore this change:

/self-service/browser/flows/recovery/link?request=abcd is now /self-service/recovery/methods/link?flow=abcd without functional changes.

The Recovery UI Endpoint no longer receives a ?request=abcde query parameter but instead a ?flow=abcde query parameter. Functionality did not change however.

As part of this change SDK methods have been renamed:

  const kratos = new CommonApi(config.kratos.public)
  // ...
- kratos.completeSelfServiceBrowserRecoveryLinkStrategyFlow(req.query.request)
+ kratos.completeSelfServiceRecoveryFlowWithLinkMethod(req.query.flow)

This patch requires you to run SQL migrations.

Wording has changed from "Self-Service Settings Request" to "Self-Service Settings Flow" to follow community feedback and practice already applied in the documentation.

This patch renames several important settings flow endpoints:

/self-service/browser/flows/settings is now /self-service/settings/browser without functional changes.
/self-service/browser/flows/requests/settings?request=abcd is now /self-service/settings/flows?id=abcd and no longer needs anti-CSRF cookies to be available.

Additionally, the URL for completing the password, profile, and oidc settings method has been moved. Given that this endpoint is typically not manually called, you can probably ignore this change:

/self-service/browser/flows/login/strategies/password?request=abcd is now /self-service/login/methods/password?flow=abcd without functional changes.
/self-service/browser/flows/strategies/oidc?request=abcd is now /self-service/methods/oidc?flow=abcd without functional changes.
/self-service/browser/flows/settings/strategies/profile?request=abcd is now /self-service/settings/methods/profile?flow=abcd without functional changes.

The Settings UI Endpoint no longer receives a ?request=abcde query parameter but instead a ?flow=abcde query parameter. Functionality did not change however.

As part of this change SDK methods have been renamed:

  const kratos = new CommonApi(config.kratos.public)
  // ...
- kratos.getSelfServiceBrowserSettingsRequest(req.query.request)
+ kratos.getSelfServiceSettingsFlow(req.query.flow)

  // You will most likely not be using this:
  const kratos = new PublicApi(config.kratos.public)
- kratos.completeSelfServiceBrowserSettingsPasswordStrategyFlow //...
- kratos.completeSelfServiceSettingsFlowWithPasswordMethod //..
- kratos.completeSelfServiceBrowserSettingsProfileStrategyFlow //...
- kratos.completeSelfServiceSettingsFlowWithProfileMethod //..

This patch requires you to run SQL migrations.

This patch makes the reverse proxy functionality required in prior versions of the self-service UI example obsolete. All examples work now with a simple set up and documentation has been added to assist in subdomain scenarios.
The session field sid has been renamed to id to stay consistent with other APIs which also use id terminology to clarify identifiers. The payload of, for example, /session/whoami has changed as follows:

  {
-   "sid": "abcde",
+   "id": "abcde",
    "expires_at": "..."
    "identity": {
      // ..
    }
  }

Wording has changed from "Self-Service Registration Request" to "Self-Service Registration Flow" to follow community feedback and practice already applied in the documentation. Additionally, fetching a login flow over the public API no longer requires Anti-CSRF cookies to be sent.

This patch renames several important registration flow endpoints:

/self-service/browser/flows/registration is now /self-service/registration/browser without behavioral change.
/self-service/browser/flows/requests/registration?request=abcd is now /self-service/registration/flows?id=abcd and no longer needs anti-CSRF cookies to be available.

Additionally, the URL for completing the password registration method has been moved. Given that this endpoint is typically not manually called, you can probably ignore this change:

/self-service/browser/flows/registration/strategies/password?request=abcd is now /self-service/registration/methods/password?flow=abcd without functional changes.
/self-service/browser/flows/strategies/oidc?request=abcd is now /self-service/methods/oidc?flow=abcd without functional changes.

The Registration UI Endpoint no longer receives a ?request=abcde query parameter but instead a ?flow=abcde query parameter. Functionality did not change however.

