ory/kratos v0.8.0-alpha.1

on GitHub

We are extremely excited to share this next generation of Ory Kratos! The project is truly maturing and the community is getting larger by the hour.

On this special occasion, we would like to bring to your attention that the Ory Summit is happening tomorrow and on Friday! You will hear gripping talks from the Ory Community and Ory maintainers! And the best part, tickets are free and we are covering multiple time zones!

This release is truly the best version of Ory Kratos to date and we want to give you a tl;dr of the 345 commits and 1152 files changed, and what you can expect from this release:

• Full multi-factor authentication with different enforcement policies (soft/hard MFA).
• Support for WebAuthn (FIDO2 / U2F) two-factor authentication - from fingerprints to hardware tokens every FIDO2 device is supported!
• Ability to fetch the initial OAuth2 Access and Refresh and OpenID Connect ID Tokens an identity receives when performing social sign up. Optionally, these tokens are stored encrypted in the database (XChaCha20Poly1305 or AES-GCM)!
• Support for TOTP (Google Authenticator) two-factor verification/authentication.
• Advanced two-factor recovery with lookup secrets.
• A complete reference implementation of the Ory Kratos end-user (self-service) facing UI in ReactJS & VercelJS.
• "Native" support for Single-Page App Single Sign-On.
• Much improved single-page app and native app APIs for all self-service flows.
• Support for PKBDF2 password hashing, which will help import user passwords from other systems in the future.
• Bugfixes and improvements to the OpenAPI spec and auto-generated SDKs.
• ARM Docker Images.
• Greatly improved internal e2e test pipeline using Cypress 8.x.
• Improved functional tests with cupaloy snapshot testing.
• Documentation on different error codes and message identifiers to easier translate messages in your own UI.
• Better form decoding and ability to mark required JSON Schema fields as required in the UI.
• Bug fixes that could result in users ending up in irrecoverable UI states.
• Better support for return_to across flows (e.g. OIDC) and in custom UIs.
• SBOM Software Supply Chain scanning & reporting.
• Docker Image vulnerability checking as part of the release pipeline.
• Support sending emails via AWS SES SMTP.
• A REST endpoint to invalidate all an identity's sessions.

As you can see, much has happened and we are grateful for all the great interactions we have with you, every day!

Let's take a look at some of the breaking changes. Even though much was added, little has changed in breaking ways! This is a testament that Ory Kratos' internals and APIs are becoming more stable!

This release requires you to run SQL migrations. Please, as always, create a backup of your database first!

The SDKs are now generated with tag v0alpha2 to reflect that some signatures have changed in a breaking fashion. Please update your imports from v0alpha1 to v0alpha2.

The SMTPS scheme used in courier config URL with cleartext/StartTLS/TLS SMTP connection types is now only supporting implicit TLS. For StartTLS and cleartext SMTP, please use the SMTP scheme instead.

Example:

• SMTP Cleartext: smtp://foo:bar@my-mailserver:1234/?disable_starttls=true
• SMTP with StartTLS: smtps://foo:bar@my-mailserver:1234/ -> smtp://foo:bar@my-mailserver:1234/
• SMTP with implicit TLS: smtps://foo:bar@my-mailserver:1234/?legacy_ssl=true -> `smtps://foo:bar@my-mailserver:1234/We are extremely excited to share this next generation of Ory Kratos! The project is truly maturing and the community is getting larger by the hour.

On this special occasion, we would like to bring to your attention that the Ory Summit is happening tomorrow and on Friday! You will hear gripping talks from the Ory Community and Ory maintainers! And the best part, tickets are free and we are covering multiple time zones!

This release is truly the best version of Ory Kratos to date and we want to give you a tl;dr of the 345 commits and 1152 files changed, and what you can expect from this release:

• Full multi-factor authentication with different enforcement policies (soft/hard MFA).
• Support for WebAuthn (FIDO2 / U2F) two-factor authentication - from fingerprints to hardware tokens every FIDO2 device is supported!
• Ability to fetch the initial OAuth2 Access and Refresh and OpenID Connect ID Tokens an identity receives when performing social sign up. Optionally, these tokens are stored encrypted in the database (XChaCha20Poly1305 or AES-GCM)!
• Support for TOTP (Google Authenticator) two-factor verification/authentication.
• Advanced two-factor recovery with lookup secrets.
• A complete reference implementation of the Ory Kratos end-user (self-service) facing UI in ReactJS & VercelJS.
• "Native" support for Single-Page App Single Sign-On.
• Much improved single-page app and native app APIs for all self-service flows.
• Support for PKBDF2 password hashing, which will help import user passwords from other systems in the future.
• Bugfixes and improvements to the OpenAPI spec and auto-generated SDKs.
• ARM Docker Images.
• Greatly improved internal e2e test pipeline using Cypress 8.x.
• Improved functional tests with cupaloy snapshot testing.
• Documentation on different error codes and message identifiers to easier translate messages in your own UI.
• Better form decoding and ability to mark required JSON Schema fields as required in the UI.
• Bug fixes that could result in users ending up in irrecoverable UI states.
• Better support for return_to across flows (e.g. OIDC) and in custom UIs.
• SBOM Software Supply Chain scanning & reporting.
• Docker Image vulnerability checking as part of the release pipeline.
• Support sending emails via AWS SES SMTP.
• A REST endpoint to invalidate all an identity's sessions.

As you can see, much has happened and we are grateful for all the great interactions we have with you, every day!

Let's take a look at some of the breaking changes. Even though much was added, little has changed in breaking ways! This is a testament that Ory Kratos' internals and APIs are becoming more stable!

This release requires you to run SQL migrations. Please, as always, create a backup of your database first!

The SDKs are now generated with tag v0alpha2 to reflect that some signatures have changed in a breaking fashion. Please update your imports from v0alpha1 to v0alpha2.

The SMTPS scheme used in courier config URL with cleartext/StartTLS/TLS SMTP connection types is now only supporting implicit TLS. For StartTLS and cleartext SMTP, please use the SMTP scheme instead.

Example:

• SMTP Cleartext: smtp://foo:bar@my-mailserver:1234/?disable_starttls=true
• SMTP with StartTLS: smtps://foo:bar@my-mailserver:1234/ -> smtp://foo:bar@my-mailserver:1234/
• SMTP with implicit TLS: smtps://foo:bar@my-mailserver:1234/?legacy_ssl=true -> `smtps://foo:bar@my-mailserver:1234/We are extremely excited to share this next generation of Ory Kratos! The project is truly maturing and the community is getting larger by the hour.

