github ory/kratos v0.6.0-alpha.1

latest releases: v1.3.1, v1.3.0, v1.3.0-pre.0...
pre-release3 years ago

Today Ory Kratos v0.6 has been released! We are extremely happy with this release where we made many changes that pave the path for exciting future additions such as integrating 2FA more easily! We would like to thank the awesome community for the many contributions.

Kratos v0.6 includes an insane amount of work spread over the last five months - 480 commits and over 4200 files changed. The team at Ory would like to thank all the amazing contributors that made this release possible!

Here is a summary of the most important changes:

  • Ory Kratos now support highly customizable web hooks - contributed by @dadrus and @martinei;
  • Ory Kratos Courier can now be run as a standalone task using kratos courier watch -c your/config.yaml. To use the mail courier as a background task of the server run kratos serve --watch-courier - contributed by @mattbonnell;
  • Reworked migrations to ensure stable migrations in production systems - backward compatibility is ensured and tested;
  • Upgraded to Go 1.16 and removed all static file packers, greatly improving build time;
  • Refactored our SDK pipeline from Swagger 2.0 to OpenAPI Spec 3.0. Ory's SDKs are now properly typed and bugs can easily be addressed using a patch process. Due to this, we had to move away from go-swagger client generation for the Go SDK and replace it with openapi-generator. This, unfortunately, introduced breaking changes in the Go SDK APIs. If you have problems migrating, or have a tutorial on how to migrate, please share it with the community on GitHub!
  • Created reliable health and status checks by ensuring that e.g. migrations have completed;
  • Made resilient CLI client commands e.g. kratos identities list;
  • Better support for cookies in multi-domain setups called domain aliasing;
  • A new, dynamically generated FAQ;
  • Enhanced GitHub and Google claims parsing;
  • Faster and more resilient CI/CD pipeline;
  • Improvements for running Ory Kratos in secure Kubernetes environments;
  • Better Helm Charts for Ory Kratos;
  • Support for BCrypt hashing, which is now the default hashing implementation. Existing Argon2id hashes will be automatically translated to BCrypt hashes when the user signs in the next time. We recommend using Argon2id in use cases where password hashing is required to take at least 2 seconds. For regular web workloads (200ms) BCrypt is recommended - contributed by @seremenko-wish;
  • The Argon2 memory configuration is now human readable: hashers.argon2.memory: 131072 -> hashers.argon2.memory: 131072B (supports kb, mb, kib, mib, ...).
  • Add possibility to keep track of the return_to URLs for verification_flows after sign up using the new after_verification_return_to query parameter (e.g. http://foo.com/registration?after_verification_return_to=verification_callback) - contributed by @mattbonnell;
  • Emails are now populated at delivery time, offering more flexibility in terms of templating;
  • Emails contain a plaintext variant for email clients that do not display HTML emails - contributed by @mattbonnell;
  • Mitigation for password hash timing attacks by adding a random delay to login attempts where the user does not exist;
  • Resolving SDKs issues for whoami requests;
  • Simplified database schema for faster processing, significantly reducing the amount of data stored and latency as several JOINS have been removed;
  • Support for binding the HTTP server on UNIX sockets - contributed by @sloonz;

There are even more contributions by @NickUfer and harnash. In total, 33 people contributed to this release! Thank you all!

IMPORTANT: Please be aware that the database schema has changed significantly. Applying migrations might, depending on the size of your tables, take a long time. If your database does not support online schema migrations, you will experience downtimes. Please test the migration process before applying it to production!

The probably biggest and most significant change is the refactoring of how self-service flows work and what their payloads look like. This took the most amount of time and introduces the biggest breaking changes in our APIs. We did this refactoring to support several flows planned for Ory Kratos 0.7:

  1. Displaying QR codes (images) in login, registration, settings flows - necessary for TOTP 2FA;
  2. Asking the login/registration/... UI to render JavaScript - necessary for CAPTCHA, WebAuthN, and more;
  3. Refactoring the form submission API to use one endpoint per flow instead of one endpoint per flow per method. This allows us to process several registration/settings/login/... methods such as password + 2FA in one Go.

Check out how we migrated the NodeJS app from the Ory Kratos 0.5 to Ory Kratos 0.6 SDK.

Let's take a look into how these payloads have changed (the flows have identical configuration):

Ory Kratos v0.5

Login

{
  "id": "ee6e1565-d3c3-4f3a-a6ff-0ba6b3a6481b",
  "type": "browser",
  "expires_at": "2020-09-13T10:49:54.8295242Z",
  "issued_at": "2020-09-13T10:39:54.8295242Z",
  "request_url": "http://127.0.0.1:4433/self-service/login/browser",
  "methods": {
    "password": {
      "method": "password",
      "config": {
        "action": "http://127.0.0.1:4433/self-service/login/methods/password?flow=ee6e1565-d3c3-4f3a-a6ff-0ba6b3a6481b",
        "method": "POST",
        "fields": [
          {
            "name": "identifier",
            "type": "text",
            "required": true,
            "value": ""
          },
          {
            "name": "password",
            "type": "password",
            "required": true
          },
          {
            "name": "csrf_token",
            "type": "hidden",
            "required": true,
            "value": "lNrB8sW2fZY6xnnA91V7ISYrUVcJbmRCOoGHjsnsfI7MsIL5RTbuWFm5TRv1azQW+7IRCfnt2Ch6pC42/45sJQ=="
          }
        ]
      }
    }
  },
  "forced": false
}

Registration

{
  "id": "2b1f8c5d-e830-4068-97b8-35f776df9217",
  "type": "browser",
  "expires_at": "2020-09-13T10:53:15.1774019Z",
  "issued_at": "2020-09-13T10:43:15.1774019Z",
  "request_url": "http://127.0.0.1:4433/self-service/registration/browser",
  "active": "password",
  "messages": null,
  "methods": {
    "password": {
      "method": "password",
      "config": {
        "action": "http://127.0.0.1:4433/self-service/registration/methods/password?flow=2b1f8c5d-e830-4068-97b8-35f776df9217",
        "method": "POST",
        "fields": [
          {
            "name": "csrf_token",
            "type": "hidden",
            "required": true,
            "value": "1IlHWNjkAZxuYhO82WPgNTgujKsUSaW87j6og/20i2uM4wRTWGSSUg0dJ2fbXa8C5bfM9eTKGdauGwE7y9abwA=="
          },
          {
            "name": "password",
            "type": "password",
            "required": true,
            "messages": [
              {
                "id": 4000005,
                "text": "The password can not be used because the password has been found in at least 23597311 data breaches and must no longer be used..",
                "type": "error",
                "context": {
                  "reason": "the password has been found in at least 23597311 data breaches and must no longer be used."
                }
              }
            ]
          },
          {
            "name": "traits.email",
            "type": "text",
            "value": "foo@ory.sh"
          },
          {
            "name": "traits.name.first",
            "type": "text",
            "value": "Ory"
          },
          {
            "name": "traits.name.last",
            "type": "text",
            "value": "Corp"
          }
        ]
      }
    }
  }
}

Ory Kratos v0.6

Login

As you can see below, the input name identifier has changed to password_identifier.