As part of this change SDK methods have been renamed:

  const kratos = new CommonApi(config.kratos.public)
  // ...
- kratos.getSelfServiceBrowserRegistrationRequest(req.query.request)
+ kratos.getSelfServiceRegistrationFlow(req.query.flow)

This patch requires you to run SQL migrations.

Existing login sessions will no longer be valid because the session cookie data model changed. If you apply this patch, your users will need to sign in again.
Wording has changed from "Self-Service Login Request" to "Self-Service Login Flow" to follow community feedback and practice already applied in the documentation. Additionally, fetching a login flow over the public API no longer requires Anti-CSRF cookies to be sent.

This patch renames several important login flow endpoints:

/self-service/browser/flows/login is now /self-service/login/browser without functional changes.
/self-service/browser/flows/requests/login?request=abcd is now /self-service/login/flows?id=abcd and no longer needs anti-CSRF cookies to be available.

Additionally, the URL for completing the password and oidc login method has been moved. Given that this endpoint is typically not manually called, you can probably ignore this change:

/self-service/browser/flows/login/strategies/password?request=abcd is now /self-service/login/methods/password?flow=abcd without functional changes.
/self-service/browser/flows/strategies/oidc?request=abcd is now /self-service/methods/oidc?flow=abcd without functional changes.

The Login UI Endpoint no longer receives a ?request=abcde query parameter but instead a ?flow=abcde query parameter. Functionality did not change however.

As part of this change SDK methods have been renamed:

  const kratos = new CommonApi(config.kratos.public)
  // ...
- kratos.getSelfServiceBrowserLoginRequest(req.query.request)
+ kratos.getSelfServiceLoginFlow(req.query.flow)

This patch requires you to run SQL migrations.

Configuraiton value session.cookie_same_site has moved to session.cookie.same_site. There was no functional change.

