Hydra Versions Save

This release resolves bugs and SDK publishing issues.

Bug Fixes

• Add v2 suffix (#3340) (c54b9db)

• Correct migration file name (01f80a8)

• Incorrect consent removal on authentication revokation (ccf2388):

  This patch resolves a regression where, in a certain condition, an accepted consent could be incorrectly deleted when the related authentication session was removed.

• Incorrect jwk import order (#3344) (729102f), closes #3343

• Isolate transactions for crdb (f22046f)

• Scope type should be string instead of int (#3337) (f59f1c6):

  Closes https://github.com/ory/sdk/pull/223

Code Generation

• Pin v2.0.2 release commit (ce96826)

Documentation

• Add refresh token grant type (c752125)
• Fix typo (dcfd11f)
• Standardize license headers (#3216) (d768cf6)
• Update README link (6184b6a)

Features

• Enable simultaneous auth flows by creating client related csrf co… (#3059) (16bd568), closes #3019

Tests

• Fix flaky test (c417be1)
• Resolve time race (643e88c)

Changelog

• 94aadf83 autogen(docs): generate and bump docs
• 0eeea900 autogen(docs): regenerate and update changelog
• 8d92030a autogen(docs): regenerate and update changelog
• 48603bac autogen(docs): regenerate and update changelog
• bedaf486 autogen(docs): regenerate and update changelog
• 3749a736 autogen(docs): regenerate and update changelog
• cec489fe autogen(docs): regenerate and update changelog
• d37b3234 autogen(docs): regenerate and update changelog
• cdfcf451 autogen(docs): regenerate and update changelog
• 70e6fe9c autogen(docs): regenerate and update changelog
• 4fd6baaf autogen(docs): regenerate and update changelog
• fd020496 autogen(openapi): regenerate swagger spec and internal client
• 74d4569a autogen(openapi): regenerate swagger spec and internal client
• 164f4b5f autogen: add v2.0.1 to version.schema.json
• ce968261 autogen: pin v2.0.2 release commit
• 80a1335b chore: license checker (#3328)
• f8a7ced6 chore: remove obsolete header (#3334)
• 90152fab chore: update Ory CLI with breaking changes to the format task (#3338)
• 0b322806 chore: update repository templates to https://github.com/ory/meta/commit/852a1aece5fefac0a03f928672538c5d8c536ad8
• cda9fd42 chore: update repository templates to https://github.com/ory/meta/commit/a2fba7e968572391ac4a55ce362dca0c4800c97d
• 54184337 chore: update repository templates to https://github.com/ory/meta/commit/b41b1ee5ed62f47bac563014929c64bff0c14163
• 736aaefb chore: update repository templates to https://github.com/ory/meta/commit/d3f8710e356fb833d4bd71b4ba19d062df2ea89e
• c7521253 docs: add refresh token grant type
• dcfd11f0 docs: fix typo
• d768cf65 docs: standardize license headers (#3216)
• 6184b6a0 docs: update README link
• 16bd568f feat: enable simultaneous auth flows by creating client related csrf co… (#3059)
• c54b9dbf fix: add v2 suffix (#3340)
• 01f80a85 fix: correct migration file name
• ccf23886 fix: incorrect consent removal on authentication revokation
• 729102ff fix: incorrect jwk import order (#3344)
• f22046fc fix: isolate transactions for crdb
• f59f1c68 fix: scope type should be string instead of int (#3337)
• c417be1e test: fix flaky test
• 643e88c3 test: resolve time race

Artifacts can be verified with cosign using this public key.

Resolves an issues with post-release steps and adds the introspect command to the Ory Hydra CLI.