{
  "id": "07016811-917d-4788-bb9c-fc297897af6c",
  "type": "browser",
  "expires_at": "2021-04-28T08:37:53.924337873Z",
  "issued_at": "2021-04-28T08:27:53.924337873Z",
  "request_url": "http://127.0.0.1:4433/self-service/login/browser",
  "ui": {
    "action": "http://127.0.0.1:4433/self-service/login?flow=07016811-917d-4788-bb9c-fc297897af6c",
    "method": "POST",
    "nodes": [
      {
        "type": "input",
        "group": "default",
        "attributes": {
          "name": "csrf_token",
          "type": "hidden",
          "value": "IuiHo8fajl6Nwi2CfR33bmC7ZI+geYY44oinK/npkS9gaeV6DlkzS0voYZuyGawsCruvlawFl/pY6/Ph6d9JVg==",
          "required": true,
          "disabled": false
        },
        "messages": null,
        "meta": {}
      },
      {
        "type": "input",
        "group": "password",
        "attributes": {
          "name": "password_identifier",
          "type": "text",
          "value": "",
          "required": true,
          "disabled": false
        },
        "messages": null,
        "meta": {
          "label": {
            "id": 1070004,
            "text": "ID",
            "type": "info"
          }
        }
      },
      {
        "type": "input",
        "group": "password",
        "attributes": {
          "name": "password",
          "type": "password",
          "required": true,
          "disabled": false
        },
        "messages": null,
        "meta": {
          "label": {
            "id": 1070001,
            "text": "Password",
            "type": "info"
          }
        }
      },
      {
        "type": "input",
        "group": "password",
        "attributes": {
          "name": "method",
          "type": "submit",
          "value": "password",
          "disabled": false
        },
        "messages": null,
        "meta": {
          "label": {
            "id": 1010001,
            "text": "Sign in",
            "type": "info",
            "context": {}
          }
        }
      }
    ]
  },
  "forced": false
}

Registration

{
  "id": "f0c0830a-f5b2-4c2d-a37f-2e70152a4f7c",
  "type": "browser",
  "expires_at": "2021-04-28T08:54:12.951178972Z",
  "issued_at": "2021-04-28T08:44:12.951178972Z",
  "request_url": "http://127.0.0.1:4433/self-service/registration/browser",
  "ui": {
    "action": "http://127.0.0.1:4433/self-service/registration?flow=f0c0830a-f5b2-4c2d-a37f-2e70152a4f7c",
    "method": "POST",
    "nodes": [
      {
        "type": "input",
        "group": "default",
        "attributes": {
          "name": "csrf_token",
          "type": "hidden",
          "value": "408SIAOvpKxW/WbcYfKue26MlLTMbON7T7JT1yhiSemhznD5yiwZuZDXKsWu9vU5BIxfrsAQ8rn10QcdOFSRkA==",
          "required": true,
          "disabled": false
        },
        "messages": null,
        "meta": {}
      },
      {
        "type": "input",
        "group": "password",
        "attributes": {
          "name": "traits.email",
          "type": "email",
          "disabled": false
        },
        "messages": null,
        "meta": {
          "label": {
            "id": 1070002,
            "text": "E-Mail",
            "type": "info"
          }
        }
      },
      {
        "type": "input",
        "group": "password",
        "attributes": {
          "name": "password",
          "type": "password",
          "required": true,
          "disabled": false
        },
        "messages": null,
        "meta": {
          "label": {
            "id": 1070001,
            "text": "Password",
            "type": "info"
          }
        }
      },
      {
        "type": "input",
        "group": "password",
        "attributes": {
          "name": "traits.name.first",
          "type": "text",
          "disabled": false
        },
        "messages": null,
        "meta": {
          "label": {
            "id": 1070002,
            "text": "First Name",
            "type": "info"
          }
        }
      },
      {
        "type": "input",
        "group": "password",
        "attributes": {
          "name": "traits.name.last",
          "type": "text",
          "disabled": false
        },
        "messages": null,
        "meta": {
          "label": {
            "id": 1070002,
            "text": "Last Name",
            "type": "info"
          }
        }
      },
      {
        "type": "input",
        "group": "password",
        "attributes": {
          "name": "method",
          "type": "submit",
          "value": "password",
          "disabled": false
        },
        "messages": null,
        "meta": {
          "label": {
            "id": 1040001,
            "text": "Sign up",
            "type": "info",
            "context": {}
          }
        }
      }
    ]
  }
}

These changes are analogous to settings, recovery, verification as well!

We hope you enjoy these new features as much as we do, even if we were not able to deliver 2FA in time for 0.6!

On the last note, Ory Platform, a SaaS is launching in May as early access. It includes Ory Kratos as a managed service and we plan on adding all the other Ory open source technology soon. In our view, Ory is a 10x improvement to the existing "IAM" ecosystem:

  1. The major components of Ory Platform are and will remain Apache 2.0 licensed open source. We are not changing our approach or commitment to open source. The SaaS model allows us to keep commercialization and open source in harmony;
  2. Affordable pricing - Ory does not charge on a per identity basis;
  3. Supporting migrations from the Ory Platform (SaaS) to the open-source and vice versa;
  4. Offering a planet-scale service with ultra-low latencies no matter where your users are;
  5. The largest set of features and APIs of any Identity Product, including Identity and Credentials Management (Ory Kratos), Permissions and Access Control (Ory Keto), Zero-Trust Networking (Ory Oathkeeper), OAuth2, and OpenID Connect (Ory Hydra) plus integrations with Stripe, Mailchimp, Salesforce, and much more.
  6. Data aggregation for threat mitigation, auditing, and other use cases (e.g. integration with Snowflake, AWS RedShift, GCP BigQuery, ...)
  7. All the advantages of the open source projects - headless, fully customizable, strong security, built with a community;
    If you wish to become a part of the preview, please write a short email to sales@ory.sh. Early access adopters are also eligible for Ory Hypercare - helping you integrate with Ory fast and designing your security architecture following industry best practices.

Thank you for being a part of our community!

0.6.0-alpha.1 (2021-05-05)

Bug Fixes

  • Add include stub go files (6d725b1)

  • Add index to migration status (8c6ec27)

  • Add node_modules to format tasks (e5f6b36)

  • Add titles to identity schema (73c15d2)

  • Adopt to new go-swagger changes (5c45bd9)

  • Allow absolute file URLs as config values (#1069) (4bb4f67)

  • Allow hashtag in ui urls (#1040) (7591f07)

  • Avoid unicode-escaping ampersand in recovery URL query string (#1212) (d172368)

  • Bcrypt regression in credentials counting (23fc13b)

  • Broken make quickstart-dev task (#980) (999828a), closes #965

  • Broken make sdk task (#977) (5b01c7a), closes #950

  • Call contextualized test helpers (e1f3f78)

  • Code integer parsing bit size (#1178) (31e9632):

    In some cases we had a wrong bitsize of 64, while the var was later cast to int. Replaced with a bitsize of 0, which is the value to cast to int.

