ory/kratos v1.2.0-pre.0 on GitHub

autogen: pin v1.2.0-pre.0 release commit

Breaking Changes

This feature enables two-step registration per default. Two-step registration is a significantly improved sign up flow and recommended when using more than one sign up methods. To disable two-step registration, set selfservice.flows.registration.enable_legacy_flow to true. This value defaults to false.

Bug Fixes

Add login succeeded event to post registration hook (#3739) (b685fa5)
Add missing env vars to set up guide (#3855) (da90502):
Closes #3828
Add missing indexes and remove unused index (6d7372e)
Add missing indexes and remove unused index (#3756) (c905f02)
Add sms mfa via parameter to spec (#3766) (b291c95)
Allow updating just the verified_at timestamp of addresses (#3880) (696cc1b)
Always issue session last (#3876) (e942507):
In post persist hooks, the session issuance hook always needs
to come last. This fixes the getHooks function to ensure this.
Audit issues (#3797) (7017490)
Change return urls in quickstarts (#3928) (9730e09)
Close res body (#3870) (cc39f8d)
CVEs in dependencies (#3902) (e5d3b0a)
Db index and duplicate credentials error (#3896) (9f34a21):
- fix: don't return password cred type if empty
- fix: better index for config.user_handle on identity_credentials
Do not require method to be passkey in settings schema (#3862) (660f330)
Don't require connection_uri in SMTP (#3861) (800f8f1)
Don't treat passkeys as AAL2 (#3853) (8eee972)
Drop index if exists (#3846) (ad0619d)
Drop trigram index on identifiers (#3827) (8f8fd90)
Enum type of session expandables (#3891) (63d785e)
Enum type of session expandables (#3895) (c435727)
Execute verification & verification_ui properly in login flows (#3847) (5aad1c1)
Ignore decrypt errors in WithDeclassifiedCredentials (#3731) (8f5192f)
Improve SDK discriminators (#3844) (c08b3ad)
Include all creds in duplicate credential err (#3881) (e06c241)
Linkedin issuer override (#3875) (11d221a)
Make sure emails can still be sent with SMS enabled (#3795) (7c68c5a)
Missing indices and foreign keys (#3800) (0b32ce1)
oidc: Grace period for continuity container on oidc callbacks (#3915) (1a9a096)
Passing transient payloads (#3838) (d01b670)
Prevent SMTP URL leak on unparsable URL (#3770) (c5f39f4)
Respect return_to in OIDC API flow error case (#3893) (e8f1bcb):
- fix: respect return_to in OIDC API flow error case
This fix ensures that we redirect the user to the return_to URL
when an error occurs during the OIDC login for native flows.
Native flows are initialized through the API, and the browser
URL is retrieved from a 422 response after a POST to submit the
login flow. Successful OIDC flows already returned the code to
the return_to URL. Now, unsuccessful flows return the flow with
the current flow ID (which might have changed), so that the caller
can retrieve the full flow and act accordingly.
- fix: ignore trivvy CVE report
Bump in distroless is still open
sdk: Expand identity in session extension (#3843) (04f0231), closes #3842
sdk: Improve discriminators for node and Go (#3821) (9ddf7cc)
Show error page on identity mismatch (#3790) (e6db689)
Test assertions on declassifying OIDC tokens (#3773) (7f8a7f1)
Tolerate more "truthy" values when creating new flows (#3841) (49d93c0), closes #3839:
Use strconv.ParseBool to accept multiple "truthy" values for the
refresh and return_session_token_exchange_code query parameters when
creating a new login flow.
For some SDKs (e.g.: Python), these stringification of booleans is not
user-controlled and these endpoints could not be used fully due to the
backend ignoring any value other than true (all lowercase).
Tweaks to UpsertSessions (#3878) (da51dcd)
Use correct post-verification identity state in post-hooks (#3863) (6e63d06)
Webhook transient payload in OIDC login flows (#3857) (2cdfc70):
- fix: transient payload with OIDC login

Code Generation

Pin v1.2.0-pre.0 release commit (2baecae)

Documentation

Remove delete reference from batch patch identity (#3906) (cd01cb9)