Bug Fixes

• Add missing introspect command (c43aba3)
• Bump quickstart images to 2.0.0 (8c763ad)
• Post-release steps with yq (b6300e3)

Code Generation

• Pin v2.0.1 release commit (403223c)

Documentation

• Update README (#3323) (c48e481)

Changelog

• 8297cfc5 autogen(docs): regenerate and update changelog
• 403223cc autogen: pin v2.0.1 release commit
• c48e4811 docs: update README (#3323)
• c43aba3e fix: add missing introspect command
• 8c763ad8 fix: bump quickstart images to 2.0.0
• b6300e34 fix: post-release steps with yq

Artifacts can be verified with cosign using this public key.

autogen: pin v2.0.0-alpha.0.pre.1 release commit

Breaking Changes

SDK naming has changed for the following operations:

ory.
-   V0alpha2Api.AdminDeleteOAuth2Token(context.Background()).
+   OAuth2Api.DeleteOAuth2Token(context.Background()).
    ClientId("foobar").Execute()

ory.
-   V0alpha2Api.RevokeOAuth2Token(
+   OAuth2Api.RevokeOAuth2Token(
        context.WithValue(context.Background(), sdk.ContextBasicAuth, sdk.BasicAuth{
            UserName: clientID,
            Password: clientSecret,
        })).Token(token).Execute()

ory.
-   V0alpha2Api.AdminIntrospectOAuth2Token(context.Background()).
+   OAuth2Api.IntrospectOAuth2Token(context.Background()).
    Token(token).
    Scope("foo bar")).Execute()

SDK naming has changed for the following operations:

ory.
-   V0alpha2Api.DiscoverJsonWebKeys(context.Background()).
+   WellknownApi.DiscoverJsonWebKeys(context.Background()).
    Execute()

ory.
-   V0alpha2Api.AdminGetJsonWebKeySet(context.Background(), setID).
+	JwkApi.GetJsonWebKeySet(context.Background(), setID).
    Execute()

ory.
-   V0alpha2Api.AdminGetJsonWebKey(context.Background(), setID, keyID).
+   JwkApi.GetJsonWebKey(context.Background(), setID, keyID).
    Execute()

ory.
-   V0alpha2Api.AdminCreateJsonWebKeySet(context.Background(), setID).
-   AdminCreateJsonWebKeySetBody(hydra.AdminCreateJsonWebKeySetBody{
-       Alg: "RS256",
-       Use: "sig",
+   JwkApi.CreateJsonWebKeySet(context.Background(), setID).
+   CreateJsonWebKeySet(hydra.CreateJsonWebKeySet{
+       Alg: "RS256",
+       Use: "sig",
    }).Execute()

ory.
-   V0alpha2Api.AdminUpdateJsonWebKey(context.Background(), setID, keyID).
+   JwkApi.SetJsonWebKey(context.Background(), setID, keyID).
    JsonWebKey(jsonWebKey).Execute()
ory.
-   V0alpha2Api.AdminUpdateJsonWebKeySet(context.Background(), setID).
+   JwkApi.SetJsonWebKeySet(context.Background(), setID).
    JsonWebKeySet(jsonWebKeySet).Execute()

ory.
-   V0alpha2Api.AdminDeleteJsonWebKey(context.Background(), setID, keyID).
    JwkApi.DeleteJsonWebKey(context.Background(), setID, keyID).
    Execute()
ory.
-   V0alpha2Api.AdminDeleteJsonWebKeySet(context.Background(), setID).
    JwkApi.DeleteJsonWebKeySet(context.Background(), setID).
    Execute()

SDK naming has changed for the following operations:

ory.
-   V0alpha2Api.DiscoverJsonWebKeys(context.Background()).
+   WellknownApi.DiscoverJsonWebKeys(context.Background()).
    Execute()

ory.
-   V0alpha2Api.AdminGetJsonWebKeySet(context.Background(), setID).
+	JwkApi.GetJsonWebKeySet(context.Background(), setID).
    Execute()

ory.
-   V0alpha2Api.AdminGetJsonWebKey(context.Background(), setID, keyID).
+   JwkApi.GetJsonWebKey(context.Background(), setID, keyID).
    Execute()

ory.
-   V0alpha2Api.AdminCreateJsonWebKeySet(context.Background(), setID).
-   AdminCreateJsonWebKeySetBody(hydra.AdminCreateJsonWebKeySetBody{
-       Alg: "RS256",
-       Use: "sig",
+   JwkApi.CreateJsonWebKeySet(context.Background(), setID).
+   CreateJsonWebKeySet(hydra.CreateJsonWebKeySet{
+       Alg: "RS256",
+       Use: "sig",
    }).Execute()