  • Contextualize identity persister (f8640c0)

  • Convert all identifiers to lower case on login (#815) (d64b575), closes #814

  • Courier adress (#1198) (ebe4e64), closes #1194

  • Courier message dequeue race condition (#1024) (5396a82), closes #652 #732:

    Fixes the courier message dequeuing race condition by modifying *sql.Persister.NextMessages(ctx context.Context, limit uint8) to retrieve only messages with status MessageStatusQueued and update the status of the retrieved messages to MessageStatusProcessing within a transaction. On message send failure, the message's status is reset to MessageStatusQueued, so that the message can be dequeued in a subsequent NextMessages call. On message send success, the status is updated to MessageStatusSent (no change there).

  • Define credentials types as sql template and resolve crdb issue (a2d6eeb)

  • Dereference pointer types from new flow structures (#1019) (efedc92)

  • Do not include smtp in tracing (#1268) (bbfcbf9)

  • Do not publish version at public endpoint (3726ed4)

  • Do not reset registration method (554bb0b)

  • Do not return system errors for missing identifiers (1fcc855), closes #1286

  • Export mailhog dockertest runner (1384148)

  • Fix random delay norm distribution math (#1131) (bd9d28f)

  • Fork audit logger from root logger (68a09e7)

  • Gitlab oidc flow (#1159) (0bb3eb6), closes #1157

  • Give specific message instead of only 404 when method is disabled (#1025) (2f62041):

    Enabled strategies are not only used for handlers but also in other areas
    (e.g. populating the flow methods). So we should keep the logic to get
    enabled strategies and add new functions for getting all strategies.

  • Ignore unset domain aliases (ada6997)

  • Improve cli error output (43e9678)

  • Improve error stack trace (4351773)

  • Improve error tracing (#1005) (456fd25)

  • Improve test contextualization (2f92a70)

  • Initialize randomdelay with seeded source (9896289)

  • Insert credentials type constants as part of migrations (#865) (92b79b8), closes #861

  • Linking a connection may result in system error (#990) (be02a70), closes #694

  • Marking whoami auhorization parameter as 'in header' (#1244) (62d8b85), closes #1215

  • Move schema loaders to correct file (029781f)

  • Move to new transaction-safe migrations (#1063) (2588fb4):

    This patch introduces a new SQL transaction model for running SQL migrations. This fix is particularly targeted at CockroachDB which has limited support for mixing DDL and DML statements.

    Previously it could happen that migrations failure needed manual intervention. This has now been resolved. The new migration model is compatible with the old one and should work without a problem.

  • Pass down context to registry (0879446)

  • Re-enable SDK generation (1d5854d)

  • Record cypress runs (db35d8f)

  • Rehydrate settings form on successful submission (3457e1a), closes #1305

  • Remove absolete 'make pack' from Dockerfile (#1172) (b8eb908)

  • Remove continuity cookies on errors (85eea67)

  • Remove include stubs (1764e3a)

  • Remove obsolete clihelpers (230fd13)

  • Remove record from bash script (84a9315)

  • Remove stray non-ctx configs (#1053) (1fe137e)

  • Remove trailing double-dot from error (59581e3)

  • Remove unused sql migration (1445d1d)

  • Remove unused var (30a8cee)

  • Remove verify hook (98cfec6), closes #1302:

    The verify hook is automatically used when verification is enabled and has been removed as a configuration option.

  • Replace jwt module (#1254) (3803c8c), closes #1250

  • Resolve build and release issues (fb582aa)

  • Resolve clidoc issues (599e9f7)

  • Resolve compile issues (63063c1)

  • Resolve contextualized table issues (5a4f0d9)

  • Resolve crdb migration issue (9f6edfd)

  • Resolve double hook invokation for registration (032322c)

  • Resolve incorrect field types on oidc sign up completion (f88b6ab)

  • Resolve lint issues (0348825)

  • Resolve lint issues (75a995b)

  • Resolve linting issues and disable nancy (c8396f6)

  • Resolve mail queue issues (b968bc4)

  • Resolve merge regressions (9862ac7)

  • Resolve oidc e2e regressions (f28087a)

  • Resolve oidc regressions and e2e tests (f5091fa)

  • Resolve potential fsnotify leaks (3159c0a)

  • Resolve regressions and test failures (8bae356)

  • Resolve regressions in cookies and payloads (9e34bf2)

  • Resolve settings sudo regressions (4b611f3)

  • Resolve test regressions (e3fb028)

  • Resolve ui issues with nested form objects (8e744b9)

  • Resolve update regression (d0d661a)

  • Return delay instead of sleeping to improve tests (27b977e)

  • Revert generator changes (c18b97f)

  • Run correct error handler for registration hooks (0d80447)

  • Simplify data breaches password error reason (#1136) (33d29bf):

    This PR simplifies the error reason given when a password has appeared in data breaches to not include the actual number and rather just show "this password has appeared in data breaches and must not be used".

  • Support form and json formats in decoder (d420fe6)

  • Update openapi definitions for signup (eb0b69d)

  • Update quickstart node image (c19b2f4):

    See #1301

  • cmd: Make HTTP calls resilient (e8ed61f)

  • hashing: Make bcrypt default hashing algorithm (04abe77)

  • Update to new goreleaser config (4c2a1b7)

  • Update to new healthx (6ec987a)

  • Use equalfold (1c0e52e)

  • Use new TB interface (d75a378)

  • Use numerical User ID instead of name to avoid k8s security warnings (#1151) (468a12e):

    Our docker image scanner does not allow running processes inside
    container using non-numeric User spec (to determine if we are trying
    to run docker image as root).

  • Use remote dependencies (1e56457)

Code Refactoring

  • Adapt new sdk in testhelpers (6e15f6f)

  • Add nid everywhere (407fd95)

  • Contextualize everything (7ebc3a9):

    This patch contextualizes all configuration and DBAL models.

  • Do not use prefixed node names (fc42ece)

  • Improve Argon2 tooling (#961) (3151187), closes #955:

    This adds a load testing CLI that allows to adjust the hasher parameters under simulated load.

  • Move faker to exportable module (09f8ae5)

  • Move migratest helpers to ory/x (7eca67e)

  • Move password config to selfservice (cd0e0eb)

  • Move to go 1.16 embed (43c4a13):

    This patch replaces packr and pkged with the Go 1.16 embed feature.

