ory/kratos v0.8.0-alpha.1.pre.3

on GitHub

Breaking Changes

The location of the homebrew tap has changed from ory/ory/kratos to ory/tap/kratos.

To stay consistent with other query parameter's, the self-service login flow's forced key has been renamed to refresh.

The SDKs are now generated with tag v0alpha2 to reflect that some signatures have changed in a breaking fashion. Please update your imports from v0alpha1 to v0alpha2.

To support 2FA on non-browser (e.g. native mobile) apps we have added the Ory Session Token as a possible parameter to both initializeSelfServiceLoginFlowWithoutBrowser and submitSelfServiceLoginFlow. Depending on the SDK generator, the order of the arguments may have changed. In JavaScript:

- .submitSelfServiceLoginFlow(flow.id, payload)
+ .submitSelfServiceLoginFlow(flow.id, sessionToken, payload)
+ // or if the user has no session yet:
+ .submitSelfServiceLoginFlow(flow.id, undefined, payload)

To improve the overall API design we have changed the result of POST /self-service/settings. Instead of having flow be a key, the flow is now the response. The updated identity payload stays the same!

 {
-  "flow": {
-    "id": "flow-id-..."
-    ...
-  },
+  "id": "flow-id-..."
+  ...
   "identity": {
     "id": "identity-id-..."
   }
 }

The SMTPS scheme used in courier config url with cleartext/StartTLS/TLS SMTP connection types is now only supporting implicit TLS. For StartTLS and cleartext SMTP, please use the smtp scheme instead.

Example:

• SMTP Cleartext: smtp://foo:bar@my-mailserver:1234/?disable_starttls=true
  
• SMTP with StartTLS: smtps://foo:bar@my-mailserver:1234/ -> smtp://foo:bar@my-mailserver:1234/
  
• SMTP with implicit TLS: smtps://foo:bar@my-mailserver:1234/?legacy_ssl=true -> smtps://foo:bar@my-mailserver:1234/
  

This patch changes the naming and number of prometheus metrics (see: https://github.com/ory/x/pull/379). In short: all metrics will have now http_ prefix to conform to Prometheus best practices.

Bug Fixes

• Add error id (1442784)
  
• Add mfa e2e test scenarios and resolve found issues (436992d)
  
• Add middleware earlier #1775 (#1776) (b9d253e)
  
• Allow refresh and aal upgrade at the same time (2ec801f)
  
• API client leaks stack trace with an error (#1772) (d3aff6d), closes #1771
  
• Better const handling for internal context (1e457e3)
  
• Correct swagger path for /identities/:id/session endpoint (#1756) (d614f2a)
  
• Decoder regression in registration (febf75a)
  
• Deterministic clidoc dates (e48d90a)
  
• Disable totp per default (7278589)
  
• Docs autogen should not use time.Now (a830f5b)
  
• Ensure correct error propagation (77ce709)
  
• Ensure refresh issues a new session when the identity changes (a10b385)
  
• Ensure return_to works for OIDC flows (d615734), closes #1773
  
• Explicit validation for return to in new flows (284cf29)
  
• Follow chrome webauthn best practice recommendation (0a7c812)
  
• Githup-app name in config (#1822) (1b50963)
  
• Handle return errors on the frontend and break early (0e8d481):
  

Closes https://github.com/ory-corp/cloud/issues/1426

• Identity credential identifiers are now unique per method (57fd99a)
  
• Improve schema validation error tracing (f793fe5)
  
• Incorrect JSON response for browser flows (1501f56)
  
• Kill modd as well (e5a98e5)
  
• link: Resolve incorrect response types when opening API recovery link in browser (35ea8db)
  
• login: Properly handle refresh (8dc7059)
  
• lookup: Ensure correct fields are set (5ed4c55)
  
• lookup: Resolve reuse scenarios (dbfe475)
  
• lookup: Set up codes correctly (2f373f3)
  
• OIDC provider field in spec (#1809) (11b25de)
  
• oidc: Ensure nested keys work on login (71583c5)
  
• Omitempty for VerifiedAt and StateChangedAt (#1736) (bf2ec6e):
  

Closes https://github.com/ory/sdk/issues/95

• Only respect required modules for SDK (4c5677f)
  
• Panic when recovering deactivated user (0a49f27), closes #1794 #1826
  
• Potentially resolve hanging postgres connection closing (693a928)
  
• Properly encode aal error (49b6288)
  
• Properly open recovery endpoints in browser if flow was initiated via API (23c12e5)
  
• Remove duplicate schema error (4e69123)
  
• Remove initial_value again as it was not useful outside of booleans (0cc984b)
  
• Remove obsolete openapi patch (11618ec)
  
• Remove unnecessary cmd reference (351760e)
  
• Replace 302 with 303 (2e2b0f8)
  
• Resolve clidoc generation issue (1aaaa03)
  
• Resolve merge issues (1dc7497)
  
• Resolve openapi issues and regenerate clients (f7d60c0)
  
• Resolve swagger regression (02b9d47)
  
• Run format on ts files (f55f6f6)
  
• Slow CLI start-up time (ae20c17):
  

Found a deeply nested dependency which was importing https://github.com/markbates/pkger, causing unreasonable CPU consumption and significant delay at start up time. With this patch, start up time was reduced from almost 3s to ~0.01s.