ory.
-   V0alpha2Api.AdminUpdateJsonWebKey(context.Background(), setID, keyID).
+   JwkApi.SetJsonWebKey(context.Background(), setID, keyID).
    JsonWebKey(jsonWebKey).Execute()
ory.
-   V0alpha2Api.AdminUpdateJsonWebKeySet(context.Background(), setID).
+   JwkApi.SetJsonWebKeySet(context.Background(), setID).
    JsonWebKeySet(jsonWebKeySet).Execute()

ory.
-   V0alpha2Api.AdminDeleteJsonWebKey(context.Background(), setID, keyID).
    JwkApi.DeleteJsonWebKey(context.Background(), setID, keyID).
    Execute()
ory.
-   V0alpha2Api.AdminDeleteJsonWebKeySet(context.Background(), setID).
    JwkApi.DeleteJsonWebKeySet(context.Background(), setID).
    Execute()

SDK naming has changed for the following operations:

ory.
-   V0alpha2Api.AdminRevokeOAuth2ConsentSessions(cmd.Context()).
+   OAuth2Api.RevokeOAuth2ConsentSessions(context.Background()).
    Client(clientId).Execute()

ory.
-   V0alpha2Api.AdminListOAuth2SubjectConsentSessions(cmd.Context(), id).
+   OAuth2Api.RevokeOAuth2ConsentSessions(context.Background()).
    Client(clientId).Execute()

ory.
-   V0alpha2Api.AdminListOAuth2SubjectConsentSessions(context.Background()).
+   OAuth2Api.ListOAuth2ConsentSessions(context.Background()).
    Subject(subjectId).Execute()

ory.
-   V0alpha2Api.AdminRevokeOAuth2LoginSessions(context.Background()).
+   OAuth2Api.RevokeOAuth2LoginSessions(context.Background()).
    Subject(subjectId).Execute()

ory.
-   V0alpha2Api.AdminGetOAuth2LoginRequest(context.Background()).
+   OAuth2Api.GetOAuth2LoginRequest(context.Background()).
    LoginChallenge(challenge).Execute()

ory.
-   V0alpha2Api.AdminAcceptOAuth2LoginRequest(context.Background()).
+   OAuth2Api.AcceptOAuth2LoginRequest(context.Background()).
    AcceptOAuth2LoginRequest(body).
    LoginChallenge(challenge).Execute()

ory.
-   V0alpha2Api.AdminRejectOAuth2LoginRequest(context.Background()).
+   OAuth2Api.RejectOAuth2LoginRequest(context.Background()).
    RejectOAuth2Request(body).
    LoginChallenge(challenge).Execute()

ory.
-   V0alpha2Api.AdminGetOAuth2ConsentRequest(context.Background()).
+   OAuth2Api.GetOAuth2ConsentRequest(context.Background()).
    ConsentChallenge(challenge).Execute()

ory.
-   V0alpha2Api.AdminAcceptOAuth2ConsentRequest(context.Background()).
+   OAuth2Api.AcceptOAuth2ConsentRequest(context.Background()).
    AcceptOAuth2ConsentRequest(body).
    ConsentChallenge(challenge).Execute()

ory.
-   V0alpha2Api.AdminRejectOAuth2ConsentRequest(context.Background()).
+   OAuth2Api.RejectOAuth2ConsentRequest(context.Background()).
    RejectOAuth2Request().
    ConsentChallenge(challenge).Execute()

ory.
-   V0alpha2Api.AdminAcceptOAuth2LogoutRequest(context.Background()).
+   OAuth2Api.AcceptOAuth2LogoutRequest(context.Background()).
    LogoutChallenge(challenge).
    Execute()

ory.
-   V0alpha2Api.AdminRejectOAuth2LogoutRequest(context.Background()).
+   OAuth2Api.RejectOAuth2LogoutRequest(context.Background()).
    LogoutChallenge(challenge).
    Execute()

ory.
    V0alpha2Api.AdminGetOAuth2LogoutRequest(context.Background()).
+   OAuth2Api.GetOAuth2LogoutRequest(context.Background()).
    LogoutChallenge(challenge).
    Execute()

- var AlreadyHandledError HandledOAuth2LoginRequest
+ var AlreadyHandledError ErrorOAuth2LoginRequestAlreadyHandled