  • Remove password node attribute prefix (e27fae4)

  • Remove profile node attribute prefix (a3ff6f7)

  • Rename config structs and interfaces (4a2f419)

  • Rename form to container (5da155a)

  • Replace flow's forms with new ui node module (647eb1e)

  • Replace flow's forms with new ui node module (f74a5c2)

  • Replace login flow methods with ui container (d4ca364)

  • Replace recovery flow methods with ui container (cac0456)

  • Replace registration flow methods with ui container (3f6388d)

  • Replace settings flow methods with ui container (0efd17e)

  • Replace verification flow methods with ui container (dbf2668)

  • Replace viper with koanf config management (5eb1bc0)

  • Update RegisterFakes calls (6268310)

  • Use underscore in webhook auth types (26829d2)

Documentation

Features

  • Add email template specification in doc (#898) (4230d9e)

  • Add error for when no login strategy was found (6bae66c)

  • Add facebook provider to oidc providers and documentation (#1035) (905bb03), closes #1034

  • Add FAQ to docs (#1096) (9c6b68c)

  • Add gh login to claims (49deb2e)

  • Add login strategy text message (7468c83)

  • Add more tests for multi domain args (e99803b)

  • Add Prometheus monitoring to Public APIs (#1022) (75a4f1a)

  • Add random delay to login flow (#1088) (cb9894f), closes #832

  • Add return_url to verification flow (#1149) (bb99912), closes #1123 #1133

  • Add sql migrations for new login flow (e947edf)

  • Add sql tracing (3c4cc1c)

  • Add tracing to config schema (007dde4)

  • Add transporter with host modification (2c41b81)

  • Add workaround template for go openapi (5d72d10)

  • Adds slack sogial login (#974) (7c66053), closes #953

  • Allow session cookie name configuration (77ce316), closes #268

  • Allow specifying sender name in smtp.from_address (#1100) (5904fe3)

  • Bcrypt algorithm support (#1169) (b2612ee):

    This patch adds the ability to use BCrypt instead of Argon2id for password hashing. We recommend using BCrypt for web workloads where password hashing should take around 200ms. For workloads where login takes >= 2 seconds, we recommend to continue using Argon2id.

    To use bcrypt for password hashing, set your config as follows:

    hashers:
    bcrypt:
       cost: 12
     algorithm: bcrypt
    

    Switching the hashing algorithm will not break existing passwords!

    Co-authored-by: Patrik zepatrik@users.noreply.github.com

  • Check migrations in health check (c6ef7ad)

  • Configure domain alias as query param (9d8563e)

  • Contextualize configuration (d3d5327)

  • Contextualize health checks (8145a1c)

  • Contextualize http client in cli calls (3b3ef8f)

  • Contextualize persitence testers (6440373)

  • Courier foreground worker with "kratos courier watch" (#1062) (500b8ba), closes #1033 #1024:

    BREACKING CHANGES: This patch moves the courier watcher (responsible for sending mail) to its own foreground worker, which can be executed as a, for example, Kubernetes job.

    It is still possible to have the previous behaviour which would run the worker as a background task when running kratos serve by using the --watch-courier flag.

    To run the foreground worker, use kratos courier watch -c your/config.yaml.

  • Do not enforce bcrypt 12 for dev envs (bbf44d8)

  • Email input validation (#1287) (cd56b73), closes #1285

  • Export and add config options (4391fe5)

  • Expose courier worker (f50969e)

  • Expose crdb ui (504d518)

  • Global docs sidebar (#1258) (7108262)

  • Implement and test domain aliasing (1516a54):

    This patch adds a feature called domain aliasing. For more information, head over to http://ory.sh/docs/kratos/next/guides/multi-domain-cookies

  • Improve oas spec and fix mobile tests (4ead2c8)

  • Improve sorting of ui fields (797b49d):

    See #1196

  • Include schema (348a493)

  • Make cli commands consumable in Ory Cloud (#926) (fed790b)

  • Migrate to openapi v3 (595224b)

  • Populate email templates at delivery time, add plaintext defaults (#1155) (7749c7a), closes #1065

  • Sort and label nodes with easy to use defaults (cbec27c):

    Ory Kratos takes a guess based on best practices for

    • ordering UI nodes (e.g. email, password, submit button)
    • grouping UI nodes (e.g. keep password and oidc nodes together)
    • labeling UI nodes (e.g. "Sign in with GitHub")
    • using the "title" attribute from the identity schema to label trait fields

    This greatly simplifies front-end code on your end and makes it even easier to integrate with Ory Kratos! If you want a custom experience with e.g. translations or other things you can always adjust this in your UI integration!

  • Support base64 inline schemas (815a248)

  • Support contextual csrf cookies (957ef38)

  • Support domain aliasing in session cookie (0681c12)

  • Support label in oidc config (a99cdcd)

  • Support retryable CRDB transactions (f0c21d7)

  • Unix sockets support (#1255) (ad010de)

  • Web hooks support (recovery) (#1289) (3e181fe), closes #271:

    feat: web hooks for self-service flows

    This feature adds the ability to define web-hooks using a mixture of configuration and JsonNet. This allows integration with services like Mailchimp, Stripe, CRMs, and all other APIs that support REST requests. Additional to these new changes it is now possible to define hooks for verification and recovery as well!

    For more information, head over to the hooks documentation.

  • courier: Allow sending individual messages (cbb2c0b)

  • oidc: Support google hd claim (#1097) (1f20a5c)

  • schema: Add totp errors (a61f881)

Tests

  • Add case to ensure correct behavior when verifying a different email address (#999) (f95a117), closes #998
  • Add oasis test case (f80691b)
  • Bump poll interval (b3dc925)
  • Bump video quality (b7f8d04)
  • Bump wait times (b2e43f8)
  • Clean up hydra env before restart (cf49414)
  • Longer wait times (4bec9ef)
  • Reliable migration tests on crdb (2e3764b)
  • Remove old noop test (16dca3f)
  • Resolve compile issues (c1b5ba4)
  • Resolve flaky tests (cb670a8)
  • Resolve json parser test regression (a1b9b9a)
  • Resolve login integration regressions (388b5b2)
  • Resolve migration regression (2051a71)
  • Resolve more json parser test regressions (ff791c4)
  • Resolve regression (e2b0ad3)
  • Update schema tests for webhooks (d1ddfa8)
  • e2e: Significantly reduce wait and idle times (f525fc5)
  • Resolve more regressions (c5a23af)
  • Resolve order regression (40a849c)
  • Resolve regression (f0c9e5f)
  • Resolve regressions (4b9da3c)
  • Resolve stub regressions (82650cf)
  • Resolve test migrations (de0b65d)
  • Resolve test regression issues (ccf9fed)
  • Speed up tests (a16737c)
  • Update test description (55fb37f)
  • Use bcrypt cost 4 to reduce CI times (cabe97d)
  • Use fast bcrypt for e2e (d90cf13)

Unclassified

BREAKING CHANGES

  • hashing: BCrypt is now the default hashing alogrithm. If you wish to continue using Argon2id please set hashers.algorithm to argon2.
  • This implies a significant breaking change in the verification flow payload. Please consult the new ui documentation. In essence, the login flow's methods key was replaced with a generic ui key which provides information for the UI that needs to be rendered.

To apply this patch you must apply SQL migrations. These migrations will drop the flow method table implying that all verification flows that are ongoing will become invalid. We recommend purging the flow table manually as well after this migration has been applied, if you have users doing at least one self-service flow per minute.

  • This implies a significant breaking change in the recovery flow payload. Please consult the new ui documentation. In essence, the login flow's methods key was replaced with a generic ui key which provides information for the UI that needs to be rendered.

To apply this patch you must apply SQL migrations. These migrations will drop the flow method table implying that all recovery flows that are ongoing will become invalid. We recommend purging the flow table manually as well after this migration has been applied, if you have users doing at least one self-service flow per minute.

  • This implies a significant breaking change in the settings flow payload. Please consult the new ui documentation. In essence, the login flow's methods key was replaced with a generic ui key which provides information for the UI that needs to be rendered.

To apply this patch you must apply SQL migrations. These migrations will drop the flow method table implying that all settings flows that are ongoing will become invalid. We recommend purging the flow table manually as well after this migration has been applied, if you have users doing at least one self-service flow per minute.