Changelog

31d560e As part of this change, fetching a settings flow over the public API no longer requires Anti-CSRF cookies to be sent.
68b1f6f Create labels.json
4993ec0 Merge remote-tracking branch 'origin/master' into now-really-implement-client-cli
a4021ed Merge remote-tracking branch 'remotes/origin/master' into fix-385
1997e35 Merge remote-tracking branch 'remotes/origin/master' into fix-385
0ada8af autogen(docs): generate and format documentation
77864f5 autogen(docs): generate and format documentation
4372e9c autogen(docs): generate and format documentation
d4b019c autogen(docs): generate cli docs
341a14d autogen(docs): generate cli docs
5c6a634 autogen(docs): generate cli docs
9e0a28c autogen(docs): regenerate and update changelog
4991aa8 autogen(docs): regenerate and update changelog
06faac5 autogen(docs): regenerate and update changelog
d53e9af autogen(docs): regenerate and update changelog
b91c824 autogen(docs): regenerate and update changelog
7a2946e autogen(docs): regenerate and update changelog
c85f106 autogen(docs): regenerate and update changelog
0d2e7da autogen(docs): regenerate and update changelog
493e7c2 autogen(docs): regenerate and update changelog
fe88b42 autogen(docs): regenerate and update changelog
5eb14ed autogen(docs): regenerate and update changelog
3fd1439 autogen(docs): regenerate and update changelog
49ad216 autogen(docs): regenerate and update changelog
4446811 autogen(docs): regenerate and update changelog
fc63773 autogen(docs): regenerate and update changelog
052a57c autogen(docs): regenerate and update changelog
61341e1 autogen(docs): regenerate and update changelog
166e8fb autogen(docs): regenerate and update changelog
c14a60c autogen(docs): regenerate and update changelog
775fb55 autogen(docs): regenerate and update changelog
7be1182 autogen(docs): regenerate and update changelog
cae798c autogen(docs): regenerate and update changelog
4610f8d autogen(docs): regenerate and update changelog
c13b183 autogen(docs): regenerate and update changelog
ce8ac61 autogen(docs): regenerate and update changelog
7c7d59e autogen(docs): regenerate and update changelog
9695381 autogen(docs): regenerate and update changelog
bbc5454 autogen(docs): regenerate and update changelog
bcfb279 autogen(docs): regenerate and update changelog
55a3944 autogen(docs): regenerate and update changelog
33f3764 autogen(docs): regenerate and update changelog
d981b4e autogen(docs): regenerate and update changelog
765a070 autogen(docs): regenerate and update changelog
b94eb98 autogen(docs): regenerate and update changelog
91e5a5b autogen(docs): regenerate and update changelog
dc0910c autogen(docs): regenerate and update changelog
eb7d047 autogen(docs): regenerate and update changelog
3e1cc3a autogen(docs): regenerate and update changelog
d959349 autogen(docs): regenerate and update changelog
d743ae8 autogen(docs): regenerate and update changelog
d5f1a8b autogen(docs): regenerate and update changelog
c88bafd autogen(docs): regenerate and update changelog
3fb1eea autogen(docs): regenerate and update changelog
fb924c6 autogen(docs): regenerate and update changelog
1d1f781 autogen(docs): regenerate and update changelog
a0dc863 autogen(docs): regenerate and update changelog
1a74061 autogen(docs): regenerate and update changelog
e81593f autogen(docs): regenerate and update changelog
6298405 autogen(docs): regenerate and update changelog
640d436 autogen(docs): regenerate and update changelog
848a1d9 autogen(docs): regenerate and update changelog
1b2e76a autogen(docs): update milestone document
b41f3a0 autogen(docs): update milestone document
7097e4b autogen(docs): update milestone document
09546de autogen(docs): update milestone document
882c16c autogen(docs): update milestone document
ee8ecb9 autogen(docs): update milestone document
82164e9 autogen(docs): update milestone document
0ca0f7e autogen(docs): update milestone document
32fb9df autogen(docs): update milestone document
1940a67 autogen(docs): update milestone document
5aea3a5 autogen(docs): update milestone document