- var AlreadyHandledError HandledOAuth2LoginRequest
+ var AlreadyHandledError ErrorOAuth2ConsentRequestAlreadyHandled

- var OAuth2SuccessResponse SuccessfulOAuth2RequestResponse
+ var OAuth2SuccessResponse OAuth2RedirectTo

Error models in the generated SDK have been renamed:

- oAuth2ApiError
+ errorOAuth2

The SDK API for the following has changed:

// Go example
ory.
-   V0alpha2Api.AdminUpdateOAuth2Client(cmd.Context(), id)
+   Oauth2Api.SetOAuth2Client(cmd.Context(), id).
    OAuth2Client(client).Execute()

ory.
-   V0alpha2Api.AdminGetOAuth2Client(cmd.Context(), id).
+   Oauth2Api.GetOAuth2Client(cmd.Context(), id).
    Execute()

ory.
-   V0alpha2Api.AdminDeleteOAuth2Client(cmd.Context(), id).
+   Oauth2Api.DeleteOAuth2Client(cmd.Context(), id).
    Execute()

ory.
-   V0alpha2Api.AdminCreateOAuth2Client(cmd.Context()).
+   Oauth2Api.CreateOAuth2Client(cmd.Context()).
    OAuth2Client(client).Execute()

ory.
-   V0alpha2Api.DynamicClientRegistrationGetOAuth2Client(cmd.Context(), id).
+   OidcApi.GetOidcDynamicClient(cmd.Context(), id).
    Execute()

ory.
-   V0alpha2Api.DynamicClientRegistrationGetOAuth2Client(cmd.Context()).
+   OidcApi.CreateOidcDynamicClient(cmd.Context()).
    OAuth2Client(client).Execute()

ory.
-   V0alpha2Api.DynamicClientRegistrationDeleteOAuth2Client(cmd.Context()).
+   OidcApi.DeleteOidcDynamicClient(cmd.Context()).
    OAuth2Client(client).Execute()

ory.
-   V0alpha2Api.DynamicClientRegistrationUpdateOAuth2Client(cmd.Context(), id).
+   OidcApi.SetOidcDynamicClient(cmd.Context(), id).
    Execute()

Bug Fixes

• Optimise sql update to avoid redundant writes (#3289) (1aa6cc4), closes #3137:

  The SQL update here would potentially update a lot of rows, which did not need updating. In some DB engines, this would not be an issue, because the redundant writes are ignored. But on PostgreSQL engines, it is another story; here it would actually carry out the writes, leading to a potentially high number of redundant iops when the engine is vaccuming outdated records. With this change, the SQL update will only affect the rows which is not in the desired state already.

• Revert latest docker image changes (#3286) (f2daa7d):

  Closes https://github.com/ory/hydra/issues/3285

Code Generation

• Pin v2.0.0-alpha.0.pre.1 release commit (71226bc)

Code Refactoring

• Make commands easier to consume (cc9d9e5)
• sdk: Consent SDK (e800002)
• sdk: JSON Web Key SDK API (06d565e)
• sdk: OAuth 2.0 Trust Relationship SDK (b0a2b05)
• sdk: OAuth2 SDK API (142b55f)
• sdk: Rename errors (6b60156)
• sdk: Rename oauth2 client operations and payloads (cb742ad)

Documentation

• Clarify command usage strings (34cde51)

Features

• Add db.ignore_unknown_table_columns configuration property (#3192) (#3193) (5842946):

  The property allows to ignore scan errors when columns in the SQL result have no fields in the destination struct.

• Add SQLite dependency to SQLite Dockerfile (#3282) (841a153)

• Add tag descriptions (c111a4c)

• Hot-reload TLS certificate (#3265) (1d13be6)

• Improve cloud cli compatibility (93a626d)

• Make perform commands ory cloud-able (954693f)

Tests

• conformity: Sdk regression (15f3cfc)
• Fix assertions on nil pointers (8710590)
• Fix failing master pipeline (#3283) (f979adb)
• Update snapshot (1c9a0d2)