  • This implies a significant breaking change in the registration flow payload. Please consult the new ui documentation. In essence, the login flow's methods key was replaced with a generic ui key which provides information for the UI that needs to be rendered.

To apply this patch you must apply SQL migrations. These migrations will drop the flow method table implying that all registration flows that are ongoing will become invalid. We recommend purging the flow table manually as well after this migration has been applied, if you have users doing at least one self-service flow per minute.

  • This implies a significant breaking change in the login flow payload. Please consult the new ui documentation. In essence, the login flow's methods key was replaced with a generic ui key which provides information for the UI that needs to be rendered.

To apply this patch you must apply SQL migrations. These migrations will drop the flow method table implying that all login flows that are ongoing will become invalid. We recommend purging the flow table manually as well after this migration has been applied, if you have users doing at least one self-service flow per minute.

  • This change introduces a new feature: UI Nodes. Previously, all self-service flows (login, registration, ...) included form fields (e.g. methods.password.config.fields). However, these form fields lacked support for other types of UI elements such as links (for e.g. "Sign in with Google"), images (e.g. QR codes), javascript (e.g. WebAuthn), or text (e.g. recovery codes). With this patch, these new features have been introduced. Please be aware that this introduces significant breaking changes which you will need to adopt to in your UI. Please refer to the most recent documentation to see what has changed. Conceptionally, most things stayed the same - you do however need to update how you access and render the form fields.

Please be also aware that this patch includes SQL migrations which purge existing self-service forms from the database. This means that users will need to re-start the login/registration/... flow after the SQL migrations have been applied! If you wish to keep these records, make a back up of your database prior!

  • This change introduces a new feature: UI Nodes. Previously, all self-service flows (login, registration, ...) included form fields (e.g. methods.password.config.fields). However, these form fields lacked support for other types of UI elements such as links (for e.g. "Sign in with Google"), images (e.g. QR codes), javascript (e.g. WebAuthn), or text (e.g. recovery codes). With this patch, these new features have been introduced. Please be aware that this introduces significant breaking changes which you will need to adopt to in your UI. Please refer to the most recent documentation to see what has changed. Conceptionally, most things stayed the same - you do however need to update how you access and render the form fields.

Please be also aware that this patch includes SQL migrations which purge existing self-service forms from the database. This means that users will need to re-start the login/registration/... flow after the SQL migrations have been applied! If you wish to keep these records, make a back up of your database prior!

  • The configuration value for hashers.argon2.memory is now a string representation of the memory amount including the unit of measurement. To convert the value divide your current setting (KB) by 1024 to get a result in MB or 1048576 to get a result in GB. Example: 131072 would now become 128MB.

Co-authored-by: aeneasr 3372410+aeneasr@users.noreply.github.com
Co-authored-by: aeneasr aeneas@ory.sh

  • Please run SQL migrations when applying this patch.
  • The following configuration keys were updated:
selfservice.methods.password.config.max_breaches
  • password.max_breaches -> selfservice.methods.password.config.max_breaches
  • password.ignore_network_errors -> selfservice.methods.password.config.ignore_network_errors
  • After battling with spf13/viper for several years we finally found a viable alternative with knadh/koanf. The complete internal configuration infrastructure has changed, with several highlights:
  1. Configuration sourcing works from all sources (file, env, cli flags) with validation against the configuration schema, greatly improving developer experience when changing or updating configuration.
  2. Configuration reloading has improved significantly and works flawlessly on Kubernetes.
  3. Performance increased dramatically, completely removing the need for a cache layer between the configuration system and ORY Hydra.
  4. It is now possible to load several config files using the --config flag.
  5. Configuration values are now sent to the tracer (e.g. Jaeger) if tracing is enabled.

Please be aware that ORY Kratos might complain about an invalid configuration, because the validation process has improved significantly.