On this special occasion, we would like to bring to your attention that the Ory Summit is happening tomorrow and on Friday! You will hear gripping talks from the Ory Community and Ory maintainers! And the best part, tickets are free and we are covering multiple time zones!

This release is truly the best version of Ory Kratos to date and we want to give you a tl;dr of the 345 commits and 1152 files changed, and what you can expect from this release:

• Full multi-factor authentication with different enforcement policies (soft/hard MFA).
• Support for WebAuthn (FIDO2 / U2F) two-factor authentication - from fingerprints to hardware tokens every FIDO2 device is supported!
• Ability to fetch the initial OAuth2 Access and Refresh and OpenID Connect ID Tokens an identity receives when performing social sign up. Optionally, these tokens are stored encrypted in the database (XChaCha20Poly1305 or AES-GCM)!
• Support for TOTP (Google Authenticator) two-factor verification/authentication.
• Advanced two-factor recovery with lookup secrets.
• A complete reference implementation of the Ory Kratos end-user (self-service) facing UI in ReactJS & VercelJS.
• "Native" support for Single-Page App Single Sign-On.
• Much improved single-page app and native app APIs for all self-service flows.
• Support for PKBDF2 password hashing, which will help import user passwords from other systems in the future.
• Bugfixes and improvements to the OpenAPI spec and auto-generated SDKs.
• ARM Docker Images.
• Greatly improved internal e2e test pipeline using Cypress 8.x.
• Improved functional tests with cupaloy snapshot testing.
• Documentation on different error codes and message identifiers to easier translate messages in your own UI.
• Better form decoding and ability to mark required JSON Schema fields as required in the UI.
• Bug fixes that could result in users ending up in irrecoverable UI states.
• Better support for return_to across flows (e.g. OIDC) and in custom UIs.
• SBOM Software Supply Chain scanning & reporting.
• Docker Image vulnerability checking as part of the release pipeline.
• Support sending emails via AWS SES SMTP.
• A REST endpoint to invalidate all an identity's sessions.

As you can see, much has happened and we are grateful for all the great interactions we have with you, every day!

Let's take a look at some of the breaking changes. Even though much was added, little has changed in breaking ways! This is a testament that Ory Kratos' internals and APIs are becoming more stable!

This release requires you to run SQL migrations. Please, as always, create a backup of your database first!

The SDKs are now generated with tag v0alpha2 to reflect that some signatures have changed in a breaking fashion. Please update your imports from v0alpha1 to v0alpha2.

The SMTPS scheme used in courier config URL with cleartext/StartTLS/TLS SMTP connection types is now only supporting implicit TLS. For StartTLS and cleartext SMTP, please use the SMTP scheme instead.

Example:

• SMTP Cleartext: smtp://foo:bar@my-mailserver:1234/?disable_starttls=true
• SMTP with StartTLS: smtps://foo:bar@my-mailserver:1234/ -> smtp://foo:bar@my-mailserver:1234/
• SMTP with implicit TLS: smtps://foo:bar@my-mailserver:1234/?legacy_ssl=true -> smtps://foo:bar@my-mailserver:1234/

Breaking Changes

The location of the homebrew tap has changed from ory/ory/kratos to ory/tap/kratos.

To stay consistent with other query parameter's, the self-service login flow's forced key has been renamed to refresh.

The SDKs are now generated with tag v0alpha2 to reflect that some signatures have changed in a breaking fashion. Please update your imports from v0alpha1 to v0alpha2.

To support 2FA on non-browser (e.g. native mobile) apps we have added the Ory Session Token as a possible parameter to both initializeSelfServiceLoginFlowWithoutBrowser and submitSelfServiceLoginFlow. Depending on the SDK generator, the order of the arguments may have changed. In JavaScript:

- .submitSelfServiceLoginFlow(flow.id, payload)
+ .submitSelfServiceLoginFlow(flow.id, sessionToken, payload)
+ // or if the user has no session yet:
+ .submitSelfServiceLoginFlow(flow.id, undefined, payload)

To improve the overall API design we have changed the result of POST /self-service/settings. Instead of having flow be a key, the flow is now the response. The updated identity payload stays the same!

 {
-  "flow": {
-    "id": "flow-id-..."
-    ...
-  },
+  "id": "flow-id-..."
+  ...
   "identity": {
     "id": "identity-id-..."
   }
 }

The SMTPS scheme used in courier config url with cleartext/StartTLS/TLS SMTP connection types is now only supporting implicit TLS. For StartTLS and cleartext SMTP, please use the smtp scheme instead.

Example:

• SMTP Cleartext: smtp://foo:bar@my-mailserver:1234/?disable_starttls=true
• SMTP with StartTLS: smtps://foo:bar@my-mailserver:1234/ -> smtp://foo:bar@my-mailserver:1234/
• SMTP with implicit TLS: smtps://foo:bar@my-mailserver:1234/?legacy_ssl=true -> smtps://foo:bar@my-mailserver:1234/

This patch changes the naming and number of prometheus metrics (see: ory/x#379). In short: all metrics will have now http_ prefix to conform to Prometheus best practices.

Bug Fixes

• Add error id (1442784)

• Add mfa e2e test scenarios and resolve found issues (436992d)

• Add middleware earlier #1775 (#1776) (b9d253e)

• Allow refresh and aal upgrade at the same time (2ec801f)

• API client leaks stack trace with an error (#1772) (d3aff6d), closes #1771

• Better const handling for internal context (1e457e3)

• Correct swagger path for /identities/:id/session endpoint (#1756) (d614f2a)

• Decoder regression in registration (febf75a)

• Deterministic clidoc dates (e48d90a)

• Disable totp per default (7278589)

• Docs autogen should not use time.Now (a830f5b)

• Ensure correct error propagation (77ce709)

• Ensure refresh issues a new session when the identity changes (a10b385)

• Ensure return_to works for OIDC flows (d615734), closes #1773

• Explicit validation for return to in new flows (284cf29)

• Follow chrome webauthn best practice recommendation (0a7c812)

• Githup-app name in config (#1822) (1b50963)

• Handle return errors on the frontend and break early (0e8d481):

  Closes https://github.com/ory-corp/cloud/issues/1426

• Identity credential identifiers are now unique per method (57fd99a)

• Improve schema validation error tracing (f793fe5)

• Incorrect JSON response for browser flows (1501f56)