Changelog

• f9e71cfe autogen(openapi): regenerate swagger spec and internal client
• 8b12c914 autogen(openapi): regenerate swagger spec and internal client
• f148145a autogen(openapi): regenerate swagger spec and internal client
• 71226bc9 autogen: pin v2.0.0-alpha.0.pre.1 release commit
• 3ba28f2b chore: backport migration fix to migration source (#3267)
• f4676194 chore: bump go to 1.19
• 922b43aa chore: fix formatting (#3269)
• 15cdb885 chore: format using Make (#3257)
• 0b643a36 chore: remove double tabs from Makefile (#3273)
• 925013e3 chore: remove unused OpenAPI specifications and update snapshots
• 216352e3 chore: update repository templates
• a9c8da01 chore: update repository templates to https://github.com/ory/meta/commit/19eed817e5d5b64509887ef5f1e3eff3e3ce03a1
• 8b8e73d5 chore: update repository templates to https://github.com/ory/meta/commit/23d918a32533554c30d720dc44e821de3cda18f8
• a73301c1 chore: update repository templates to https://github.com/ory/meta/commit/4ef13422e91f15b9f70014a0d67b92498ab728d1
• be24b804 chore: update repository templates to https://github.com/ory/meta/commit/935cc0443464fd76fbf41dff1081b368080c9353
• 34cde517 docs: clarify command usage strings
• 841a1535 feat: add SQLite dependency to SQLite Dockerfile (#3282)
• 5842946d feat: add db.ignore_unknown_table_columns configuration property (#3192) (#3193)
• c111a4ce feat: add tag descriptions
• 1d13be6d feat: hot-reload TLS certificate (#3265)
• 93a626d1 feat: improve cloud cli compatibility
• 954693fe feat: make perform commands ory cloud-able
• 1aa6cc43 fix: optimise sql update to avoid redundant writes (#3289)
• f2daa7d6 fix: revert latest docker image changes (#3286)
• 06d565eb refactor(sdk): JSON Web Key SDK API
• b0a2b053 refactor(sdk): OAuth 2.0 Trust Relationship SDK
• 142b55f2 refactor(sdk): OAuth2 SDK API
• e800002d refactor(sdk): consent SDK
• 6b601564 refactor(sdk): rename errors
• cb742ad0 refactor(sdk): rename oauth2 client operations and payloads
• cc9d9e5b refactor: make commands easier to consume
• 15f3cfcb test(conformity): sdk regression
• 87105903 test: fix assertions on nil pointers
• f979adb4 test: fix failing master pipeline (#3283)
• 1c9a0d2d test: update snapshot

Artifacts can be verified with cosign using this public key.

This release resolves a critical regression introduced in Ory Hydra v1.11.9. Upgrade to this version and skip Ory Hydra v1.11.9 if you have an existing system. The bug can break existing refresh tokens from working.

It includes no other significant changes.

Bug Fixes

• Improve refresh webhook getter (d40b1da)
• Omit null lifespans (#3212) (2d080a0)
• Regression in session store (5c4321d)
• Remove special char from snapshot symbols (7128ad2)
• Revert config changes (4da64de)
• Session unmarshalling (3bb943a)

Code Generation

• Pin v1.11.10 release commit (1a6c220)

Changelog

• 75bdfc04 autogen(docs): generate and bump docs
• 40c8c2de autogen(docs): regenerate and update changelog
• e7faec91 autogen(docs): regenerate and update changelog
• 958895b8 autogen(docs): regenerate and update changelog
• 4b5cc903 autogen(docs): regenerate and update changelog
• e1bb9361 autogen(docs): regenerate and update changelog
• 1a6c2207 autogen: pin v1.11.10 release commit
• b3abc58d chore: update repository templates
• 3c0a6ec4 chore: update repository templates
• 2cee9e1a chore: update version schema to be compatible with current ory/cli (#3211)
• 5205a36b ci: pin go to 1.18
• 1d94bfda ci: workaround for linter issue
• d40b1daf fix: improve refresh webhook getter
• 2d080a01 fix: omit null lifespans (#3212)
• 5c4321d8 fix: regression in session store
• 7128ad2a fix: remove special char from snapshot symbols
• 4da64de7 fix: revert config changes
• 3bb943a9 fix: session unmarshalling

Artifacts can be verified with cosign using this public key.

☠️ WARNING ☠️

This version contains a regression which can cause the refresh flow to fail for existing consent sessions. Please do not upgrade to this version. For new systems, you can still use this version.