Changelog

346bc73 fix: resolve clidoc issues (#976)
2fca2be 🐛 fix ory home directory path (#897)
16337f1 Fix typo in config schema
b28aea8 autogen(docs): generate and format documentation
412af90 autogen(docs): generate and format documentation
cfae68b autogen(docs): generate and format documentation
9438f87 autogen(docs): generate and format documentation
ef300aa autogen(docs): generate and format documentation
9c4fdea autogen(docs): generate and format documentation
00d2e98 autogen(docs): generate and format documentation
9ff5862 autogen(docs): generate and format documentation
80e9eb8 autogen(docs): generate and format documentation
d9955bd autogen(docs): generate and format documentation
69f090d autogen(docs): generate and format documentation
17340f7 autogen(docs): generate and format documentation
bbf38d3 autogen(docs): generate and format documentation
527c22e autogen(docs): generate and format documentation
d1c8cef autogen(docs): generate and format documentation
c2358be autogen(docs): generate and format documentation
eb2f369 autogen(docs): generate and format documentation
7522a54 autogen(docs): generate and format documentation
e0e333c autogen(docs): generate and format documentation
3bdbdc0 autogen(docs): generate and format documentation
7a5143c autogen(docs): generate and format documentation
2fb367b autogen(docs): generate and format documentation
b8971a2 autogen(docs): generate and format documentation
9efe448 autogen(docs): generate and format documentation
8ac1cf1 autogen(docs): generate and format documentation
9335163 autogen(docs): generate and format documentation
56c9ba0 autogen(docs): generate and format documentation
ad4f5e6 autogen(docs): generate and format documentation
f44cced autogen(docs): generate and format documentation
8516e40 autogen(docs): generate and format documentation
8d64645 autogen(docs): generate and format documentation
23d78ba autogen(docs): generate and format documentation
f335dba autogen(docs): generate and format documentation
2885146 autogen(docs): generate and format documentation
0068aa5 autogen(docs): generate and format documentation
40493f8 autogen(docs): generate and format documentation
278b0a7 autogen(docs): generate and format documentation
8985775 autogen(docs): generate and format documentation
4301ea6 autogen(docs): generate and format documentation
a7b0544 autogen(docs): generate and format documentation
343d02d autogen(docs): generate and format documentation
b3b6d2e autogen(docs): generate and format documentation
7cf1e72 autogen(docs): generate and format documentation
5405def autogen(docs): generate and format documentation
f87c939 autogen(docs): generate and format documentation
fbd3f82 autogen(docs): generate and format documentation
ba2f2c3 autogen(docs): generate and format documentation
6c8ca8e autogen(docs): generate and format documentation
3840285 autogen(docs): generate and format documentation
91f0531 autogen(docs): generate and format documentation
f115821 autogen(docs): generate and format documentation
75e81fe autogen(docs): generate and format documentation
1008d2f autogen(docs): generate and format documentation
c034e3e autogen(docs): generate and format documentation
6b6edc2 autogen(docs): generate and format documentation
2b0031f autogen(docs): generate and format documentation
5adbfad autogen(docs): generate and format documentation
ff1aede autogen(docs): generate and format documentation
1811b10 autogen(docs): generate and format documentation
e3f2037 autogen(docs): generate and format documentation
2725d2c autogen(docs): generate and format documentation
162df3e autogen(docs): generate and format documentation
a0b6886 autogen(docs): generate and format documentation
75408a0 autogen(docs): generate and format documentation
784a44e autogen(docs): generate and format documentation
e3b7920 autogen(docs): generate cli docs
8085fde autogen(docs): generate cli docs
6653d23 autogen(docs): generate cli docs
5f88465 autogen(docs): generate cli docs
4bda1f0 autogen(docs): generate cli docs
e786410 autogen(docs): generate cli docs
1d3a434 autogen(docs): generate cli docs
425de3f autogen(docs): generate cli docs
95b3376 autogen(docs): generate cli docs
73db8a1 autogen(docs): generate cli docs
2bca952 autogen(docs): generate cli docs
abfcdfd autogen(docs): generate cli docs
d0b4797 autogen(docs): generate cli docs
15d50e2 autogen(docs): generate cli docs
d87dcc7 autogen(docs): generate cli docs
0f5106c autogen(docs): generate cli docs
7648604 autogen(docs): generate cli docs
af200d1 autogen(docs): generate cli docs
653e476 autogen(docs): generate cli docs
6788f05 autogen(docs): generate cli docs
c9d1492 autogen(docs): generate cli docs
79d6a46 autogen(docs): generate cli docs
e216c43 autogen(docs): generate cli docs
6c895f1 autogen(docs): generate cli docs
714508b autogen(docs): regenerate and update changelog
4b8958a autogen(docs): regenerate and update changelog
3cb3880 autogen(docs): regenerate and update changelog
3661e9b autogen(docs): regenerate and update changelog
1d213c6 autogen(docs): regenerate and update changelog
bc0be6f autogen(docs): regenerate and update changelog
c8e1029 autogen(docs): regenerate and update changelog
81f13de autogen(docs): regenerate and update changelog
7360f2b autogen(docs): regenerate and update changelog
5a450c7 autogen(docs): regenerate and update changelog
3929742 autogen(docs): regenerate and update changelog
0e21064 autogen(docs): regenerate and update changelog
813d85e autogen(docs): update milestone document
41492f9 autogen(docs): update milestone document
aad6ee9 autogen(docs): update milestone document
2e43773 autogen(docs): update milestone document
0c04a84 autogen(docs): update milestone document
ef1e3f7 autogen(docs): update milestone document
b20f651 autogen(docs): update milestone document
71e602c autogen(docs): update milestone document
a559cf4 autogen(docs): update milestone document
0a1380f autogen(docs): update milestone document
6e7e8e0 autogen(docs): update milestone document
ade41e0 autogen(docs): update milestone document
33c5f6b autogen(docs): update milestone document
71aa204 autogen(docs): update milestone document
abf15a3 autogen(docs): update milestone document
63b269f autogen(docs): update milestone document
1bd2b95 autogen(docs): update milestone document
64eb80c autogen(docs): update milestone document
0bdca78 autogen(docs): update milestone document
b17b5f8 autogen(docs): update milestone document
4e831f2 autogen(docs): update milestone document
0a72f96 autogen(docs): update milestone document
1b8bdc4 autogen(docs): update milestone document
eb0399c autogen(docs): update milestone document
8660d6d autogen(docs): update milestone document
dc410be autogen(docs): update milestone document
8cf1e78 autogen(docs): update milestone document
e28f759 autogen(docs): update milestone document
688d04a autogen(docs): update milestone document
6d462ca autogen(docs): update milestone document
48078e9 autogen(docs): update milestone document
529a2a4 autogen(openapi): Regenerate openapi spec and internal client
f6b9f23 autogen(openapi): Regenerate openapi spec and internal client
7de219b autogen(openapi): Regenerate swagger spec and internal client
c4c6ed9 autogen(openapi): Regenerate swagger spec and internal client
7381b8d autogen(openapi): Regenerate swagger spec and internal client
e8fac42 autogen(openapi): Regenerate swagger spec and internal client
7768464 autogen(openapi): Regenerate swagger spec and internal client
17bbbd2 autogen(openapi): Regenerate swagger spec and internal client
e96216f autogen(openapi): Regenerate swagger spec and internal client
20cf594 autogen(openapi): Regenerate swagger spec and internal client
2e6f87b autogen(openapi): Regenerate swagger spec and internal client
0c07aca autogen(openapi): Regenerate swagger spec and internal client
e8064b5 autogen(openapi): Regenerate swagger spec and internal client
76f6002 autogen: add v0.5.5-alpha.1 to version.schema.json