  $ time kratos
  kratos  2.55s user 2.46s system 508% cpu 0.986 total

  $ time ./kratos-patch
  ./kratos-patch  0.00s user 0.00s system 64% cpu 0.001 total

• test: OIDC storategy test (#1836) (b877dbe)
  
• totp: Reorder QR (d096df7)
  
• Try and reduce cookie flakyness (e7ae8d6)
  
• Typo (8c4d8a2)
  
• ui: Use correct type for anchor (a6595e4)
  
• Update schema config location (539ae73)
  
• Use parallelism of 1 in go test (8736334)
  
• webauthn: Support react-based webauth (b6123b4)
  
• X-session-token must not be mandatory (05d73be)
  

Code Generation

• Pin v0.8.0-alpha.1.pre.3 release commit (dbe8fe3)
  

Code Refactoring

• courier: Support SMTP schemes for implicit TLS, explicit StartTLS, and cleartext SMTP (#1831) (4cb082c), closes #1770 #1769
  
• Homogenize error messages (421a319)
  
• Improved prometheus metrics (#1830) (0be993b), closes #1735:
  

This will add new prometheus metrics for Kratos that are more useful for alerting and increase overall observability.

• Login flow forced renamed to refresh (92087e5)
  
• login: Rename forced -> refresh (8d1e54b)
  
• login: Support 2FA for non-browser SDKs (df4846d)
  
• Move expired error into top-level flow module (01a2602)
  
• Move homebrew tap to ory/tap (0ee67c3)
  
• Move node identifiers to node package (b0a86dc)
  
• Revert decision to return 422 errors and streamline 401/403 (8aa5318)
  
• Sdk API is no v0alpha2 (3f06738)
  
• session: CreateAndIssueCookie is now UpsertAndIssueCookie (a6d134d)
  
• session: CreateSession is now UpsertSession (3ec81a2)
  
• settings: Change settings success response (12f98f2)
  

Documentation

• Add 2fa credentials (f7899a7)
  
• Add 2fa guide (b4eed76)
  
• Add a commandline example for the logout (#1753) (81ba264)
  
• Add admin ui guide (ac88060)
  
• Add advanced custom UI documentation (5e3a2cd)
  
• Add image assets (6bc93ca)
  
• Add missing angle bracket (#1799) (4270140)
  
• Add ory sessions as a concept (626c0c9)
  
• Add powershell to deps (#1853) (e945336), closes #1848
  
• credentials: Add AAL explanation (c1f501e)
  
• Enhance error return values (3799c24)
  
• Fix invalid syntax (#1819) (8cd6428)
  
• Fix the flow links used for rendering (#1752) (131d2c2)
  
• Fix the invalid links (#1868) (6d621ec)
  
• Remove obsolete file (b7f9052)
  
• Update generated docs (72afb81)
  
• Update quickstart curl examples (#1778) (6c677c4)
  
• Use correct link (f007919), closes #1793
  

Features

• Add intended_for_someone_else error code (572a131)
  
• Add aal fallback for existing sessions (a5c7b11)
  
• Add authenticators after set up (035c276)
  
• Add DeleteCredentialsType to identity struct including tests (b12bf52)
  
• Add e2e tests for react native 2fa (a3ac253)
  
• Add error ids for csrf-related errors (dc2adbf)
  
• Add error ids for redirect-related errors (246a045)
  
• Add error ids for session-related errors (087d907)
  
• Add explicit return_to to flow objects and API parameters (50d04ea), closes #1605 #1121:
  

This patch adds a return_to field to the flow objects which contains the original ?return_to=... value. It uses the Flow's request_url for that purpose.

• Add ids for user-facing errors for login, registration, settings (787558b):
  

This patch adds a new field id to JSON error payloads. This helps tremendously in implementing better client-side (native / SPA) apps as the API now returns error IDs like no_active_session, orbidden_return_to, no_verified_address and more. UIs can use these IDs to decide what to do next in the application - for example redirecting to a particular endpoint or showing an error message.

• Add initial value to bool checkboxes (63dba73)
  
• Add internal context to login and registration (723e6ee)
  
• Add internal context to settings flow (afb6895)
  
• Add lookup node to disable lookup (d0836be):
  

See https://github.com/ory/cloud/issues/12

• Add lookup to config (14119b6)
  
• Add lookup to identity (ead3833)
  
• Add lookup to migrations (dac4f75)
  
• Add MFA enforcment option to whoami and settings (554d725)
  
• Add mfa for non-browser (4096fd3)
  
• Add missing migrations (ccc64d8)
  
• Add option to disable recovery codes (9d3daa6):
  

Closes https://github.com/ory/cloud/issues/12

• Add ory cli config (5b959be)
  
• Add schema patch for new initial_value field (131e380):
  

The field sets a node input's initial value. This is primarily used for fields which are e.g. checkboxes or buttons (active/inactive). If this field is set on a button, it implies that clicking the button should trigger the "value" to be set.

• Add script type and discriminator for attributes (de0af95):
  

See https://github.com/ory/sdk/issues/72

• Add smtp headers config option (#1747) (7ffe0e9), closes #1725
  
• Add support for onclick javascript in ui nodes (7cc7efa)
  
• Add totp strategy for settings flow (d1d6617):
  

This patch allows adding a TOTP device in the settings, and also removing it when no longer needed.

• Add webauthn identity credential (f8b9582)
  
• Adding Dockle Container Linter (#1852) (3c0d519)
  
• Adjust to new aal error handling (b8956bc)
  
• API to return access, refresh, id tokens from social sign in (#1818) (198991a), closes #1518 #397:
  

This patch introduces the new include_credential query parameter to the GET /identities endpoint which allows administrators to receive the initial access, refresh, and ID tokens from Social Sign In (OpenID Connect / OAuth 2.0) flows.