• Kill modd as well (e5a98e5)

• link: Resolve incorrect response types when opening API recovery link in browser (35ea8db)

• login: Properly handle refresh (8dc7059)

• lookup: Ensure correct fields are set (5ed4c55)

• lookup: Resolve reuse scenarios (dbfe475)

• lookup: Set up codes correctly (2f373f3)

• OIDC provider field in spec (#1809) (11b25de)

• oidc: Ensure nested keys work on login (71583c5)

• Omitempty for VerifiedAt and StateChangedAt (#1736) (bf2ec6e):

  Closes ory/sdk#95

• Only respect required modules for SDK (4c5677f)

• Panic when recovering deactivated user (0a49f27), closes #1794 #1826

• Potentially resolve hanging postgres connection closing (693a928)

• Properly encode aal error (49b6288)

• Properly open recovery endpoints in browser if flow was initiated via API (23c12e5)

• Remove duplicate schema error (4e69123)

• Remove initial_value again as it was not useful outside of booleans (0cc984b)

• Remove obsolete openapi patch (11618ec)

• Remove unnecessary cmd reference (351760e)

• Replace 302 with 303 (2e2b0f8)

• Resolve clidoc generation issue (1aaaa03)

• Resolve merge issues (1dc7497)

• Resolve openapi issues and regenerate clients (f7d60c0)

• Resolve swagger regression (02b9d47)

• Run format on ts files (f55f6f6)

• Slow CLI start-up time (ae20c17):

  Found a deeply nested dependency which was importing https://github.com/markbates/pkger, causing unreasonable CPU consumption and significant delay at start up time. With this patch, start up time was reduced from almost 3s to ~0.01s.

  $ time kratos
  kratos  2.55s user 2.46s system 508% cpu 0.986 total
  
  $ time ./kratos-patch
  ./kratos-patch  0.00s user 0.00s system 64% cpu 0.001 total
  

• test: OIDC storategy test (#1836) (b877dbe)

• totp: Reorder QR (d096df7)

• Try and reduce cookie flakyness (e7ae8d6)

• Typo (8c4d8a2)

• ui: Use correct type for anchor (a6595e4)

• Update schema config location (539ae73)

• Use parallelism of 1 in go test (8736334)

• webauthn: Support react-based webauth (b6123b4)

• X-session-token must not be mandatory (05d73be)

Code Generation

• Pin v0.8.0-alpha.1 release commit (c2c902c)

Code Refactoring

• courier: Support SMTP schemes for implicit TLS, explicit StartTLS, and cleartext SMTP (#1831) (4cb082c), closes #1770 #1769

• Homogenize error messages (421a319)

• Improved prometheus metrics (#1830) (0be993b), closes #1735:

  This will add new prometheus metrics for Kratos that are more useful for alerting and increase overall observability.

• Login flow forced renamed to refresh (92087e5)

• login: Rename forced -> refresh (8d1e54b)

• login: Support 2FA for non-browser SDKs (df4846d)

• Move expired error into top-level flow module (01a2602)

• Move homebrew tap to ory/tap (0ee67c3)

• Move node identifiers to node package (b0a86dc)

• Revert decision to return 422 errors and streamline 401/403 (8aa5318)

• Sdk API is no v0alpha2 (3f06738)

• session: CreateAndIssueCookie is now UpsertAndIssueCookie (a6d134d)

• session: CreateSession is now UpsertSession (3ec81a2)

• settings: Change settings success response (12f98f2)

Documentation

• Add 2fa credentials (f7899a7)
• Add 2fa guide (b4eed76)
• Add a commandline example for the logout (#1753) (81ba264)
• Add admin ui guide (ac88060)
• Add advanced custom UI documentation (5e3a2cd)
• Add image assets (6bc93ca)
• Add missing angle bracket (#1799) (4270140)
• Add ory sessions as a concept (626c0c9)
• Add powershell to deps (#1853) (e945336), closes #1848
• credentials: Add AAL explanation (c1f501e)
• Enhance error return values (3799c24)
• Fix invalid syntax (#1819) (8cd6428)
• Fix the flow links used for rendering (#1752) (131d2c2)
• Fix the invalid links (#1868) (6d621ec)
• Remove obsolete file (b7f9052)
• Update generated docs (72afb81)
• Update quickstart curl examples (#1778) (6c677c4)
• Use correct link (f007919), closes #1793

Features

• Add intended_for_someone_else error code (572a131)

• Add aal fallback for existing sessions (a5c7b11)

• Add authenticators after set up (035c276)

• Add DeleteCredentialsType to identity struct including tests (b12bf52)

• Add e2e tests for react native 2fa (a3ac253)

• Add error ids for csrf-related errors (dc2adbf)

• Add error ids for redirect-related errors (246a045)

• Add error ids for session-related errors (087d907)

• Add explicit return_to to flow objects and API parameters (50d04ea), closes #1605 #1121:

  This patch adds a return_to field to the flow objects which contains the original ?return_to=... value. It uses the Flow's request_url for that purpose.

• Add ids for user-facing errors for login, registration, settings (787558b):

  This patch adds a new field id to JSON error payloads. This helps tremendously in implementing better client-side (native / SPA) apps as the API now returns error IDs like no_active_session, orbidden_return_to, no_verified_address and more. UIs can use these IDs to decide what to do next in the application - for example redirecting to a particular endpoint or showing an error message.

• Add initial value to bool checkboxes (63dba73)

• Add internal context to login and registration (723e6ee)

• Add internal context to settings flow (afb6895)

• Add lookup node to disable lookup (d0836be):

  See ory/cloud#12

• Add lookup to config (14119b6)

• Add lookup to identity (ead3833)

• Add lookup to migrations (dac4f75)

• Add MFA enforcment option to whoami and settings (554d725)

• Add mfa for non-browser (4096fd3)

• Add missing migrations (ccc64d8)

• Add option to disable recovery codes (9d3daa6):

  Closes ory/cloud#12

• Add ory cli config (5b959be)

• Add schema patch for new initial_value field (131e380):

  The field sets a node input's initial value. This is primarily used for fields which are e.g. checkboxes or buttons (active/inactive). If this field is set on a button, it implies that clicking the button should trigger the "value" to be set.

• Add script type and discriminator for attributes (de0af95):

  See ory/sdk#72

• Add smtp headers config option (#1747) (7ffe0e9), closes #1725

• Add support for onclick javascript in ui nodes (7cc7efa)

• Add totp strategy for settings flow (d1d6617):

  This patch allows adding a TOTP device in the settings, and also removing it when no longer needed.