507d13a autogen: pin v0.6.0-alpha.1 release commit
b51dd98 autogen: pin v0.6.0-alpha.1.pre.0 release commit
c89bcb3 autogen: pin v0.6.0-alpha.1.pre.1 release commit
fa7fa70 autogen: pin v0.6.0-alpha.1.pre.2 release commit
ebc8d8d autogen: pin v0.6.0-alpha.1.pre.3 release commit
9b6afb2 chore(identity): remove unused function
e43ec54 chore: add sqlite links
2f26523 chore: bump cockroach
be72d42 chore: bump cypress and openapi generator
23f347b chore: bump deps
8ef26f0 chore: bump go deps
4ad89de chore: bump go.mod
04d89b9 chore: bump gobuffalo
a3129ac chore: bump ory/x
8858f71 chore: bump ory/x
e6f7866 chore: bump ory/x and gjson (#1171)
61834d1 chore: bump ory/x to 0.0.192
15ade1c chore: enable goimports linter (#1177)
5b437de chore: fix docs build (#1179)
aee52d2 chore: fix mermaid (#1197)
3e98221 chore: fix misprint (#1308)
8f01c5c chore: fix sdk link (#1190)
0b551e4 chore: format
a896404 chore: regenerate SDK for new login flow
364ee59 chore: regenerate sdk
8afa98a chore: remove incorrect dependency (#1271)
4097e27 chore: remove obsolete package
9aaae85 chore: remove stray print
e49c753 chore: remove unused file
734e538 chore: resolve lint issues
19198cf chore: resolve linter issues
e3cf3da chore: typos and Hydra replacements (#1307)
5ac2380 chore: update docusaurus template
d79e1ad chore: update docusaurus template
7f97ca8 chore: update docusaurus template
ab53893 chore: update docusaurus template
c713c17 chore: update docusaurus template
6bc8752 chore: update docusaurus template
39d9b95 chore: update docusaurus template (#1098)
81c452a chore: update docusaurus template (#1120)
d44178d chore: update docusaurus template (#1158)
2b620ae chore: update docusaurus template (#1176)
11698b5 chore: update docusaurus template (#1259)
fdbb397 chore: update docusaurus template (#1260)
45ce1c6 chore: update docusaurus template (#1309)
8ed70e3 chore: update go modules
e8a38ea chore: update go-sqlite3 dependency
1d5c5dd chore: update go.mod with local rewrites
eb1889f chore: update gomodules
694bbbb chore: update package lock e2e
fec0025 chore: update package.lock
7386ab1 chore: update repository templates
6edcd26 chore: update repository templates
948e6e2 chore: update repository templates
35cac8b chore: update repository templates
91686e6 chore: update repository templates (#1061)
222f0ca chore: update repository templates (#1076)
510ac23 chore: update repository templates (#1118)
ca8a7c3 chore: update repository templates (#1209)
fde9dd3 chore: upgrades discordgo dependency for discord api 8 support (#1010)
2d70d67 ci: add codeql (#928)
c9d0c89 ci: add cypress recordings
b4a1c23 ci: add killall
4ef8ccb ci: bump orbs
d07994e ci: bump orbs
26b92f8 ci: bump orbs and fix sdk
49910f3 ci: bump orbs and update config
481d523 ci: disable sdk/generate
3835377 ci: execute the new step
feb1f4f ci: fix config issues
373a23f ci: fix nancy check by stripping the local rewrite
888651c ci: ignore test faker in golangci-lint
dbda88f ci: make sure generated FAQ files are commited (#1099)
e29cfab ci: resolve go 1.16 go.sum woes
21b7b16 ci: resolve go 1.16 issues
4882e55 ci: resolve ignore issue
a6cc429 ci: resolve test issues
65539c9 ci: simplify and speed up CI (#1126)
47146ea docs(prometheus): update codedoc
44d0bc9 docs: FAQ improvements (#1135)
11cf630 docs: FAQ item & minor changes (#1174)
e500707 docs: Fix typo in README (#1122)
ea30979 docs: ORY -> Ory
6d96952 docs: add Rust and Dart SDKs
2df6729 docs: add SameSite help
8ce8b78 docs: add docker to docs main
ed38c88 docs: add docker to sidebar
32d874a docs: add dotnet sdk (#1183)
10697aa docs: add faq sidebar (#1105)
4967f11 docs: add log docs to schema config
cbb2e27 docs: add more HA docs
d16db87 docs: add shell-session language
e48a07d docs: add ui node docs
fc712f4 docs: adding double colons (#1187)
29ae53a docs: bcrypt is default and add 72 char warning
2e2880a docs: better import identities examples (#997)
ae39956 docs: change forum to discussions readme (#1220)
fe725ad docs: describe more about Kratos login/browser flow on quickstart doc (#1047)
4d9b6a3 docs: docker file links (#1182)
ec86993 docs: document hash timing attack mitigation
7e1546b docs: explain how to use after_verification_return_to
6b9aae8 docs: fix broken link (#1037)
0de328f docs: fix failing build
687251a docs: fix formatting (#966)
f476334 docs: fix identity state bullets (#1095)
e208ca5 docs: fix known/unknown email account recovery (#1211)
7f6d7f5 docs: fix link
e7043e9 docs: fix link (#1128)
4622e32 docs: fix link to blogpost (#949)
2be8778 docs: fix link to self-service flows overview (#995)
745cea0 docs: fix note block in third party login guide (#920)
4ce4468 docs: fix npm links (#991)
f2ed424 docs: fix self-service code flows labels (#1253)
002448d docs: fix typo in config schema (#896)
9ab7c3d docs: link to argon2 blogpost and add cross-references (#1038)
cc6e9ff docs: make explicit the ID of the default schema (#1173)
34db06f docs: minor cosmetics (#1050)
f0672b5 docs: minor improvements (#1052)
cdbbf4d docs: reformat settings code samples
2b0342a docs: remove unnecessary and wrong docker pull commands (#1203)
a3d8284 docs: resolve duplication error
9b5754f docs: update build from source
1778cb9 docs: update email template docs
b5fd9a3 docs: update identity-data-model links
4624f03 docs: update identity.ID field documentation
e86178f docs: update kratos video link (#1073)
695a30f docs: update login code samples
ce6c755 docs: update login code samples
c3fcaba docs: update quickstart samples
d9fbb62 docs: update recovery code samples
317810f docs: update registration code samples
6415011 docs: update self-service code samples
bbd6266 docs: update settings code samples
4285dec docs: update verification code samples
acab3e8 docs: use correct extension for identity-data-model
cbb2c0b feat(courier): allow sending individual messages
1f20a5c feat(oidc): support google hd claim (#1097)
a61f881 feat(schema): add totp errors
9c6b68c feat: add FAQ to docs (#1096)
75a4f1a feat: add Prometheus monitoring to Public APIs (#1022)
4230d9e feat: add email template specification in doc (#898)
6bae66c feat: add error for when no login strategy was found
905bb03 feat: add facebook provider to oidc providers and documentation (#1035)
49deb2e feat: add gh login to claims
7468c83 feat: add login strategy text message
e99803b feat: add more tests for multi domain args
cb9894f feat: add random delay to login flow (#1088)
bb99912 feat: add return_url to verification flow (#1149)
e947edf feat: add sql migrations for new login flow
3c4cc1c feat: add sql tracing
007dde4 feat: add tracing to config schema
2c41b81 feat: add transporter with host modification
5d72d10 feat: add workaround template for go openapi
7c66053 feat: adds slack sogial login (#974)
77ce316 feat: allow session cookie name configuration
5904fe3 feat: allow specifying sender name in smtp.from_address (#1100)
b2612ee feat: bcrypt algorithm support (#1169)
c6ef7ad feat: check migrations in health check
9d8563e feat: configure domain alias as query param
d3d5327 feat: contextualize configuration
8145a1c feat: contextualize health checks
3b3ef8f feat: contextualize http client in cli calls
6440373 feat: contextualize persitence testers
500b8ba feat: courier foreground worker with "kratos courier watch" (#1062)
bbf44d8 feat: do not enforce bcrypt 12 for dev envs
cd56b73 feat: email input validation (#1287)
4391fe5 feat: export and add config options
f50969e feat: expose courier worker
504d518 feat: expose crdb ui
7108262 feat: global docs sidebar (#1258)
1516a54 feat: implement and test domain aliasing
4ead2c8 feat: improve oas spec and fix mobile tests
797b49d feat: improve sorting of ui fields
348a493 feat: include schema
fed790b feat: make cli commands consumable in Ory Cloud (#926)
595224b feat: migrate to openapi v3
7749c7a feat: populate email templates at delivery time, add plaintext defaults (#1155)
cbec27c feat: sort and label nodes with easy to use defaults