These tokens can be stored in an encrypted format (XChaCha20Poly1305 or AES-GCM) in the database if an appropriate encryption secret is set. To get started easily these values are not encrypted per default.

For more information head over to the docs.

• Auto-generate list of messages (cf46339), closes #1784
  
• Endpoint to list all identity schemas (#1703) (aa23d5d), closes #1699
  
• Generate sdks and update versions (c9d22d9)
  
• Identity schema validation on startup (#1779) (99db3f0), closes #701
  
• identity: Add AAL constants (882573d)
  
• Implement AAL for login and sessions (45467e0)
  
• Implement endpoint for invalidating all sessions for a given identity (#1740) (dbd1689), closes #655:
  

This PR introduces endpoint to destroy all sessions for a given identity which effectively logouts user from all devices/sessions. This is useful when for some security concern we want to make sure there are no "old" sessions active or other "staff" related actions (such as force logout after password change etc.).

• Implement lookup code settings and login (8f3ce7b)
  
• Improve detection of AAL errors and return 422 instead of 403 (e2bfbea)
  
• Improve labels for totp and lookup (b92e00e)
  
• Improve session device annotations (87907b8)
  
• In docker debug support with delve (#1789) (37325a1)
  
• Introduce cve scanning (#1798) (ade13ea)
  
• logout: Add logout token to browser response (#1758) (d3f1177)
  
• Mark recovery email address verified (#1665) (e3efc5d), closes #1662
  
• Mark required fiels as required (34cd5e8):
  

Closes https://github.com/ory-corp/cloud/issues/1328
Closes https://github.com/ory/kratos/issues/400
Closes https://github.com/ory/kratos/issues/1058
See https://ory-community.slack.com/archives/C012RJ2MQ1H/p1631825476159000

• Natively support social sign in for single-page apps (1a1a350)
  
• persistence: Add new columns for mfa (6184fe3)
  
• Potentially add arm64 docker support (68112de)
  
• Proper enum and type assertions for openapi (c4d8516)
  
• Publish webauthn as loadable script instead of eval (2717c59)
  
• Redirect on login if session aal is not matched (8feff8d)
  
• Respect webauthn in session aal (869b4a5)
  
• session: Respect 2fa enforcement in whoami (3a82c88)
  
• Sign in with apple (#1833) (16ed123), closes #1782:
  

Adds an adapter and configuration options for enabling Social Sign In with Apple.

• Sort totp nodes (5c9a494)
  
• Stubable time in text package (22e4ed1)
  
• Support apple m1 (54b4fb6)
  
• Support setting the identity state via the admin API (#1805) (29c060b), closes #1767
  
• Support strategy return to ui for settings (74670bb)
  
• Support webauthn for mfa (e8f4d3c)
  
• totp: Add width and height to QR code (a648ba3)
  
• totp: Support account name setting from schema (19a6bcc)
  
• Treat lookup as aal2 in session (3269028)
  
• Use discriminators for ui node types in spec (59e808e)
  
• Use initial_value in lookup strategy (efe272f)
  

Reverts

• 3745014 (d493d10)
  

Tests

• Aal in login.NewFlow (5986e38)
  
• AcceptToRedirectOrJSON (2ca153f)
  
• Add credentials test (58b388c)
  
• Add expired test to login handler (3bdb8ab)
  
• Add identity change test to settings submit (5eb090b)
  
• Add initial spa e2e test (20617f6)
  
• Add initial totp integration tests (c9d456b)
  
• Add login tests (a71cadd)
  
• Add migrations tests for new tables (3c96ab0)
  
• Add react app to e2e tests (1214eee)
  
• Add schema test for totp config (c4f05ba)
  
• Add session amr test (eedb60b)
  
• Add settings tests (6959565)
  
• Add test for TOTPIssuer (14731c4)
  
• Add test for ui error page (3977a9c)
  
• Add TestEnsureInternalContext (152bfc7)
  
• Add totp registry tests (817e3ec)
  
• Add totp settings tests (c5a0d0f)
  
• Add TOTP to profile (7431e9f)
  
• Add update session test (47bd057)
  
• Additional checks for flow hydration (a40d7fe)
  
• Amr persistence (b0b2d81)
  
• Check if internal context is validated in store (a23d851)
  
• CheckAAL (03b37e7)
  
• Complete TOTP login integration tests (6e503cf)
  
• e2e: Add baseurl (159b25f)
  
• e2e: Add checkboxes to schemas (0c91f0c)
  
• e2e: Add config for proxy to simplify cy.visit logic (7d87985)
  
• e2e: Add mfa profile (a60d157)
  
• e2e: Add modd to build (48cd8ae)
  
• e2e: Add more helpers and ts defs (21b35b0)
  
• e2e: Add more helpers for various flows and proxy settings (755ac60)
  
• e2e: Add more routes to registry (30423c9)
  
• e2e: Add more typings for cypress helpers (60bd63f)
  
• e2e: Add plugin for using got (8fafc40)
  
• e2e: Add proxy capabilities for react native app (b5668df)
  
• e2e: Add recovery tests for SPA (b6014ee)
  
• e2e: Add spa as allowed redirect url (2625d16)
  
• e2e: Add SPA tests for login and refactor tests to typescript (d9a25df)
  
• e2e: Add SPA tests for logout and refactor tests to typescript (b0c6776)
  