---

This release introduces two new features:

• The ability to specify token lifespans on a per-client basis using a new HTTP endpoint;
• The additional context in the refresh token hook.

Bug Fixes

• Backport fix for client specific CORS (#1754) (#3163) (996258d)

• docs: Correct the tracing service name environment variable (6e2343c):

  While I believe this used to be specific to OTEL, it now appears to be configurable "globally", according to spec/config.json.

• Fixed configuration editor for the documentation page (#3105) (0a77a06):

  Closes https://github.com/ory/docs/issues/722

• Handle server error when refresh token requests come same time (#3207) (e66ba3c)

• Link OIDC Certification image (#3124) (17b517f)

• Ping logic for SQL Registry (#3095) (a383b5a), closes #2734

• Swagger for dynamic client registration (#3141) (9902ec7)

• Updated process ending instructions (#3176) (b72491e):

  cmd + c doesn't end the process on macOS but ctrl + c does.

Code Generation

• Pin v1.11.9 release commit (8814e79)

Documentation

• Fix missing image (7925597)

Features

• Add session and requester to refresh token webhook data (#3204) (6d23859), closes #3203

• Add token_endpoint_auth_signing_alg to cli (#3148) (ed6eb30)

• Custom client token ttl (#3206) (9544c03), closes #3157:

  This change introduces a new endpoint that allows you to control how long client tokens last. Now you can configure the lifespan for each valid combination of Client, GrantType, and TokenType.

Changelog

• b0d672d1 autogen(docs): generate and bump docs
• 44b2c441 autogen(docs): regenerate and update changelog
• b62b21b4 autogen(docs): regenerate and update changelog
• b5af690a autogen(docs): regenerate and update changelog
• e586fd72 autogen(docs): regenerate and update changelog
• 3f962767 autogen(docs): regenerate and update changelog
• 9bc59be9 autogen(docs): regenerate and update changelog
• d0533c49 autogen(docs): regenerate and update changelog
• dd63a187 autogen(docs): regenerate and update changelog
• f0cb5390 autogen(openapi): regenerate swagger spec and internal client
• dbf1056c autogen(openapi): regenerate swagger spec and internal client
• 5c8350e4 autogen(openapi): regenerate swagger spec and internal client
• 8814e797 autogen: pin v1.11.9 release commit
• 5127bb77 autogen: pin v1.11.9-pre.0 release commit
• 540d9329 chore: delete semantic.yml
• ceada196 chore: deprecate coupon
• 1faa00b6 chore: display GitHub Action badge
• 87b20be6 chore: replace x/json.go with ory/x's jsonx patch (#3183)
• c9be891f chore: update repository templates
• fa87290a chore: update repository templates
• 88992d3a chore: update repository templates
• 6b954c22 chore: update repository templates
• 5a753234 chore: update repository templates
• 3fa88fcb chore: update repository templates
• f2f13470 chore: update repository templates
• 2a4ad740 chore: update repository templates
• fbde5001 chore: update repository templates
• 79255970 docs: fix missing image
• 6d238590 feat: add session and requester to refresh token webhook data (#3204)
• ed6eb301 feat: add token_endpoint_auth_signing_alg to cli (#3148)
• 9544c03a feat: custom client token ttl (#3206)
• 6e2343c6 fix(docs): correct the tracing service name environment variable
• 996258d5 fix: backport fix for client specific CORS (#1754) (#3163)
• 0a77a069 fix: fixed configuration editor for the documentation page (#3105)
• e66ba3c6 fix: handle server error when refresh token requests come same time (#3207)
• 17b517f3 fix: link OIDC Certification image (#3124)
• a383b5a6 fix: ping logic for SQL Registry (#3095)
• 9902ec73 fix: swagger for dynamic client registration (#3141)
• b72491ec fix: updated process ending instructions (#3176)

Artifacts can be verified with cosign using this public key.

This release resolves issues in the log module, improves the SDK type definitions, and introduces new configuration options to HSM.