815a248 feat: support base64 inline schemas
957ef38 feat: support contextual csrf cookies
0681c12 feat: support domain aliasing in session cookie
a99cdcd feat: support label in oidc config
f0c21d7 feat: support retryable CRDB transactions
ad010de feat: unix sockets support (#1255)
3e181fe feat: web hooks support (recovery) (#1289)
e8ed61f fix(cmd): make HTTP calls resilient
04abe77 fix(hashing): make bcrypt default hashing algorithm
6d725b1 fix: add include stub go files
8c6ec27 fix: add index to migration status
e5f6b36 fix: add node_modules to format tasks
73c15d2 fix: add titles to identity schema
5c45bd9 fix: adopt to new go-swagger changes
4bb4f67 fix: allow absolute file URLs as config values (#1069)
7591f07 fix: allow hashtag in ui urls (#1040)
d172368 fix: avoid unicode-escaping ampersand in recovery URL query string (#1212)
23fc13b fix: bcrypt regression in credentials counting
999828a fix: broken make quickstart-dev task (#980)
5b01c7a fix: broken make sdk task (#977)
e1f3f78 fix: call contextualized test helpers
31e9632 fix: code integer parsing bit size (#1178)
f8640c0 fix: contextualize identity persister
d64b575 fix: convert all identifiers to lower case on login (#815)
ebe4e64 fix: courier adress (#1198)
5396a82 fix: courier message dequeue race condition (#1024)
a2d6eeb fix: define credentials types as sql template and resolve crdb issue
efedc92 fix: dereference pointer types from new flow structures (#1019)
bbfcbf9 fix: do not include smtp in tracing (#1268)
3726ed4 fix: do not publish version at public endpoint
554bb0b fix: do not reset registration method
1fcc855 fix: do not return system errors for missing identifiers
1384148 fix: export mailhog dockertest runner
bd9d28f fix: fix random delay norm distribution math (#1131)
68a09e7 fix: fork audit logger from root logger
0bb3eb6 fix: gitlab oidc flow (#1159)
2f62041 fix: give specific message instead of only 404 when method is disabled (#1025)
ada6997 fix: ignore unset domain aliases
43e9678 fix: improve cli error output
4351773 fix: improve error stack trace
456fd25 fix: improve error tracing (#1005)
2f92a70 fix: improve test contextualization
9896289 fix: initialize randomdelay with seeded source
92b79b8 fix: insert credentials type constants as part of migrations (#865)
be02a70 fix: linking a connection may result in system error (#990)
62d8b85 fix: marking whoami auhorization parameter as 'in header' (#1244)
029781f fix: move schema loaders to correct file
2588fb4 fix: move to new transaction-safe migrations (#1063)
0879446 fix: pass down context to registry
1d5854d fix: re-enable SDK generation
db35d8f fix: record cypress runs
3457e1a fix: rehydrate settings form on successful submission
b8eb908 fix: remove absolete 'make pack' from Dockerfile (#1172)
85eea67 fix: remove continuity cookies on errors
1764e3a fix: remove include stubs
230fd13 fix: remove obsolete clihelpers
84a9315 fix: remove record from bash script
1fe137e fix: remove stray non-ctx configs (#1053)
59581e3 fix: remove trailing double-dot from error
1445d1d fix: remove unused sql migration
30a8cee fix: remove unused var
98cfec6 fix: remove verify hook
3803c8c fix: replace jwt module (#1254)
fb582aa fix: resolve build and release issues
599e9f7 fix: resolve clidoc issues
63063c1 fix: resolve compile issues
5a4f0d9 fix: resolve contextualized table issues
9f6edfd fix: resolve crdb migration issue
032322c fix: resolve double hook invokation for registration
f88b6ab fix: resolve incorrect field types on oidc sign up completion
75a995b fix: resolve lint issues
0348825 fix: resolve lint issues
c8396f6 fix: resolve linting issues and disable nancy
b968bc4 fix: resolve mail queue issues
9862ac7 fix: resolve merge regressions
f28087a fix: resolve oidc e2e regressions
f5091fa fix: resolve oidc regressions and e2e tests
3159c0a fix: resolve potential fsnotify leaks
8bae356 fix: resolve regressions and test failures
9e34bf2 fix: resolve regressions in cookies and payloads
4b611f3 fix: resolve settings sudo regressions
e3fb028 fix: resolve test regressions
8e744b9 fix: resolve ui issues with nested form objects
d0d661a fix: resolve update regression
27b977e fix: return delay instead of sleeping to improve tests
c18b97f fix: revert generator changes
0d80447 fix: run correct error handler for registration hooks
33d29bf fix: simplify data breaches password error reason (#1136)
d420fe6 fix: support form and json formats in decoder
eb0b69d fix: update openapi definitions for signup
c19b2f4 fix: update quickstart node image
4c2a1b7 fix: update to new goreleaser config
6ec987a fix: update to new healthx
1c0e52e fix: use equalfold
d75a378 fix: use new TB interface
468a12e fix: use numerical User ID instead of name to avoid k8s security warnings (#1151)
1e56457 fix: use remote dependencies
6e15f6f refactor: adapt new sdk in testhelpers
407fd95 refactor: add nid everywhere
7ebc3a9 refactor: contextualize everything
fc42ece refactor: do not use prefixed node names
3151187 refactor: improve Argon2 tooling (#961)
09f8ae5 refactor: move faker to exportable module
7eca67e refactor: move migratest helpers to ory/x
cd0e0eb refactor: move password config to selfservice
43c4a13 refactor: move to go 1.16 embed
e27fae4 refactor: remove password node attribute prefix
a3ff6f7 refactor: remove profile node attribute prefix
4a2f419 refactor: rename config structs and interfaces
5da155a refactor: rename form to container
f74a5c2 refactor: replace flow's forms with new ui node module
647eb1e refactor: replace flow's forms with new ui node module
d4ca364 refactor: replace login flow methods with ui container
cac0456 refactor: replace recovery flow methods with ui container
3f6388d refactor: replace registration flow methods with ui container
0efd17e refactor: replace settings flow methods with ui container
dbf2668 refactor: replace verification flow methods with ui container
5eb1bc0 refactor: replace viper with koanf config management
6268310 refactor: update RegisterFakes calls
26829d2 refactor: use underscore in webhook auth types
193d266 styles: format
ada5dbb styles: format
e4b7e79 styles: format
17a0bf5 styles: format
ba1eeef styles: format
1ebfbde styles: format
f525fc5 test(e2e): significantly reduce wait and idle times
f95a117 test: add case to ensure correct behavior when verifying a different email address (#999)
f80691b test: add oasis test case
b3dc925 test: bump poll interval
b7f8d04 test: bump video quality
b2e43f8 test: bump wait times
cf49414 test: clean up hydra env before restart
4bec9ef test: longer wait times
2e3764b test: reliable migration tests on crdb
16dca3f test: remove old noop test
c1b5ba4 test: resolve compile issues
cb670a8 test: resolve flaky tests
a1b9b9a test: resolve json parser test regression
388b5b2 test: resolve login integration regressions
2051a71 test: resolve migration regression
ff791c4 test: resolve more json parser test regressions
c5a23af test: resolve more regressions
40a849c test: resolve order regression
f0c9e5f test: resolve regression
e2b0ad3 test: resolve regression
4b9da3c test: resolve regressions
82650cf test: resolve stub regressions
de0b65d test: resolve test migrations
ccf9fed test: resolve test regression issues
a16737c test: speed up tests
d1ddfa8 test: update schema tests for webhooks
55fb37f test: update test description
cabe97d test: use bcrypt cost 4 to reduce CI times
d90cf13 test: use fast bcrypt for e2e
c30eb26 tests: initial documentation tests via Text-Runner (#567)

Docker images

  • docker pull oryd/kratos:v0-sqlite
  • docker pull oryd/kratos:v0.6-sqlite
  • docker pull oryd/kratos:v0.6.0-sqlite
  • docker pull oryd/kratos:v0.6.0-alpha.1-sqlite
  • docker pull oryd/kratos:latest-sqlite
  • docker pull oryd/kratos:v0
  • docker pull oryd/kratos:v0.6
  • docker pull oryd/kratos:v0.6.0
  • docker pull oryd/kratos:v0.6.0-alpha.1
  • docker pull oryd/kratos:latest

Don't miss a new kratos release

NewReleases is sending notifications on new releases.