• e2e: Add SPA tests for registration and refactor tests to typescript (a61ed1e)
  
• e2e: Add support functions and type definitions (c82d68d)
  
• e2e: Clean up helper (4806add)
  
• e2e: Complete SPA tests for all mfa flows (2196129)
  
• e2e: Default and empty values and required fields (72f2c5f)
  
• e2e: Ensure advanced types work in forms also (287269c)
  
• e2e: Ensure correct app (a9ff545)
  
• e2e: Finalize mobile tests (acf5c3d)
  
• e2e: Force port (a49eda8)
  
• e2e: Homogenize profiles (7798e19)
  
• e2e: Hot reload ory kratos on changes (841da09)
  
• e2e: Implement recovery tests for SPA (3dea57f)
  
• e2e: Implement required verification tests for SPA (fb55f34)
  
• e2e: Improve stability for login tests (43df22b)
  
• e2e: Improve stability for registration tests (a1c59a3)
  
• e2e: Improve test reliability (061a7e3)
  
• e2e: Migrate email tests to new proxy set up (54d8cd6)
  
• e2e: Migrate settings tests to typescript and add SPA tests (566336d)
  
• e2e: Move config to lower level and publish as package (c21fa26)
  
• e2e: Move registration tests to new proxy set up (eddeb85)
  
• e2e: Port mobile test to typescript (db42346)
  
• e2e: Port remaining e2e tests to typescript (5853d1a)
  
• e2e: Potentially resolve flaky login test (e237d66)
  
• e2e: Potentially resolve webauthn startup issues (eae6f5d)
  
• e2e: Prototype typescript implementation (2e869cf)
  
• e2e: Recreate identities per flow (1a560a3)
  
• e2e: Reduce flaky tests (cae86e7)
  
• e2e: Reduce test flakes in lookup codes (bfea354)
  
• e2e: Refactor and add support for SPA app (7609219)
  
• e2e: Remove wait condition (af10b03)
  
• e2e: Resolve broken test (c7cf134)
  
• e2e: Resolve flaky test (de7cc59)
  
• e2e: Resolve flaky test issues (1627745)
  
• e2e: Resolve next not starting (2a2a3cb)
  
• e2e: Resolve regression (d62f0c0)
  
• e2e: Resolve regressions (aaff34e)
  
• e2e: Resolve regressions (af9aedc)
  
• e2e: Revert proxy changes (293d920)
  
• e2e: Stabilize e2e tests (a5dca28)
  
• e2e: Temporarily add totp to default profile (8ffac9d)
  
• e2e: Update e2e profiles to new proxy set up (a3204cf)
  
• e2e: Use 127.0.0.1 to prevent ipv6 issues (6f4b534)
  
• e2e: Wait for oidc to trigger (9c67c49)
  
• Enable cookie debug (81c3064)
  
• Ensure aal and amr is set on recovery (5cbab54), closes #1322
  
• Ensure aal2 can not be used for oidc (cbbcdd2)
  
• Ensure aal2 can not be used for password (d9d39f0)
  
• Ensure authenticated_at after all upgrade (80408b4)
  
• Ensure redirect_url in password strategy (9eafc10)
  
• ErrStrategyAsksToReturnToUI behavior (f739018)
  
• Finalize webauthn tests (97e59e6)
  
• Fix regressions in the tests (246c580)
  
• Fix tests in cmd/serve (#1755) (b704d08)
  
• ID methods of node attributes (ff9ff04)
  
• Login form submission with AAL (4d54fbb)
  
• lookup: Add secret_disable to snapshots (68d6a87)
  
• lookup: Ensure context is cleaned up after use (8a210c4)
  
• lookup: Refresh and reuse scenarios (89736ed)
  
• migration: Resolve mysql migration issue with empty array (71a5649)
  
• Move to cupaloy for snapshots (0cce70f)
  
• Properly refresh mobile session (c31915d)
  
• Registry regression (25c88b5)
  
• Remove todo items (f60050e)
  
• Resolve flaky config test (147c670)
  
• Resolve flaky config test (#1832) (db98d01)
  
• Resolve flaky example tests (#1817) (0e700d8)
  
• Resolve flaky tests (2bd9100)
  
• Resolve migratest regressions (e9a1ed1)
  
• Resolve regressions (1502ca1)
  
• Resolve regressions (1a93b2f)
  
• Resolve regressions (64850ed)
  
• Resolve remaining regressions (f02804c)
  
• Resolve remaining regressions (0224c22)
  
• Resolve remaining regressions (1fa2aa5)
  
• Resolve time locality issues (53b8b2a)
  
• Restructure session struct tests (50d3f66)
  
• Session AAL handling (6fea3e5)
  
• Session activate (c86fa03)
  
• sql: Fix incorrect UUID (ea2894e)
  
• Temporarily enable lookup globally (458f559)
  
• totp: Ensure context is cleaned up after use (1905883)
  
• Upgrade cypress to 8.x (c8a1dfc)
  
• Use different return handler (e489a43)
  
• Various aal combinations for newflow (b095b99)
  
• Webauth settings flow (4c82772)
  
• Webauthn aal2 login (60ace8b)
  
• Webauthn credentials (c3e1184)
  
• Webauthn credentials counter (f7701f6)
  
• webauthn: Ensure context is cleaned up after use (7a8055b)
  

Unclassified

• test(e2e) improve reliability (763dd00)
  
• Correct session godoc (7108e65)
  