• Add webauthn identity credential (f8b9582)

• Adding Dockle Container Linter (#1852) (3c0d519)

• Adjust to new aal error handling (b8956bc)

• API to return access, refresh, id tokens from social sign in (#1818) (198991a), closes #1518 #397:

  This patch introduces the new include_credential query parameter to the GET /identities endpoint which allows administrators to receive the initial access, refresh, and ID tokens from Social Sign In (OpenID Connect / OAuth 2.0) flows.

  These tokens can be stored in an encrypted format (XChaCha20Poly1305 or AES-GCM) in the database if an appropriate encryption secret is set. To get started easily these values are not encrypted per default.

  For more information head over to the docs.

• Auto-generate list of messages (cf46339), closes #1784

• Endpoint to list all identity schemas (#1703) (aa23d5d), closes #1699

• Generate sdks and update versions (c9d22d9)

• hash: PBKDF2 password hash verification (#1774) (33cc7e0), closes #1659

• Identity schema validation on startup (#1779) (99db3f0), closes #701

• identity: Add AAL constants (882573d)

• Implement AAL for login and sessions (45467e0)

• Implement endpoint for invalidating all sessions for a given identity (#1740) (dbd1689), closes #655:

  This PR introduces endpoint to destroy all sessions for a given identity which effectively logouts user from all devices/sessions. This is useful when for some security concern we want to make sure there are no "old" sessions active or other "staff" related actions (such as force logout after password change etc.).

• Implement lookup code settings and login (8f3ce7b)

• Improve detection of AAL errors and return 422 instead of 403 (e2bfbea)

• Improve labels for totp and lookup (b92e00e)

• Improve session device annotations (87907b8)

• In docker debug support with delve (#1789) (37325a1)

• Introduce cve scanning (#1798) (ade13ea)

• logout: Add logout token to browser response (#1758) (d3f1177)

• Mark recovery email address verified (#1665) (e3efc5d), closes #1662

• Mark required fiels as required (34cd5e8):

  Closes https://github.com/ory-corp/cloud/issues/1328
  Closes #400
  Closes #1058
  See https://ory-community.slack.com/archives/C012RJ2MQ1H/p1631825476159000

• Natively support social sign in for single-page apps (1a1a350)

• persistence: Add new columns for mfa (6184fe3)

• Potentially add arm64 docker support (68112de)

• Proper enum and type assertions for openapi (c4d8516)

• Publish webauthn as loadable script instead of eval (2717c59)

• Redirect on login if session aal is not matched (8feff8d)

• Respect webauthn in session aal (869b4a5)

• session: Respect 2fa enforcement in whoami (3a82c88)

• Sign in with apple (#1833) (16ed123), closes #1782:

  Adds an adapter and configuration options for enabling Social Sign In with Apple.

• Sort totp nodes (5c9a494)

• Stubable time in text package (22e4ed1)

• Support apple m1 (54b4fb6)

• Support setting the identity state via the admin API (#1805) (29c060b), closes #1767

• Support strategy return to ui for settings (74670bb)

• Support webauthn for mfa (e8f4d3c)

• totp: Add width and height to QR code (a648ba3)

• totp: Support account name setting from schema (19a6bcc)

• Treat lookup as aal2 in session (3269028)

• Use discriminators for ui node types in spec (59e808e)

• Use initial_value in lookup strategy (efe272f)

Reverts

• 3745014 (d493d10)