a65d7f8 autogen(docs): update milestone document
f1c38c3 autogen(docs): update milestone document
2331049 autogen(docs): update milestone document
78f2989 autogen(docs): update milestone document
92cc24a autogen(docs): update milestone document
508fafc autogen(docs): update milestone document
ada04ff autogen(docs): update milestone document
f2d4c5f autogen(docs): update milestone document
4f56651 autogen(docs): update milestone document
9fb3d10 autogen(docs): update milestone document
0166a8c autogen(docs): update milestone document
6eff8df autogen(docs): update milestone document
2643326 autogen(docs): update milestone document
add1a6d autogen(docs): update milestone document
a58b25e autogen(docs): update milestone document
6addd06 autogen(docs): update milestone document
95c1720 autogen(docs): update milestone document
5f56ab5 autogen(docs): update milestone document
ee36ceb autogen(docs): update milestone document
6408dbb autogen(openapi): Regenerate swagger spec and internal client
c95e746 autogen(openapi): Regenerate swagger spec and internal client
a93d6a4 autogen(openapi): Regenerate swagger spec and internal client
739e223 autogen(openapi): Regenerate swagger spec and internal client
a7e30f1 autogen(openapi): Regenerate swagger spec and internal client
a00996f autogen(openapi): Regenerate swagger spec and internal client
4bb84ef autogen: add v0.5.0-alpha.1.pre.1 to version.schema.json
557d37d autogen: pin v0.5.0-alpha.1 release commit
1ecdf17 autogen: pin v0.5.0-alpha.1.pre.0 release commit
3acda05 autogen: pin v0.5.0-alpha.1.pre.1 release commit
b037a1e chore(deps): bump cci orbs (#757)
79c7222 chore: add cors to deps
b17bf58 chore: bump deps
441348a chore: bump go mod swagger
322e983 chore: bump makefile dependencies
f9fab6e chore: bump nosurf to include new bugfixes
83adecc chore: bump ory/x
177fe89 chore: enforce consistent file names and move GlobHelp constant to jsonnet
a3f503c chore: fix typos and descriptions in login flow
7a1ac3d chore: format
bf98b54 chore: format and update swagger titles
9229c30 chore: format docs
83c55e9 chore: move lowest level of commands one level up
aff71a2 chore: reenable and fix schema tests (#737)
f22c58a chore: refactor cmd to make commands importable
ef55e50 chore: regenerate SDK to match new session.id semantics
f9e3e1d chore: regenerate sdk and format
8c1d1f7 chore: regenerate swagger
8b503ee chore: remove debug panic
8a8910b chore: remove test files and complete renaming to put
b9de9e7 chore: remove unused var
d801768 chore: rename variables to match new terminology
5242c55 chore: update SDK
03ca943 chore: update docusaurus template
ad1c902 chore: update docusaurus template
9cba138 chore: update docusaurus template
3309c2c chore: update docusaurus template (#637)
f1a4fd8 chore: update docusaurus template (#643)
b815482 chore: update docusaurus template (#649)
af4565b chore: update docusaurus template (#697)
e04139e chore: update docusaurus template (#733)
60ab74a chore: update packages
9de1a0d chore: update repository templates
1a2aaa7 chore: update repository templates
aa46d66 chore: update repository templates (#679)
635d5b6 chore: update repository templates (#682)
ce9cb9f chore: update repository templates (#721)
9d649aa chore: update repository templates (#731)
cab9ec5 chore: update repository templates (#751)
9b25a5c chore: update repository templates (#764)
a491824 chore: update swagger files
d42b1c2 ci: add closed reference notifier action
03e37a4 ci: add docs/cli job and validate docs formatting (#746)
20a2d30 ci: add docs/cli job and validate docs formatting (#746)
dd5d95d ci: add labels action
9990c27 ci: add milestone action
4e978f4 ci: add recovery label
04e9756 ci: add stale bot
2971baf ci: bump closed reference notifier and add manual trigger
7627ef4 ci: bump cockroach image
9996e76 ci: bump cockroach image
c50a752 ci: bump deps
06fa714 ci: bump golang
f98cfe8 ci: bump milestone-action
2cf63e3 ci: bump milestone-action
d635a7e ci: fix requires references
c05a68b ci: fix typo in reference
de89a23 ci: ignore etcd CVEs
7785e6c ci: improve e2e cache keys (#636)