Changelog

36bb336a autogen(docs): generate and format documentation
25dc73c9 autogen(docs): generate and format documentation
8f493078 autogen(docs): generate and format documentation
8988fb8d autogen(docs): generate and format documentation
70439b6d autogen(docs): generate and format documentation
bd579513 autogen(docs): generate and format documentation
b4346ca7 autogen(docs): generate and format documentation
a179af5b autogen(docs): generate and format documentation
c0ca141b autogen(docs): generate cli docs
80372841 autogen(docs): generate cli docs
dc36fdab autogen(docs): generate cli docs
2555feb3 autogen(docs): generate cli docs
9e07f6b6 autogen(docs): generate cli docs
90c67f2a autogen(docs): generate cli docs
fc211279 autogen(docs): generate cli docs
d4359ffe autogen(docs): generate cli docs
67947239 autogen(docs): generate cli docs
0a8b40b9 autogen(docs): generate cli docs
693e0e59 autogen(docs): generate cli docs
1dc96243 autogen(docs): generate cli docs
884e031e autogen(docs): generate cli docs
0755d416 autogen(docs): generate cli docs
4450846d autogen(docs): generate cli docs
76b402e9 autogen(docs): generate cli docs
21270a85 autogen(docs): generate cli docs
390ca715 autogen(docs): generate cli docs
cfbcb22b autogen(docs): generate cli docs
3093b803 autogen(docs): generate cli docs
3409eda6 autogen(docs): generate cli docs
9dfde7d4 autogen(docs): generate cli docs
77677f6b autogen(docs): generate cli docs
63c0e86a autogen(docs): generate cli docs
4c46676c autogen(docs): generate cli docs
33395edb autogen(docs): generate cli docs
8da43001 autogen(docs): generate cli docs
43c31502 autogen(docs): regenerate and update changelog
71442e9d autogen(docs): regenerate and update changelog
42e7b0d8 autogen(docs): regenerate and update changelog
6ab68f50 autogen(docs): regenerate and update changelog
cf8c7b39 autogen(docs): regenerate and update changelog
fc6a9764 autogen(docs): regenerate and update changelog
729a28c6 autogen(docs): regenerate and update changelog
5b456b3c autogen(docs): regenerate and update changelog
28ad689b autogen(docs): regenerate and update changelog
62f925f9 autogen(docs): regenerate and update changelog
0b6da5ee autogen(docs): regenerate and update changelog
c5385388 autogen(docs): regenerate and update changelog
aac05d14 autogen(docs): update milestone document
5f6d3698 autogen(docs): update milestone document
9f903f68 autogen(docs): update milestone document
a720bbf5 autogen(docs): update milestone document
0c934d62 autogen(docs): update milestone document
1cb20df1 autogen(docs): update milestone document
dd6a06f0 autogen(docs): update milestone document
6b1ee990 autogen(docs): update milestone document
9c365eac autogen(docs): update milestone document
31162d24 autogen(docs): update milestone document
4f78407a autogen(docs): update milestone document
d200c089 autogen(docs): update milestone document
131e62ea autogen(docs): update milestone document
db1ec368 autogen(docs): update milestone document
7a1be570 autogen(docs): update milestone document
7f41777e autogen(docs): update milestone document
b4972b1b autogen(docs): update milestone document
c6aa6b57 autogen(docs): update milestone document
d2ae1be7 autogen(openapi): Regenerate openapi spec and internal client
521b246f autogen(openapi): Regenerate openapi spec and internal client
ae868609 autogen: add v0.7.6-alpha.1 to version.schema.json
e50a698b autogen: pin v0.8.0-alpha.1.pre.0 release commit
c9b95e0e autogen: pin v0.8.0-alpha.1.pre.1 release commit
dbe8fe3b autogen: pin v0.8.0-alpha.1.pre.3 release commit
e1845420 chore: add got
a69dfd7c chore: bump cypress
fba1a123 chore: bump ory/cli in makefile
da9bbdd8 chore: bump packages
89e5a9d8 chore: clean up strategy test
480fb367 chore: cleanup
b1a0713d chore: cleanup
a6dfc41e chore: format
78802949 chore: format
afabb860 chore: format
7cfde27e chore: format
81da04d4 chore: format and regenerate sdk
02d894d8 chore: regen docs
3c502f82 chore: regenerate SDK
70a792a7 chore: regenerate SDK
98339623 chore: regenerate SDK
e5d0eebf chore: regenerate docs
f4d89ea2 chore: regenerate internal sdk
5a672806 chore: regenerate sdk
3666421a chore: regenerate sdks
89e59210 chore: remove local replaces
0ef3d578 chore: remove obsolete comment
f6479fbe chore: rename file to fix docs build in other repos
164a90d8 chore: replace deprecated go-jwt dependency (#1808)
7a8466c3 chore: replaced function call with helper function (#1875)
990a39b0 chore: typos and format
3ad2d04d chore: update OpenAPI spec and SDK (#1821)
be99f8ec chore: update cypress
2875b0f2 chore: update docusaurus template
21f3535b chore: update docusaurus template (#1797)
40ba1476 chore: update docusaurus template (#1814)
6adea4fc chore: update go dependencies
b53ffe4b chore: update go.mod
830ae305 chore: update modules
56eb5c68 chore: update repository templates
31cbcd38 chore: update repository templates (#1762)
c2d876d3 chore: update repository templates (#1763)
387e1c24 chore: update repository templates (#1764)
2290a020 chore: update repository templates (#1768)
2c7467df chore: update repository templates (#1840)
761d6b69 chore: upgrade crdb