Tests

• Aal in login.NewFlow (5986e38)
• AcceptToRedirectOrJSON (2ca153f)
• Add credentials test (58b388c)
• Add expired test to login handler (3bdb8ab)
• Add identity change test to settings submit (5eb090b)
• Add initial spa e2e test (20617f6)
• Add initial totp integration tests (c9d456b)
• Add login tests (a71cadd)
• Add migrations tests for new tables (3c96ab0)
• Add react app to e2e tests (1214eee)
• Add schema test for totp config (c4f05ba)
• Add session amr test (eedb60b)
• Add settings tests (6959565)
• Add test for TOTPIssuer (14731c4)
• Add test for ui error page (3977a9c)
• Add TestEnsureInternalContext (152bfc7)
• Add totp registry tests (817e3ec)
• Add totp settings tests (c5a0d0f)
• Add TOTP to profile (7431e9f)
• Add update session test (47bd057)
• Additional checks for flow hydration (a40d7fe)
• Amr persistence (b0b2d81)
• Check if internal context is validated in store (a23d851)
• CheckAAL (03b37e7)
• Complete TOTP login integration tests (6e503cf)
• e2e: Add baseurl (159b25f)
• e2e: Add checkboxes to schemas (0c91f0c)
• e2e: Add config for proxy to simplify cy.visit logic (7d87985)
• e2e: Add mfa profile (a60d157)
• e2e: Add modd to build (48cd8ae)
• e2e: Add more helpers and ts defs (21b35b0)
• e2e: Add more helpers for various flows and proxy settings (755ac60)
• e2e: Add more routes to registry (30423c9)
• e2e: Add more typings for cypress helpers (60bd63f)
• e2e: Add plugin for using got (8fafc40)
• e2e: Add proxy capabilities for react native app (b5668df)
• e2e: Add recovery tests for SPA (b6014ee)
• e2e: Add spa as allowed redirect url (2625d16)
• e2e: Add SPA tests for login and refactor tests to typescript (d9a25df)
• e2e: Add SPA tests for logout and refactor tests to typescript (b0c6776)
• e2e: Add SPA tests for registration and refactor tests to typescript (a61ed1e)
• e2e: Add support functions and type definitions (c82d68d)
• e2e: Clean up helper (4806add)
• e2e: Complete SPA tests for all mfa flows (2196129)
• e2e: Default and empty values and required fields (72f2c5f)
• e2e: Ensure advanced types work in forms also (287269c)
• e2e: Ensure correct app (a9ff545)
• e2e: Finalize mobile tests (acf5c3d)
• e2e: Force port (a49eda8)
• e2e: Homogenize profiles (7798e19)
• e2e: Hot reload ory kratos on changes (841da09)
• e2e: Implement recovery tests for SPA (3dea57f)
• e2e: Implement required verification tests for SPA (fb55f34)
• e2e: Improve stability for login tests (43df22b)
• e2e: Improve stability for registration tests (a1c59a3)
• e2e: Improve test reliability (061a7e3)
• e2e: Migrate email tests to new proxy set up (54d8cd6)
• e2e: Migrate settings tests to typescript and add SPA tests (566336d)
• e2e: Move config to lower level and publish as package (c21fa26)
• e2e: Move registration tests to new proxy set up (eddeb85)
• e2e: Port mobile test to typescript (db42346)
• e2e: Port remaining e2e tests to typescript (5853d1a)
• e2e: Potentially resolve flaky login test (e237d66)
• e2e: Potentially resolve webauthn startup issues (eae6f5d)
• e2e: Prototype typescript implementation (2e869cf)
• e2e: Recreate identities per flow (1a560a3)
• e2e: Reduce flaky tests (cae86e7)
• e2e: Reduce test flakes in lookup codes (bfea354)
• e2e: Refactor and add support for SPA app (7609219)
• e2e: Remove wait condition (af10b03)
• e2e: Resolve broken test (c7cf134)
• e2e: Resolve flaky test (de7cc59)
• e2e: Resolve flaky test issues (1627745)
• e2e: Resolve next not starting (2a2a3cb)
• e2e: Resolve regression (d62f0c0)
• e2e: Resolve regressions (aaff34e)
• e2e: Resolve regressions (af9aedc)
• e2e: Revert proxy changes (293d920)
• e2e: Stabilize e2e tests (a5dca28)
• e2e: Temporarily add totp to default profile (8ffac9d)
• e2e: Update e2e profiles to new proxy set up (a3204cf)
• e2e: Use 127.0.0.1 to prevent ipv6 issues (6f4b534)
• e2e: Wait for oidc to trigger (9c67c49)
• Enable cookie debug (81c3064)
• Ensure aal and amr is set on recovery (5cbab54), closes #1322
• Ensure aal2 can not be used for oidc (cbbcdd2)
• Ensure aal2 can not be used for password (d9d39f0)
• Ensure authenticated_at after all upgrade (80408b4)
• Ensure redirect_url in password strategy (9eafc10)
• ErrStrategyAsksToReturnToUI behavior (f739018)
• Finalize webauthn tests (97e59e6)
• Fix regressions in the tests (246c580)
• Fix tests in cmd/serve (#1755) (b704d08)
• ID methods of node attributes (ff9ff04)
• Login form submission with AAL (4d54fbb)
• lookup: Add secret_disable to snapshots (68d6a87)
• lookup: Ensure context is cleaned up after use (8a210c4)
• lookup: Refresh and reuse scenarios (89736ed)
• migration: Resolve mysql migration issue with empty array (71a5649)
• Move to cupaloy for snapshots (0cce70f)
• Properly refresh mobile session (c31915d)
• Registry regression (25c88b5)
• Remove todo items (f60050e)
• Resolve flaky config test (147c670)
• Resolve flaky config test (#1832) (db98d01)
• Resolve flaky example tests (#1817) (0e700d8)
• Resolve flaky tests (2bd9100)
• Resolve migratest regressions (e9a1ed1)
• Resolve regressions (1502ca1)
• Resolve regressions (1a93b2f)
• Resolve regressions (64850ed)
• Resolve remaining regressions (f02804c)
• Resolve remaining regressions (0224c22)
• Resolve remaining regressions (1fa2aa5)
• Resolve time locality issues (53b8b2a)
• Restructure session struct tests (50d3f66)
• Session AAL handling (6fea3e5)
• Session activate (c86fa03)
• sql: Fix incorrect UUID (ea2894e)
• Temporarily enable lookup globally (458f559)
• totp: Ensure context is cleaned up after use (1905883)
• Upgrade cypress to 8.x (c8a1dfc)
• Use different return handler (e489a43)
• Various aal combinations for newflow (b095b99)
• Webauth settings flow (4c82772)
• Webauthn aal2 login (60ace8b)
• Webauthn credentials (c3e1184)
• Webauthn credentials counter (f7701f6)
• webauthn: Ensure context is cleaned up after use (7a8055b)

Unclassified

• test(e2e) improve reliability (763dd00)
• Correct session godoc (7108e65)