cc9453e ci: re-add milestone
6114d45 ci: remove make dep dependency
601ac30 ci: remove nancy false positives from .nancy-ignore (#725)
c40cd67 ci: render version schema on release (#644)
d3b14dc ci: run docs action as cronjob
8c08bdd ci: update commit author
c8d5ce0 ci: update milestone action
b60efce ci: use v0 for milestone
6fe840f doc: add codedoc to identifier hint block
b97e0c6 docs: add administrative user management guide
eba8eda docs: add code samples to session checking
b8cfb35 docs: add configuring introduction (#630)
607b76d docs: add descriptions to cobra commands
e3dbc8a docs: add documentation for configuring cookies
3eb1e59 docs: add domain, subdomain, multi-domain cookie guides
0c4222c docs: add github video tutorial (#622)
a8ae759 docs: add guide for cors
91fd278 docs: add guide for cors
4e2718c docs: add guide for dealing with login sessions
fb4aedb docs: add identity state
b212d64 docs: add login session to navbar
aae13ec docs: add milestones to sidebar
a43ed33 docs: add missing GitLab provider to the list of supported OIDC providers (#766)
bd7edfb docs: add missing TOC entries (#748)
7fe0901 docs: add pagination docs
3d6e21a docs: add secret key rotation guide
590d767 docs: add sequence diagrams for browser/api flows
1bbed39 docs: add session hook to ssi guide (#623)
29b81a7 docs: add terminology section
7c3eb32 docs: add theme helpers and decouple mermaid
f286980 docs: add video to OIDC guide (#619)
5d24a29 docs: added sidebar cli label clidoc.Generate expects to find an entry under sidebar.json/Reference that contains the substring "CLI" in it's label. Because that was missing, a new entry was appended on every regeneration of the file.
8574761 docs: added sidebar item (#639)
cec7f1f docs: added transcript (#627)
339e622 docs: adds twitch oidc provider guide (#760)
7d0e470 docs: bring oidc docs up to date
c52764d docs: changed transcript location (#642)
ca31b53 docs: clarify 302 redirect on expired login flows
a38b4a1 docs: clarify api flow use
2266ae7 docs: clarify feature-set
e7732f3 docs: clarify kratos config snippet
8627ec5 docs: clean up docs and correct samples
b3af02b docs: complete registration documentation
b391a03 docs: consistent formatting of badges (#745)
30e25e7 docs: correct settings and verification redir
bfe032e docs: docker image documentation (#573)
71ed0bd docs: document APi flows in self-service overview
9ad73b8 docs: document how to check for login sessions
fe3ee0a docs: explain high-level API and browser flows
f0971d4 docs: fix logout url (#593)
d90123a docs: fix sidebar missing comment
c2f94da docs: fix typo
907add5 docs: fix typo on index page (#656)
e68c7cb docs: fix url of admin-api /recovery/link (#650)
c2aebbd docs: fixed link
c4bb8a1 docs: fixed link (#628)
ad1276f docs: fixed link (#629)
7fd3ce0 docs: fixed typos/readability (#620)
c4fc75f docs: fixed typos/readability (#621)
6f75004 docs: import mermaid (#696)
312c91d docs: improve charts and examples in self-service overview
3dde956 docs: improve documentation and add tests
e5fc02f docs: improve long messages and render cli documentation
e89d980 docs: make assumptions neutral in concepts overview
2e6f643 docs: move development section
c02b588 docs: move hooks
504af3b docs: move to json sidebar
5a44356 docs: password login and registration methods for API clients
d9d1bfd docs: prettify all files (#743)
ee9dd0d docs: quickstart next steps (#676)
c660a04 docs: refactor login and registration documentation
11ca9f7 docs: refactor settings and recovery documentation
70f2789 docs: refactor verification docs
e53289c docs: regenerate clidocs with up-to-date binary
ec6e664 docs: remove make tools task
cd4f21d docs: remove contraction (#747)
b84e659 docs: remove duplicate word
a12100e docs: remove duplicate word (#700)
daa5f2e docs: remove react native guide for now
639c424 docs: rename self service and add admin section
8337b80 docs: replace ampersand (#749)
0470fd7 docs: resolve regression issues
562cfc4 docs: resolve typo in message IDs
f7688f0 docs: resolve typo in message IDs (#607)