69df0cca chore: upgrade cypress
67ae276b ci: add browser-tools orb
e57f3037 ci: bump browser tools
285cb0a7 ci: bump orbs
76159a2a ci: ignore test directories in codeql
ec04a85c ci: install browser tools
5a18229f ci: resolve cypress issue with display being set
8e2cc4b9 ci: use correct crdb start cmd
7108e654 doc: correct session godoc
c1f501e9 docs(credentials): add AAL explanation
f7899a76 docs: add 2fa credentials
b4eed763 docs: add 2fa guide
81ba2647 docs: add a commandline example for the logout (#1753)
ac88060e docs: add admin ui guide
5e3a2cdb docs: add advanced custom UI documentation
6bc93ca7 docs: add image assets
42701405 docs: add missing angle bracket (#1799)
626c0c90 docs: add ory sessions as a concept
e9453369 docs: add powershell to deps (#1853)
3799c24f docs: enhance error return values
8cd6428e docs: fix invalid syntax (#1819)
131d2c28 docs: fix the flow links used for rendering (#1752)
6d621ec8 docs: fix the invalid links (#1868)
b7f90527 docs: remove obsolete file
72afb81b docs: update generated docs
6c677c49 docs: update quickstart curl examples (#1778)
f007919b docs: use correct link
882573df feat(identity): add AAL constants
d3f1177a feat(logout): add logout token to browser response (#1758)
6184fe38 feat(persistence): add new columns for mfa
3a82c880 feat(session): respect 2fa enforcement in whoami
a648ba3d feat(totp): add width and height to QR code
19a6bcc9 feat(totp): support account name setting from schema
198991a9 feat: API to return access, refresh, id tokens from social sign in (#1818)
b12bf523 feat: add DeleteCredentialsType to identity struct including tests
554d7255 feat: add MFA enforcment option to whoami and settings
572a1315 feat: add intended_for_someone_else error code
a5c7b114 feat: add aal fallback for existing sessions
035c2761 feat: add authenticators after set up
a3ac253b feat: add e2e tests for react native 2fa
dc2adbf5 feat: add error ids for csrf-related errors
246a0453 feat: add error ids for redirect-related errors
087d9073 feat: add error ids for session-related errors
50d04eaa feat: add explicit return_to to flow objects and API parameters
787558b4 feat: add ids for user-facing errors for login, registration, settings
63dba737 feat: add initial value to bool checkboxes
723e6eee feat: add internal context to login and registration
afb6895d feat: add internal context to settings flow
d0836beb feat: add lookup node to disable lookup
14119b62 feat: add lookup to config
ead3833e feat: add lookup to identity
dac4f759 feat: add lookup to migrations
4096fd3f feat: add mfa for non-browser
ccc64d87 feat: add missing migrations
9d3daa65 feat: add option to disable recovery codes
5b959bea feat: add ory cli config
131e3803 feat: add schema patch for new initial_value field
de0af955 feat: add script type and discriminator for attributes
7ffe0e97 feat: add smtp headers config option (#1747)
7cc7efa0 feat: add support for onclick javascript in ui nodes
d1d66170 feat: add totp strategy for settings flow
f8b95828 feat: add webauthn identity credential
3c0d519d feat: adding Dockle Container Linter (#1852)
b8956bc0 feat: adjust to new aal error handling
cf46339b feat: auto-generate list of messages
aa23d5d5 feat: endpoint to list all identity schemas (#1703)
c9d22d91 feat: generate sdks and update versions
99db3f03 feat: identity schema validation on startup (#1779)
45467e0c feat: implement AAL for login and sessions
dbd1689c feat: implement endpoint for invalidating all sessions for a given identity (#1740)
8f3ce7b3 feat: implement lookup code settings and login
e2bfbea1 feat: improve detection of AAL errors and return 422 instead of 403
b92e00e3 feat: improve labels for totp and lookup
87907b8d feat: improve session device annotations
37325a18 feat: in docker debug support with delve (#1789)
ade13ea0 feat: introduce cve scanning (#1798)
e3efc5d0 feat: mark recovery email address verified (#1665)
34cd5e8e feat: mark required fiels as required
1a1a350a feat: natively support social sign in for single-page apps
68112def feat: potentially add arm64 docker support
c4d8516f feat: proper enum and type assertions for openapi
2717c595 feat: publish webauthn as loadable script instead of eval
8feff8da feat: redirect on login if session aal is not matched
869b4a5a feat: respect webauthn in session aal
16ed123a feat: sign in with apple (#1833)
5c9a4948 feat: sort totp nodes
22e4ed15 feat: stubable time in text package
54b4fb69 feat: support apple m1
29c060bd feat: support setting the identity state via the admin API (#1805)
74670bb4 feat: support strategy return to ui for settings
e8f4d3cb feat: support webauthn for mfa
3269028d feat: treat lookup as aal2 in session
59e808e8 feat: use discriminators for ui node types in spec
efe272f0 feat: use initial_value in lookup strategy
35ea8db3 fix(link): resolve incorrect response types when opening API recovery link in browser
8dc70592 fix(login): properly handle refresh
5ed4c557 fix(lookup): ensure correct fields are set
dbfe475b fix(lookup): resolve reuse scenarios
2f373f34 fix(lookup): set up codes correctly
71583c57 fix(oidc): ensure nested keys work on login