Changelog

8988fb8 autogen(docs): generate and format documentation
bd57951 autogen(docs): generate and format documentation
a179af5 autogen(docs): generate and format documentation
02c9e26 autogen(docs): generate and format documentation
36bb336 autogen(docs): generate and format documentation
b4346ca autogen(docs): generate and format documentation
e44a9b1 autogen(docs): generate and format documentation
70439b6 autogen(docs): generate and format documentation
25dc73c autogen(docs): generate and format documentation
8f49307 autogen(docs): generate and format documentation
6794723 autogen(docs): generate cli docs
76b402e autogen(docs): generate cli docs
0a8b40b autogen(docs): generate cli docs
77677f6 autogen(docs): generate cli docs
8037284 autogen(docs): generate cli docs
dc36fda autogen(docs): generate cli docs
4450846 autogen(docs): generate cli docs
fc21127 autogen(docs): generate cli docs
63c0e86 autogen(docs): generate cli docs
9e07f6b autogen(docs): generate cli docs
8da4300 autogen(docs): generate cli docs
33395ed autogen(docs): generate cli docs
390ca71 autogen(docs): generate cli docs
3409eda autogen(docs): generate cli docs
693e0e5 autogen(docs): generate cli docs
4c46676 autogen(docs): generate cli docs
0755d41 autogen(docs): generate cli docs
884e031 autogen(docs): generate cli docs
c0ca141 autogen(docs): generate cli docs
1dc9624 autogen(docs): generate cli docs
d4359ff autogen(docs): generate cli docs
21270a8 autogen(docs): generate cli docs
3093b80 autogen(docs): generate cli docs
cfbcb22 autogen(docs): generate cli docs
90c67f2 autogen(docs): generate cli docs
2555feb autogen(docs): generate cli docs
9dfde7d autogen(docs): generate cli docs
6ab68f5 autogen(docs): regenerate and update changelog
42e7b0d autogen(docs): regenerate and update changelog
5b456b3 autogen(docs): regenerate and update changelog
c538538 autogen(docs): regenerate and update changelog
71442e9 autogen(docs): regenerate and update changelog
43c3150 autogen(docs): regenerate and update changelog
cf8c7b3 autogen(docs): regenerate and update changelog
729a28c autogen(docs): regenerate and update changelog
fc6a976 autogen(docs): regenerate and update changelog
0b6da5e autogen(docs): regenerate and update changelog
62f925f autogen(docs): regenerate and update changelog
28ad689 autogen(docs): regenerate and update changelog
5f6d369 autogen(docs): update milestone document
31162d2 autogen(docs): update milestone document
7f41777 autogen(docs): update milestone document
a720bbf autogen(docs): update milestone document
0c934d6 autogen(docs): update milestone document
aac05d1 autogen(docs): update milestone document
4f78407 autogen(docs): update milestone document
131e62e autogen(docs): update milestone document
9f903f6 autogen(docs): update milestone document
b4972b1 autogen(docs): update milestone document
7a1be57 autogen(docs): update milestone document
dd6a06f autogen(docs): update milestone document
db1ec36 autogen(docs): update milestone document
1cb20df autogen(docs): update milestone document
c6aa6b5 autogen(docs): update milestone document
9c365ea autogen(docs): update milestone document
d200c08 autogen(docs): update milestone document
6b1ee99 autogen(docs): update milestone document
d2ae1be autogen(openapi): Regenerate openapi spec and internal client
521b246 autogen(openapi): Regenerate openapi spec and internal client
ae86860 autogen: add v0.7.6-alpha.1 to version.schema.json
c2c902c autogen: pin v0.8.0-alpha.1 release commit
e50a698 autogen: pin v0.8.0-alpha.1.pre.0 release commit
c9b95e0 autogen: pin v0.8.0-alpha.1.pre.1 release commit
dbe8fe3 autogen: pin v0.8.0-alpha.1.pre.3 release commit
e184542 chore: add got
a69dfd7 chore: bump cypress
fba1a12 chore: bump ory/cli in makefile
da9bbdd chore: bump packages
89e5a9d chore: clean up strategy test
480fb36 chore: cleanup
b1a0713 chore: cleanup
a6dfc41 chore: format
7880294 chore: format
7cfde27 chore: format
afabb86 chore: format
81da04d chore: format and regenerate sdk
02d894d chore: regen docs
70a792a chore: regenerate SDK
9833962 chore: regenerate SDK
3c502f8 chore: regenerate SDK
e5d0eeb chore: regenerate docs
f4d89ea chore: regenerate internal sdk
5a67280 chore: regenerate sdk
3666421 chore: regenerate sdks
89e5921 chore: remove local replaces
0ef3d57 chore: remove obsolete comment
f6479fb chore: rename file to fix docs build in other repos
164a90d chore: replace deprecated go-jwt dependency (#1808)
7a8466c chore: replaced function call with helper function (#1875)
990a39b chore: typos and format
3ad2d04 chore: update OpenAPI spec and SDK (#1821)
be99f8e chore: update cypress
2875b0f chore: update docusaurus template
21f3535 chore: update docusaurus template (#1797)
40ba147 chore: update docusaurus template (#1814)
6adea4f chore: update go dependencies
b53ffe4 chore: update go.mod
830ae30 chore: update modules
034806f chore: update repository templates
56eb5c6 chore: update repository templates
31cbcd3 chore: update repository templates (#1762)
c2d876d chore: update repository templates (#1763)
387e1c2 chore: update repository templates (#1764)
2290a02 chore: update repository templates (#1768)
2c7467d chore: update repository templates (#1840)
fc4b2a5 chore: update repository templates (#1884)
b8edef3 chore: update repository templates to 8191b78131173cce8788143f6ad95119d9b813c5
761d6b6 chore: upgrade crdb
69df0cc chore: upgrade cypress
67ae276 ci: add browser-tools orb
e57f303 ci: bump browser tools
285cb0a ci: bump orbs
76159a2 ci: ignore test directories in codeql
ec04a85 ci: install browser tools
5a18229 ci: resolve cypress issue with display being set
8e2cc4b ci: use correct crdb start cmd
7108e65 doc: correct session godoc
c1f501e docs(credentials): add AAL explanation
f7899a7 docs: add 2fa credentials
b4eed76 docs: add 2fa guide
81ba264 docs: add a commandline example for the logout (#1753)
ac88060 docs: add admin ui guide
5e3a2cd docs: add advanced custom UI documentation
6bc93ca docs: add image assets
4270140 docs: add missing angle bracket (#1799)
626c0c9 docs: add ory sessions as a concept
e945336 docs: add powershell to deps (#1853)
3799c24 docs: enhance error return values
8cd6428 docs: fix invalid syntax (#1819)
131d2c2 docs: fix the flow links used for rendering (#1752)
6d621ec docs: fix the invalid links (#1868)
b7f9052 docs: remove obsolete file
72afb81 docs: update generated docs
6c677c4 docs: update quickstart curl examples (#1778)
f007919 docs: use correct link
33cc7e0 feat(hash): PBKDF2 password hash verification (#1774)
882573d feat(identity): add AAL constants
d3f1177 feat(logout): add logout token to browser response (#1758)
6184fe3 feat(persistence): add new columns for mfa
3a82c88 feat(session): respect 2fa enforcement in whoami
a648ba3 feat(totp): add width and height to QR code