7a744ad docs: update MFA link to issue (#690)
085efca docs: update cli docs
d03a706 docs: update link to mfa issue
a06fd88 docs: update links
f422485 docs: update repository templates
bdb6875 docs: update repository templates (#678)
ea15c20 docs: update sidebar
65cb46e docs: update ts examples
6c96429 docs: use NYT Capitalization for all Swagger headlines (#675)
b49288a docs: use correct id for multi-domain-cookies
9fcaac4 docs: use correct path in 0.4 docs
1a6e847 feat: add HTTP request flow validator
faeb332 feat: add ability to configure session cookie domain/path
10a43fc feat: add and improve settings testhelpers
ec6ca20 feat: add bearer helper
d218662 feat: add config version schema (#608)
487296d feat: add discord oidc provider (#767)
96028d8 feat: add enum to form field type
ce9133b feat: add flow type to login
0f5c436 feat: add new prometheus metrics endpoint #672 (#673)
54dcc4d feat: add nocache helpers
e3aa81b feat: add pagination tests
d36c26f feat: add session token security definition
5d452bb feat: add stub errors to errorx
3646383 feat: add test helper for fetching settings requests
29979e6 feat: add tests and helpers to test recovery/verifiable addresses (#579)
c9d3a15 feat: add tests to cover auth
795548c feat: add texts for settings
e24fffe feat: add the already declared (and settable) tracer as a middleware (#614)
08c8c78 feat: add token to session
5515776 feat: add type to all flows in SQL
d11ac32 feat: allow import/validation of arrays
6dcb42a feat: bump cli and migration render tasks
8e52c3a feat: finalize tests for registration flow refactor
36d60c7 feat: finish off client cli
d65bf66 feat: implement API flow for recovery link method
60664aa feat: implement API-based tests for password method settings flows
f5f9c43 feat: implement administrative account recovery
2e642ff feat: implement max-age for session cookie
8b8b6e5 feat: implement tests and anti-csrf for API settings flows
e08ece9 feat: implement tests for new migrations
a896d9b feat: improve test readability for password method
1e7d044 feat: log successful hook execution
f6026cf feat: log successful hook execution
88f581f feat: make login error handle JSON aware
0cf6027 feat: make password settings method API-able
863a0d4 feat: make public cors configurable
bf94a40 feat: oidc provider claims config option (#753)
1a45b53 feat: reply with cache-control: 0 for browser-facing APIs
1776d58 feat: schemas are now static assets
8580d96 feat: support GitLab OIDC Provider (#519)
dd32c23 feat: support JSON payloads in password login flow
91f3cc7 feat: support and document api flow in session issuer hook
3476b97 feat: support application/json in registration
56bec76 feat: support custom session token header
354e8b2 feat: support json payloads for login and password
c12600a feat: support session token bearer auth and lifecycle
fb28173 feat: update migration tests
2dba450 feat: use uri-reference for ui_url etc. to allow relative urls (#617)
d7189a9 feat: write request -> flow rename migrations
aeaddbc fix: Add ory-prettier-styles to main repo (#744)
f180dba fix: add missing 'recovery' path in oathkeeper access-rules.yml (#763)
43c1446 fix: add missing error handling
f66bbe1 fix: add remote help description
2eb072b fix: add serve help description
bd2225c fix: allow using json with form layout in password registration
a8a781c fix: annotate whoami endpoint with cookie and token
4dfd322 fix: bump datadog version to fix build failure
763fdc5 fix: change KRATOS_ADMIN_ENDPOINT to KRATOS_ADMIN_URL
8eb2e6f fix: clarify fetch use
f0ecf51 fix: complete verification by redirecting to UI with success
e3d3617 fix: correct PHONY spelling (#739)
6d77e04 fix: correct cookie domain on logout (#646)
a5f46d2 fix: correct help message for import
668c184 fix: correct password and profile swagger annotations
08dd582 fix: correct password registration method api spec
37d2e08 fix: cover more test cases for persister
34dc43b fix: create decoder only once
be9a84d fix: deprecate packr2 dependency in makefile
bf6093d fix: do not propagate parent validation error