b877dbec fix(test): OIDC storategy test (#1836)
d096df73 fix(totp): reorder QR
a6595e49 fix(ui): use correct type for anchor
b6123b48 fix(webauthn): support react-based webauth
d3aff6d3 fix: API client leaks stack trace with an error (#1772)
b9d253ef fix: Add middleware earlier #1775 (#1776)
11b25deb fix: OIDC provider field in spec (#1809)
14427842 fix: add error id
436992dd fix: add mfa e2e test scenarios and resolve found issues
2ec801f2 fix: allow refresh and aal upgrade at the same time
1e457e3b fix: better const handling for internal context
d614f2a7 fix: correct swagger path for /identities/:id/session endpoint (#1756)
febf75ae fix: decoder regression in registration
e48d90ad fix: deterministic clidoc dates
7278589f fix: disable totp per default
a830f5b3 fix: docs autogen should not use time.Now
77ce709d fix: ensure correct error propagation
a10b3855 fix: ensure refresh issues a new session when the identity changes
d615734c fix: ensure return_to works for OIDC flows
284cf29a fix: explicit validation for return to in new flows
0a7c8128 fix: follow chrome webauthn best practice recommendation
1b509635 fix: githup-app name in config (#1822)
0e8d481c fix: handle return errors on the frontend and break early
57fd99ac fix: identity credential identifiers are now unique per method
f793fe56 fix: improve schema validation error tracing
1501f562 fix: incorrect JSON response for browser flows
e5a98e54 fix: kill modd as well
bf2ec6e6 fix: omitempty for VerifiedAt and StateChangedAt (#1736)
4c5677f3 fix: only respect required modules for SDK
0a49f271 fix: panic when recovering deactivated user
693a9286 fix: potentially resolve hanging postgres connection closing
49b6288c fix: properly encode aal error
23c12e55 fix: properly open recovery endpoints in browser if flow was initiated via API
4e691238 fix: remove duplicate schema error
0cc984b8 fix: remove initial_value again as it was not useful outside of booleans
11618ecc fix: remove obsolete openapi patch
351760ec fix: remove unnecessary cmd reference
2e2b0f84 fix: replace 302 with 303
1aaaa035 fix: resolve clidoc generation issue
1dc74976 fix: resolve merge issues
f7d60c02 fix: resolve openapi issues and regenerate clients
02b9d470 fix: resolve swagger regression
f55f6f69 fix: run format on ts files
ae20c177 fix: slow CLI start-up time
e7ae8d63 fix: try and reduce cookie flakyness
8c4d8a22 fix: typo
539ae730 fix: update schema config location
8736334b fix: use parallelism of 1 in go test
05d73bee fix: x-session-token must not be mandatory
4cb082ce refactor(courier): support SMTP schemes for implicit TLS, explicit StartTLS, and cleartext SMTP (#1831)
8d1e54bd refactor(login): rename forced -> refresh
df4846d3 refactor(login): support 2FA for non-browser SDKs
a6d134de refactor(session): CreateAndIssueCookie is now UpsertAndIssueCookie
3ec81a2c refactor(session): CreateSession is now UpsertSession
12f98f28 refactor(settings): change settings success response
421a3190 refactor: homogenize error messages
0be993be refactor: improved prometheus metrics (#1830)
92087e5f refactor: login flow forced renamed to refresh
01a26025 refactor: move expired error into top-level flow module
0ee67c38 refactor: move homebrew tap to ory/tap
b0a86dc6 refactor: move node identifiers to node package
8aa53187 refactor: revert decision to return 422 errors and streamline 401/403
3f067386 refactor: sdk API is no v0alpha2
d493d104 revert: 3745014
1af3530c style: format
03e76ea0 style: format
fe1d7dd8 style: format
b8dec6f1 style: format
3f222abf style: format
3252c10a style: format
763dd006 test(e2e) improve reliability
d9a25df1 test(e2e): add SPA tests for login and refactor tests to typescript
b0c67769 test(e2e): add SPA tests for logout and refactor tests to typescript
a61ed1ed test(e2e): add SPA tests for registration and refactor tests to typescript
159b25f7 test(e2e): add baseurl
0c91f0c8 test(e2e): add checkboxes to schemas
7d879856 test(e2e): add config for proxy to simplify cy.visit logic
a60d157b test(e2e): add mfa profile
48cd8aeb test(e2e): add modd to build
21b35b02 test(e2e): add more helpers and ts defs
755ac60c test(e2e): add more helpers for various flows and proxy settings
30423c92 test(e2e): add more routes to registry
60bd63f3 test(e2e): add more typings for cypress helpers
8fafc40d test(e2e): add plugin for using got
b5668df7 test(e2e): add proxy capabilities for react native app
b6014eee test(e2e): add recovery tests for SPA
2625d168 test(e2e): add spa as allowed redirect url
c82d68db test(e2e): add support functions and type definitions
4806add1 test(e2e): clean up helper
21961290 test(e2e): complete SPA tests for all mfa flows
72f2c5fb test(e2e): default and empty values and required fields
287269c9 test(e2e): ensure advanced types work in forms also
a9ff5457 test(e2e): ensure correct app
acf5c3d6 test(e2e): finalize mobile tests
a49eda8e test(e2e): force port
7798e193 test(e2e): homogenize profiles
841da091 test(e2e): hot reload ory kratos on changes
3dea57ff test(e2e): implement recovery tests for SPA
fb55f347 test(e2e): implement required verification tests for SPA