19a6bcc feat(totp): support account name setting from schema
198991a feat: API to return access, refresh, id tokens from social sign in (#1818)
b12bf52 feat: add DeleteCredentialsType to identity struct including tests
554d725 feat: add MFA enforcment option to whoami and settings
572a131 feat: add intended_for_someone_else error code
a5c7b11 feat: add aal fallback for existing sessions
035c276 feat: add authenticators after set up
a3ac253 feat: add e2e tests for react native 2fa
dc2adbf feat: add error ids for csrf-related errors
246a045 feat: add error ids for redirect-related errors
087d907 feat: add error ids for session-related errors
50d04ea feat: add explicit return_to to flow objects and API parameters
787558b feat: add ids for user-facing errors for login, registration, settings
63dba73 feat: add initial value to bool checkboxes
723e6ee feat: add internal context to login and registration
afb6895 feat: add internal context to settings flow
d0836be feat: add lookup node to disable lookup
14119b6 feat: add lookup to config
ead3833 feat: add lookup to identity
dac4f75 feat: add lookup to migrations
4096fd3 feat: add mfa for non-browser
ccc64d8 feat: add missing migrations
9d3daa6 feat: add option to disable recovery codes
5b959be feat: add ory cli config
131e380 feat: add schema patch for new initial_value field
de0af95 feat: add script type and discriminator for attributes
7ffe0e9 feat: add smtp headers config option (#1747)
7cc7efa feat: add support for onclick javascript in ui nodes
d1d6617 feat: add totp strategy for settings flow
f8b9582 feat: add webauthn identity credential
3c0d519 feat: adding Dockle Container Linter (#1852)
b8956bc feat: adjust to new aal error handling
cf46339 feat: auto-generate list of messages
aa23d5d feat: endpoint to list all identity schemas (#1703)
c9d22d9 feat: generate sdks and update versions
99db3f0 feat: identity schema validation on startup (#1779)
45467e0 feat: implement AAL for login and sessions
dbd1689 feat: implement endpoint for invalidating all sessions for a given identity (#1740)
8f3ce7b feat: implement lookup code settings and login
e2bfbea feat: improve detection of AAL errors and return 422 instead of 403
b92e00e feat: improve labels for totp and lookup
87907b8 feat: improve session device annotations
37325a1 feat: in docker debug support with delve (#1789)
ade13ea feat: introduce cve scanning (#1798)
e3efc5d feat: mark recovery email address verified (#1665)
34cd5e8 feat: mark required fiels as required
1a1a350 feat: natively support social sign in for single-page apps
68112de feat: potentially add arm64 docker support
c4d8516 feat: proper enum and type assertions for openapi
2717c59 feat: publish webauthn as loadable script instead of eval
8feff8d feat: redirect on login if session aal is not matched
869b4a5 feat: respect webauthn in session aal
16ed123 feat: sign in with apple (#1833)
5c9a494 feat: sort totp nodes
22e4ed1 feat: stubable time in text package
54b4fb6 feat: support apple m1
29c060b feat: support setting the identity state via the admin API (#1805)
74670bb feat: support strategy return to ui for settings
e8f4d3c feat: support webauthn for mfa
3269028 feat: treat lookup as aal2 in session
59e808e feat: use discriminators for ui node types in spec
efe272f feat: use initial_value in lookup strategy
35ea8db fix(link): resolve incorrect response types when opening API recovery link in browser
8dc7059 fix(login): properly handle refresh
5ed4c55 fix(lookup): ensure correct fields are set
dbfe475 fix(lookup): resolve reuse scenarios
2f373f3 fix(lookup): set up codes correctly
71583c5 fix(oidc): ensure nested keys work on login
b877dbe fix(test): OIDC storategy test (#1836)
d096df7 fix(totp): reorder QR
a6595e4 fix(ui): use correct type for anchor
b6123b4 fix(webauthn): support react-based webauth
d3aff6d fix: API client leaks stack trace with an error (#1772)
b9d253e fix: Add middleware earlier #1775 (#1776)
11b25de fix: OIDC provider field in spec (#1809)
1442784 fix: add error id
436992d fix: add mfa e2e test scenarios and resolve found issues
2ec801f fix: allow refresh and aal upgrade at the same time
1e457e3 fix: better const handling for internal context
d614f2a fix: correct swagger path for /identities/:id/session endpoint (#1756)
febf75a fix: decoder regression in registration
e48d90a fix: deterministic clidoc dates
7278589 fix: disable totp per default
a830f5b fix: docs autogen should not use time.Now
77ce709 fix: ensure correct error propagation
a10b385 fix: ensure refresh issues a new session when the identity changes
d615734 fix: ensure return_to works for OIDC flows
284cf29 fix: explicit validation for return to in new flows
0a7c812 fix: follow chrome webauthn best practice recommendation
1b50963 fix: githup-app name in config (#1822)
0e8d481 fix: handle return errors on the frontend and break early
57fd99a fix: identity credential identifiers are now unique per method
f793fe5 fix: improve schema validation error tracing
1501f56 fix: incorrect JSON response for browser flows
e5a98e5 fix: kill modd as well
bf2ec6e fix: omitempty for VerifiedAt and StateChangedAt (#1736)
4c5677f fix: only respect required modules for SDK
0a49f27 fix: panic when recovering deactivated user
693a928 fix: potentially resolve hanging postgres connection closing
49b6288 fix: properly encode aal error
23c12e5 fix: properly open recovery endpoints in browser if flow was initiated via API
4e69123 fix: remove duplicate schema error
0cc984b fix: remove initial_value again as it was not useful outside of booleans
11618ec fix: remove obsolete openapi patch
351760e fix: remove unnecessary cmd reference
2e2b0f8 fix: replace 302 with 303
1aaaa03 fix: resolve clidoc generation issue
1dc7497 fix: resolve merge issues
f7d60c0 fix: resolve openapi issues and regenerate clients
02b9d47 fix: resolve swagger regression
f55f6f6 fix: run format on ts files
ae20c17 fix: slow CLI start-up time
e7ae8d6 fix: try and reduce cookie flakyness
8c4d8a2 fix: typo
539ae73 fix: update schema config location
8736334 fix: use parallelism of 1 in go test
05d73be fix: x-session-token must not be mandatory
4cb082c refactor(courier): support SMTP schemes for implicit TLS, explicit StartTLS, and cleartext SMTP (#1831)
8d1e54b refactor(login): rename forced -> refresh
df4846d refactor(login): support 2FA for non-browser SDKs
a6d134d refactor(session): CreateAndIssueCookie is now UpsertAndIssueCookie
3ec81a2 refactor(session): CreateSession is now UpsertSession
12f98f2 refactor(settings): change settings success response
421a319 refactor: homogenize error messages
0be993b refactor: improved prometheus metrics (#1830)
92087e5 refactor: login flow forced renamed to refresh
01a2602 refactor: move expired error into top-level flow module
0ee67c3 refactor: move homebrew tap to ory/tap