Features

Add include_credential query param to /admin/identities list call (#3343) (d94530a)
Add headers to web hooks (#3849) (4642de0)
Add session to post login webhook (#3877) (386078e)
Add transient payloads to all flows (#3738) (b8b747b)
Add twitter SSO (#3778) (930fb19)
Add verification hook to login flow (#3829) (43e4ead)
Allow admin to create API code recovery flows (#3939) (25d1ecd)
Control edge cache ttl (#3808) (c9dcce5)
Linkedin v2 provider (#3804) (a6ad983):
- feat: add linkedin-v2 provider
- docs: document linkedin special-case
PassKeys with Resident Keys and two-step registration (#3748) (3621411)
Send OIDC claim keys to tracing (#3798) (04390be)
Use authenticate endpoint for x (#3833) (3d9ba5d):
Improves the "Log in with X" experience by not asking the user to re-authenticate every time.

Tests

Deflake session test (#3864) (6b275f3)
Resolve failing test for empty tokens (#3775) (7277368)
Resolve flaky e2e tests (#3935) (a14927d):
- test: resolve flaky code registration tests
- chore: don't fail logout if cookie is not found
- chore: remove .only
- chore: reduce wait
- chore: u
- chore: u
- chore: u

Unclassified

Remove unnecessary COPY command from Dockerfile (#3771) (087748c), closes #3771

Changelog

087748c Remove unnecessary COPY command from Dockerfile (#3771)
d755fbb autogen(docs): generate and bump docs
9fa25b5 autogen(docs): regenerate and update changelog
0f81b76 autogen(docs): regenerate and update changelog
cd92f2a autogen(docs): regenerate and update changelog
fa5a112 autogen(docs): regenerate and update changelog
bdf992e autogen(docs): regenerate and update changelog
b7fd23b autogen(docs): regenerate and update changelog
f696fcf autogen(docs): regenerate and update changelog
b96c6a5 autogen(docs): regenerate and update changelog
41310b3 autogen(docs): regenerate and update changelog
34399c2 autogen(docs): regenerate and update changelog
31f77b8 autogen(docs): regenerate and update changelog
ecbd1e3 autogen(docs): regenerate and update changelog
ddbea20 autogen(docs): regenerate and update changelog
a1bf427 autogen(docs): regenerate and update changelog
9c69ef2 autogen(docs): regenerate and update changelog
264395a autogen(docs): regenerate and update changelog
9710549 autogen(docs): regenerate and update changelog
f8fbb00 autogen(docs): regenerate and update changelog
dfc931f autogen(docs): regenerate and update changelog
0b6f91e autogen(openapi): regenerate swagger spec and internal client
644e669 autogen(openapi): regenerate swagger spec and internal client
dee5844 autogen(openapi): regenerate swagger spec and internal client
ec90929 autogen(openapi): regenerate swagger spec and internal client
60537a9 autogen(openapi): regenerate swagger spec and internal client
3c06689 autogen(openapi): regenerate swagger spec and internal client
fa806aa autogen(openapi): regenerate swagger spec and internal client
ab8e1b5 autogen(openapi): regenerate swagger spec and internal client
718cb7c autogen(openapi): regenerate swagger spec and internal client
473e17c autogen(openapi): regenerate swagger spec and internal client
ca7cd23 autogen(openapi): regenerate swagger spec and internal client
1459403 autogen(openapi): regenerate swagger spec and internal client
b7e5144 autogen(openapi): regenerate swagger spec and internal client
8ebdfd2 autogen(openapi): regenerate swagger spec and internal client
7f1fd81 autogen(openapi): regenerate swagger spec and internal client
d9dbaad autogen(openapi): regenerate swagger spec and internal client
037bdf8 autogen(openapi): regenerate swagger spec and internal client
b132c94 autogen(openapi): regenerate swagger spec and internal client
b47554b autogen(openapi): regenerate swagger spec and internal client
5dcbb77 autogen(openapi): regenerate swagger spec and internal client
da6b38a autogen(openapi): regenerate swagger spec and internal client
eb67bed autogen(openapi): regenerate swagger spec and internal client
6638c3e autogen: add v1.1.0 to version.schema.json