43df22bd test(e2e): improve stability for login tests
a1c59a34 test(e2e): improve stability for registration tests
061a7e34 test(e2e): improve test reliability
54d8cd65 test(e2e): migrate email tests to new proxy set up
566336d9 test(e2e): migrate settings tests to typescript and add SPA tests
c21fa268 test(e2e): move config to lower level and publish as package
eddeb851 test(e2e): move registration tests to new proxy set up
db423469 test(e2e): port mobile test to typescript
5853d1a6 test(e2e): port remaining e2e tests to typescript
e237d66a test(e2e): potentially resolve flaky login test
eae6f5d1 test(e2e): potentially resolve webauthn startup issues
2e869cff test(e2e): prototype typescript implementation
1a560a37 test(e2e): recreate identities per flow
cae86e7f test(e2e): reduce flaky tests
bfea354f test(e2e): reduce test flakes in lookup codes
76092194 test(e2e): refactor and add support for SPA app
af10b03e test(e2e): remove wait condition
c7cf134f test(e2e): resolve broken test
de7cc59f test(e2e): resolve flaky test
16277456 test(e2e): resolve flaky test issues
2a2a3cb0 test(e2e): resolve next not starting
d62f0c02 test(e2e): resolve regression
af9aedc8 test(e2e): resolve regressions
aaff34ed test(e2e): resolve regressions
293d9208 test(e2e): revert proxy changes
a5dca283 test(e2e): stabilize e2e tests
8ffac9d1 test(e2e): temporarily add totp to default profile
a3204cf9 test(e2e): update e2e profiles to new proxy set up
6f4b5340 test(e2e): use 127.0.0.1 to prevent ipv6 issues
9c67c492 test(e2e): wait for oidc to trigger
68d6a876 test(lookup): add secret_disable to snapshots
8a210c41 test(lookup): ensure context is cleaned up after use
89736ed9 test(lookup): refresh and reuse scenarios
71a5649a test(migration): resolve mysql migration issue with empty array
ea2894ed test(sql): fix incorrect UUID
19058830 test(totp): ensure context is cleaned up after use
7a8055be test(webauthn): ensure context is cleaned up after use
2ca153f0 test: AcceptToRedirectOrJSON
f7390184 test: ErrStrategyAsksToReturnToUI behavior
ff9ff048 test: ID methods of node attributes
5986e38e test: aal in login.NewFlow
7431e9fc test: add TOTP to profile
152bfc72 test: add TestEnsureInternalContext
58b388c7 test: add credentials test
3bdb8abb test: add expired test to login handler
5eb090b2 test: add identity change test to settings submit
20617f62 test: add initial spa e2e test
c9d456bf test: add initial totp integration tests
a71cadde test: add login tests
3c96ab05 test: add migrations tests for new tables
1214eeee test: add react app to e2e tests
c4f05ba6 test: add schema test for totp config
eedb60be test: add session amr test
69595652 test: add settings tests
14731c4e test: add test for TOTPIssuer
3977a9c4 test: add test for ui error page
817e3ecb test: add totp registry tests
c5a0d0f8 test: add totp settings tests
47bd057d test: add update session test
a40d7fe4 test: additional checks for flow hydration
b0b2d817 test: amr persistence
a23d8518 test: check if internal context is validated in store
03b37e76 test: checkAAL
6e503cff test: complete TOTP login integration tests
81c3064d test: enable cookie debug
5cbab54f test: ensure aal and amr is set on recovery
cbbcdd2e test: ensure aal2 can not be used for oidc
d9d39f0b test: ensure aal2 can not be used for password
80408b4c test: ensure authenticated_at after all upgrade
9eafc101 test: ensure redirect_url in password strategy
97e59e61 test: finalize webauthn tests
246c5802 test: fix regressions in the tests
b704d083 test: fix tests in cmd/serve (#1755)
4d54fbb3 test: login form submission with AAL
0cce70f4 test: move to cupaloy for snapshots
c31915de test: properly refresh mobile session
25c88b55 test: registry regression
f60050e0 test: remove todo items
147c6704 test: resolve flaky config test
db98d010 test: resolve flaky config test (#1832)
0e700d89 test: resolve flaky example tests (#1817)
2bd91003 test: resolve flaky tests
e9a1ed18 test: resolve migratest regressions
64850ed3 test: resolve regressions
1a93b2fb test: resolve regressions
1502ca1e test: resolve regressions
f02804c5 test: resolve remaining regressions
0224c22e test: resolve remaining regressions
1fa2aa5b test: resolve remaining regressions
53b8b2a2 test: resolve time locality issues
50d3f66f test: restructure session struct tests
6fea3e5a test: session AAL handling
c86fa03d test: session activate
458f559e test: temporarily enable lookup globally
c8a1dfca test: upgrade cypress to 8.x
e489a439 test: use different return handler
b095b990 test: various aal combinations for newflow
4c82772a test: webauth settings flow
60ace8b3 test: webauthn aal2 login
c3e1184e test: webauthn credentials
f7701f62 test: webauthn credentials counter

Docker images

• docker pull oryd/kratos:v0-sqlite
  
• docker pull oryd/kratos:v0.8-sqlite
  
• docker pull oryd/kratos:v0.8.0-sqlite
  
• docker pull oryd/kratos:v0.8.0-alpha.1.pre.3-sqlite
  
• docker pull oryd/kratos:latest-sqlite
  
• docker pull oryd/kratos:v0
  
• docker pull oryd/kratos:v0.8
  
• docker pull oryd/kratos:v0.8.0
  
• docker pull oryd/kratos:v0.8.0-alpha.1.pre.3