b0a86dc refactor: move node identifiers to node package
8aa5318 refactor: revert decision to return 422 errors and streamline 401/403
3f06738 refactor: sdk API is no v0alpha2
d493d10 revert: 3745014
1af3530 style: format
03e76ea style: format
b8dec6f style: format
3252c10 style: format
fe1d7dd style: format
3f222ab style: format
763dd00 test(e2e) improve reliability
d9a25df test(e2e): add SPA tests for login and refactor tests to typescript
b0c6776 test(e2e): add SPA tests for logout and refactor tests to typescript
a61ed1e test(e2e): add SPA tests for registration and refactor tests to typescript
159b25f test(e2e): add baseurl
0c91f0c test(e2e): add checkboxes to schemas
7d87985 test(e2e): add config for proxy to simplify cy.visit logic
a60d157 test(e2e): add mfa profile
48cd8ae test(e2e): add modd to build
21b35b0 test(e2e): add more helpers and ts defs
755ac60 test(e2e): add more helpers for various flows and proxy settings
30423c9 test(e2e): add more routes to registry
60bd63f test(e2e): add more typings for cypress helpers
8fafc40 test(e2e): add plugin for using got
b5668df test(e2e): add proxy capabilities for react native app
b6014ee test(e2e): add recovery tests for SPA
2625d16 test(e2e): add spa as allowed redirect url
c82d68d test(e2e): add support functions and type definitions
4806add test(e2e): clean up helper
2196129 test(e2e): complete SPA tests for all mfa flows
72f2c5f test(e2e): default and empty values and required fields
287269c test(e2e): ensure advanced types work in forms also
a9ff545 test(e2e): ensure correct app
acf5c3d test(e2e): finalize mobile tests
a49eda8 test(e2e): force port
7798e19 test(e2e): homogenize profiles
841da09 test(e2e): hot reload ory kratos on changes
3dea57f test(e2e): implement recovery tests for SPA
fb55f34 test(e2e): implement required verification tests for SPA
43df22b test(e2e): improve stability for login tests
a1c59a3 test(e2e): improve stability for registration tests
061a7e3 test(e2e): improve test reliability
54d8cd6 test(e2e): migrate email tests to new proxy set up
566336d test(e2e): migrate settings tests to typescript and add SPA tests
c21fa26 test(e2e): move config to lower level and publish as package
eddeb85 test(e2e): move registration tests to new proxy set up
db42346 test(e2e): port mobile test to typescript
5853d1a test(e2e): port remaining e2e tests to typescript
e237d66 test(e2e): potentially resolve flaky login test
eae6f5d test(e2e): potentially resolve webauthn startup issues
2e869cf test(e2e): prototype typescript implementation
1a560a3 test(e2e): recreate identities per flow
cae86e7 test(e2e): reduce flaky tests
bfea354 test(e2e): reduce test flakes in lookup codes
7609219 test(e2e): refactor and add support for SPA app
af10b03 test(e2e): remove wait condition
c7cf134 test(e2e): resolve broken test
de7cc59 test(e2e): resolve flaky test
1627745 test(e2e): resolve flaky test issues
2a2a3cb test(e2e): resolve next not starting
d62f0c0 test(e2e): resolve regression
aaff34e test(e2e): resolve regressions
af9aedc test(e2e): resolve regressions
293d920 test(e2e): revert proxy changes
a5dca28 test(e2e): stabilize e2e tests
8ffac9d test(e2e): temporarily add totp to default profile
a3204cf test(e2e): update e2e profiles to new proxy set up
6f4b534 test(e2e): use 127.0.0.1 to prevent ipv6 issues
9c67c49 test(e2e): wait for oidc to trigger
68d6a87 test(lookup): add secret_disable to snapshots
8a210c4 test(lookup): ensure context is cleaned up after use
89736ed test(lookup): refresh and reuse scenarios
71a5649 test(migration): resolve mysql migration issue with empty array
ea2894e test(sql): fix incorrect UUID
1905883 test(totp): ensure context is cleaned up after use
7a8055b test(webauthn): ensure context is cleaned up after use
2ca153f test: AcceptToRedirectOrJSON
f739018 test: ErrStrategyAsksToReturnToUI behavior
ff9ff04 test: ID methods of node attributes
5986e38 test: aal in login.NewFlow
7431e9f test: add TOTP to profile
152bfc7 test: add TestEnsureInternalContext
58b388c test: add credentials test
3bdb8ab test: add expired test to login handler
5eb090b test: add identity change test to settings submit
20617f6 test: add initial spa e2e test
c9d456b test: add initial totp integration tests
a71cadd test: add login tests
3c96ab0 test: add migrations tests for new tables
1214eee test: add react app to e2e tests
c4f05ba test: add schema test for totp config
eedb60b test: add session amr test
6959565 test: add settings tests
14731c4 test: add test for TOTPIssuer
3977a9c test: add test for ui error page
817e3ec test: add totp registry tests
c5a0d0f test: add totp settings tests
47bd057 test: add update session test
a40d7fe test: additional checks for flow hydration
b0b2d81 test: amr persistence
a23d851 test: check if internal context is validated in store
03b37e7 test: checkAAL
6e503cf test: complete TOTP login integration tests
81c3064 test: enable cookie debug
5cbab54 test: ensure aal and amr is set on recovery
cbbcdd2 test: ensure aal2 can not be used for oidc
d9d39f0 test: ensure aal2 can not be used for password
80408b4 test: ensure authenticated_at after all upgrade
9eafc10 test: ensure redirect_url in password strategy
97e59e6 test: finalize webauthn tests
246c580 test: fix regressions in the tests
b704d08 test: fix tests in cmd/serve (#1755)
4d54fbb test: login form submission with AAL
0cce70f test: move to cupaloy for snapshots
c31915d test: properly refresh mobile session
25c88b5 test: registry regression
f60050e test: remove todo items
147c670 test: resolve flaky config test
db98d01 test: resolve flaky config test (#1832)
0e700d8 test: resolve flaky example tests (#1817)
2bd9100 test: resolve flaky tests
e9a1ed1 test: resolve migratest regressions
1a93b2f test: resolve regressions
64850ed test: resolve regressions
1502ca1 test: resolve regressions
0224c22 test: resolve remaining regressions
1fa2aa5 test: resolve remaining regressions
f02804c test: resolve remaining regressions
53b8b2a test: resolve time locality issues
50d3f66 test: restructure session struct tests
6fea3e5 test: session AAL handling
c86fa03 test: session activate
458f559 test: temporarily enable lookup globally
c8a1dfc test: upgrade cypress to 8.x
e489a43 test: use different return handler
b095b99 test: various aal combinations for newflow
4c82772 test: webauth settings flow
60ace8b test: webauthn aal2 login
c3e1184 test: webauthn credentials
f7701f6 test: webauthn credentials counter

Docker images

• docker pull oryd/kratos:v0-sqlite
• docker pull oryd/kratos:v0.8-sqlite
• docker pull oryd/kratos:v0.8.0-sqlite
• docker pull oryd/kratos:v0.8.0-alpha.1-sqlite
• docker pull oryd/kratos:latest-sqlite
• docker pull oryd/kratos:v0
• docker pull oryd/kratos:v0.8
• docker pull oryd/kratos:v0.8.0
• docker pull oryd/kratos:v0.8.0-alpha.1