a4d9969 fix: don't resend verification emails once verified (#583)
171ac18 fix: enforce endpoint to be set
0946094 fix: escape jsx characters in api documentation
66943d7 fix: exit with code 1 on unimplemented CLI commands
f50e582 fix: explicitly ignore fprint return values
a83dc50 fix: explicitly ignore fprintf results
7edd367 fix: fallback to default return url if logout after url is not defined (#594)
ac18a45 fix: favor packr2 over pkger
41fb673 fix: find and replace "request" references
e017bb5 fix: force exe buildmode for windows CGO
6b07cbb fix: html form parse regression issue
7044b95 fix: ignore x/net false positives
dabac40 fix: improve debugging output for login hook and restructure files
ec11775 fix: improve debugging output for registration hook and restructure files
124a92e fix: improve expired error responses
55ba485 fix: improve hook tests
8e1d69a fix: improve makefile dependency building
c60bf44 fix: improve pagination when listing identities
ddd5d5a fix: improve post login hook log and audit messages
2495629 fix: improve post registration hook log and audit messages
8163152 fix: improve registration hook tests
65189fe fix: improve session max-age behavior
6c9e756 fix: keep HTML form type on registration error (#698)
244b4dd fix: lowercase emails on login
834c607 fix: mark flow methods' fields as required (#708)
48c4906 fix: merge public and admin login flow fetch handlers
3b2af53 fix: missing write in registration error handler
2ef57c4 fix: properly annotate swagger password parameters
7be4086 fix: properly fetch identity for session
b4d5a42 fix: recursive loop on network errors in password validator (#589)
4c3d46d fix: remove incorrect security specs
f102f95 fix: remove obsolete tests
6689ecf fix: remove redirector from code base
a8e1ec4 fix: remove stray debug statements
8003e0f fix: rename import to put
be8b9e5 fix: rename quickstart config files and path (#671)
e943c90 fix: rename quickstart schema file name
d764435 fix: rename recovery models and generate SDKs
4952df4 fix: resolve SQL persistence tester issues
045ecab fix: resolve and test for missing data when updating flows
9986d8f fix: resolve broken OIDC tests and disallow API flows
6befe2e fix: resolve broken csrf tests
56f4a39 fix: resolve broken docs links
1ed9c70 fix: resolve broken migrations and bump fizz
6e2b6d2 fix: resolve cookie issues
82d506e fix: resolve e2e headless test failures
2627db2 fix: resolve e2e test failures
f8647b4 fix: resolve failing test cases
c42d936 fix: resolve flaky passwort setting tests (#582)
4f6bafd fix: resolve handler testing issue
feef8a7 fix: resolve identity admin api issues (#586)
064b305 fix: resolve interface type issues
74c0aac fix: resolve logout csrf issues (#761)
e2f34d3 fix: resolve migratest failures
dffecc0 fix: resolve migratest ordering failing tests
b545e15 fix: resolve migration issues
ae34155 fix: resolve panic on serve
05e55f3 fix: resolve panic when DSN="memory" (#574)
294066c fix: resolve pkger issues
af40d93 fix: resolve remaining testing issues
be4c7e4 fix: resolve swagger issues and regenerate SDK
145fb20 fix: resolve template loading issue
625ef5e fix: resolve test issues introduced by new csrf protection
784da53 fix: resolve verification sql errors
86b281a fix: resolves a bug that prevents sessions from expiring (#612)
98c7915 fix: revert disabling swagger flatten during sdk generation
414259f fix: set correct path for kratos in oathkeeper set up
d3e9192 fix: set quickstart logging to trace
cab5280 fix: support browser flows only in redirector
1b5f9ab fix: swagger models The swagger:parameters <id> definitions for updateIdentity and createIdentity where defined two times with the same ID. They had some old definition swagger used. The internal/httpclient should now work again as expected.
b724038 fix: tell tls what the smtps server name is (#634)
e264c69 fix: type
216ea7f fix: update cli documentation examples
79d24b4 fix: update contrib samples
249a6ba fix: update crdb quickstart version
aef1e1a fix: update import description