2baecae autogen: pin v1.2.0-pre.0 release commit
49e1a39 chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 (#3805)
0f3d082 chore(deps): bump github.com/lestrrat-go/jwx from 1.2.28 to 1.2.29 (#3812)
83792ef chore: allow smtp jim config (#3932)
3ecdf2b chore: fix function name in comment (#3869)
fbbac77 chore: improve courier logging (#3943)
5288bc7 chore: make identity schema provider a proper service (#3908)
63ce470 chore: remove e2e playwright env (#3794)
17f9a4f chore: render CLI doc messages into their own *.md file in docs (#3886)
de8e59c chore: update repository templates to ory/meta@e838bee
050a4dc chore: upgrade nyaruka/phonenumbers to v1.3.6 (#3940)
0713e2d chore: upgrade ory/x to v0.0.619 (#3845)
cd01cb9 docs: remove delete reference from batch patch identity (#3906)
3621411 feat: PassKeys with Resident Keys and two-step registration (#3748)
d94530a feat: add include_credential query param to /admin/identities list call (#3343)
4642de0 feat: add headers to web hooks (#3849)
386078e feat: add session to post login webhook (#3877)
b8b747b feat: add transient payloads to all flows (#3738)
930fb19 feat: add twitter SSO (#3778)
43e4ead feat: add verification hook to login flow (#3829)
25d1ecd feat: allow admin to create API code recovery flows (#3939)
c9dcce5 feat: control edge cache ttl (#3808)
a6ad983 feat: linkedin v2 provider (#3804)
04390be feat: send OIDC claim keys to tracing (#3798)
3d9ba5d feat: use authenticate endpoint for x (#3833)
1a9a096 fix(oidc): grace period for continuity container on oidc callbacks (#3915)
04f0231 fix(sdk): expand identity in session extension (#3843)
9ddf7cc fix(sdk): improve discriminators for node and Go (#3821)
e5d3b0a fix: CVEs in dependencies (#3902)
b685fa5 fix: add login succeeded event to post registration hook (#3739)
da90502 fix: add missing env vars to set up guide (#3855)
6d7372e fix: add missing indexes and remove unused index
c905f02 fix: add missing indexes and remove unused index (#3756)
b291c95 fix: add sms mfa via parameter to spec (#3766)
696cc1b fix: allow updating just the verified_at timestamp of addresses (#3880)
e942507 fix: always issue session last (#3876)
7017490 fix: audit issues (#3797)
9730e09 fix: change return urls in quickstarts (#3928)
cc39f8d fix: close res body (#3870)
9f34a21 fix: db index and duplicate credentials error (#3896)
660f330 fix: do not require method to be passkey in settings schema (#3862)
800f8f1 fix: don't require connection_uri in SMTP (#3861)
8eee972 fix: don't treat passkeys as AAL2 (#3853)
ad0619d fix: drop index if exists (#3846)
8f8fd90 fix: drop trigram index on identifiers (#3827)
63d785e fix: enum type of session expandables (#3891)
c435727 fix: enum type of session expandables (#3895)
5aad1c1 fix: execute verification & verification_ui properly in login flows (#3847)
8f5192f fix: ignore decrypt errors in WithDeclassifiedCredentials (#3731)
c08b3ad fix: improve SDK discriminators (#3844)
e06c241 fix: include all creds in duplicate credential err (#3881)
11d221a fix: linkedin issuer override (#3875)
7c68c5a fix: make sure emails can still be sent with SMS enabled (#3795)
0b32ce1 fix: missing indices and foreign keys (#3800)
d01b670 fix: passing transient payloads (#3838)
c5f39f4 fix: prevent SMTP URL leak on unparsable URL (#3770)
e8f1bcb fix: respect return_to in OIDC API flow error case (#3893)
e6db689 fix: show error page on identity mismatch (#3790)
7f8a7f1 fix: test assertions on declassifying OIDC tokens (#3773)
49d93c0 fix: tolerate more "truthy" values when creating new flows (#3841)
da51dcd fix: tweaks to UpsertSessions (#3878)
6e63d06 fix: use correct post-verification identity state in post-hooks (#3863)
2cdfc70 fix: webhook transient payload in OIDC login flows (#3857)
6b275f3 test: deflake session test (#3864)
7277368 test: resolve failing test for empty tokens (#3775)
a14927d test: resolve flaky e2e tests (#3935)

Artifacts can be verified with cosign using this public key.