e3246e5 fix: update quickstart kratos config
42abfa1 fix: update recovery token field and column names
b147831 fix: update status help description
85b7fb1 fix: update swagger names and fix broken tests
8bf4a79 fix: update version help description
a4e3bc5 fix: use and test for csrf tokens and prevent api misuse
4f4fcee fix: use correct HTTP method for password login
53c384a fix: use correct log message
8d47113 fix: use correct redirection for registration
c9bebe0 fix: use correct security annotation
df99d8c fix: use correct swagger tags and regenerate
aba8610 fix: use helpers to create flow
cd84e51 fix: use nosurf fork to address VerifyToken bug
5dfb6e3 fix: use params per_page and page for pagination
52e22c3 fix: use proper pwd in makefile
dcb4a36 fix: use public instead of common sdk
3e9f8cc fix: use relative threshold to judge longest common substring in password policy (#585)
3b3b78c fix: whoami returns 401 not 403
00ee828 refactor: add flow methods to verification
006bf56 refactor: add method and rename request to flow
36d9380 refactor: change oidc callback URL
ad2b3db refactor: complete login flow refactoring
f261c44 refactor: dry up login.NewFlow
7e367e7 refactor: improve CSRF infrastructure
1caefac refactor: improve NewFlowExpiredError
b4184e5 refactor: improve login test reuse
9bf4530 refactor: improve registration tests with testhelpers
df4d06d refactor: improve selfservice method tests
fda17ca refactor: improve settings helper functions
753eb86 refactor: move samesite config to cookie parent-key
6ccffa8 refactor: moved clihelpers to ory/x (#756)
c5f361f refactor: profile settings method is now API-able
6619562 refactor: remove common keyword from API spec
beb4c32 refactor: remove need for reverse proxy in selfservice-ui
66ae029 refactor: rename LoginRequestErrorHandler to LoginFlowErrorHandler
809fe73 refactor: rename session.sid to session.id
9369d1b refactor: rename login request to login flow
f87fb54 refactor: rename package recoverytoken to link
16c5618 refactor: rename recovery request to flow internally
b0f433d refactor: rename recovery request to recovery flow
8437ebc refactor: rename registration request to flow
0470956 refactor: rename registration request to registration flow
3c8d5e0 refactor: rename request_lifespan to lifespan (#677)
8985189 refactor: rename strategies to methods
0ecd69a refactor: rename verify to verificaiton (#597)
1b3c491 refactor: replace all occurrences of login request to flow
308ef47 refactor: replace all registration request occurrences with registration flow
4e2acae refactor: replace packr2 with pkger fork
c99e2a2 refactor: restructure login package
60fd9c2 refactor: use session token as cookie identifier
be15159 style: declare empty vars
a7708f0 style: format
c6a07e9 style: format
fa7cc1f style: format
d4c7d1a style: format
7a31a31 style: format
a4905a2 style: format
bbcdecf style: format docs
1e5b738 styles: format
e61a51d styles: format
c3b5ff5 styles: format code
aea1fb8 test: add handler update tests
f477ece test: add init browser flow tests
b8aa63b test: add test for no-cache on public router
79ed63c test: add test for registration request
4772f71 test: add tests for registration flows
fb9d62f test: complete test suite for API-based auth
8bfd5f2 test: implement API login password tests
db178b7 test: implement API registration password tests
52bd839 test: replace e2e-memory with unit test
07add1b test: resolve broken decoder tests
421320c test: use correct hook in test
e207a6a u

Docker images

docker pull oryd/kratos:v0
docker pull oryd/kratos:v0.5
docker pull oryd/kratos:v0.5.0
docker pull oryd/kratos:v0.5.0-alpha.1
docker pull oryd/kratos:latest
docker pull oryd/kratos:v0-sqlite
docker pull oryd/kratos:v0.5-sqlite
docker pull oryd/kratos:v0.5.0-sqlite
docker pull oryd/kratos:v0.5.0-alpha.1-sqlite
docker pull oryd/kratos:latest-sqlite

ory/kratos v0.5.0-alpha.1 on GitHub

0.5.0-alpha.1 (2020-10-15)

Bug Fixes

Code Refactoring

Documentation

Features

Tests

Unclassified

BREAKING CHANGES

Changelog

Docker images

ory/kratos v0.5.0-alpha.1
on GitHub