Bug Fixes

• Add limit and offset to pagination (#3062) (51f6c5d), closes #3033

• Add missing flags to config schema (00100a1), closes #653

• Configure audit logger (#3022) (3115dde)

• Do not use cached version (422d422)

• Generated consent model (#3076) (270dbe0)

• Proper response types for 404 errors (#3072) (e711273), closes #3064

• Remove extraneous call to driver.init() (#3093) (1590542)

• Remove unnecessary transaction (#3029) (d4b2696)

• sdk: Correct polymorph type for consent session (#3074) (646459a), closes #3058

• sdk: Incorrect title (#3014) (d654911):

  Closes https://github.com/ory/sdk/issues/153

• Sync ports between Dockerfiles and comments (#3027) (ebd1694)

• Typo README (#3078) (7d378f1)

• Use default for env var (2b024b4)

Code Generation

• Pin v1.11.8 release commit (337ab3e)

Documentation

• Update pricing (c46f780)
• Update README (#3032) (980c2d8)

Features

• Add hsm key set prefix to support multiple hydra instances on the same hsm partition (#3066) (90523fd):

  This pull request adds configuration option hsm.key_set_prefix to support multiple Ory Hydra instances to store keys on the same HSM partition. For example if hsm.key_set_prefix=app1. then key set hydra.openid.id-token would be generated/requested/deleted on HSM with CKA_LABEL=app1.hydra.openid.id-token

  This will not affect Hydra API in any way. GET /keys/hydra.openid.id-token will return key set from HSM with label app1.hydra.openid.id-token.

• Add support for trust grants that can issue tokens for any subject (#3012) (a3c4304), closes #2930:

  Previously, a trust relationship had to be setup for every subject before the issuer could sign a JWT token for it. This change will allow setting up token services that can issue tokens with any value in the subject field.

• Async backchannel logout (#2849) (22e1ebb)

• Backchannel request logging (#3067) (6dda48d)

• Make sensitive log value redaction text configurable (#3040) (536352c)

Tests

• Ensure generator checks are executed (#3061) (d38f6e6)

Changelog

• e06dd6ae autogen(docs): generate and bump docs
• b548c5ad autogen(docs): regenerate and update changelog
• 77394397 autogen(docs): regenerate and update changelog
• 152bdddd autogen(docs): regenerate and update changelog
• b00d2b9b autogen(docs): regenerate and update changelog
• f2bef45b autogen(docs): regenerate and update changelog
• 1f0e79ca autogen(docs): regenerate and update changelog
• fff64918 autogen(docs): regenerate and update changelog
• 8adbfb00 autogen(docs): regenerate and update changelog
• 48449f63 autogen(docs): regenerate and update changelog
• 924be24b autogen(docs): regenerate and update changelog
• f9338e4f autogen(docs): regenerate and update changelog
• a2afc759 autogen(docs): regenerate and update changelog
• 7d899635 autogen(docs): regenerate and update changelog
• e3236dd9 autogen(docs): regenerate and update changelog
• 05286df2 autogen(docs): regenerate and update changelog
• 835cb787 autogen(docs): regenerate and update changelog
• 1e4e3280 autogen(docs): regenerate and update changelog
• 1056795b autogen(docs): regenerate and update changelog
• 7602b4cc autogen(openapi): regenerate swagger spec and internal client
• b17b4743 autogen(openapi): regenerate swagger spec and internal client
• 22176486 autogen(openapi): regenerate swagger spec and internal client
• 23bc3e93 autogen(openapi): regenerate swagger spec and internal client
• 83c918a4 autogen: add v1.11.7 to version.schema.json
• 337ab3ec autogen: pin v1.11.8 release commit
• f06505f4 chore(deps): bump async from 2.6.2 to 2.6.4 in /test/e2e/oauth2-client (#3073)
• 57693f69 chore(deps): bump async from 3.2.0 to 3.2.3 (#3069)
• ff10e176 chore(deps): bump minimist from 1.2.5 to 1.2.6 (#3045)
• 57686719 chore(deps): bump minimist in /test/e2e/oauth2-client (#3047)
• 9eabc7dd chore(deps): update alpine version (#3036)
• 222a01ba chore: bump ory/fosite to v0.42.2 (#3077)
• 184d3222 chore: improve Dockerfiles (#3052)
• f3206734 chore: update repository templates
• 849af9f2 chore: update repository templates
• 980c2d84 docs: update README (#3032)
• c46f780f docs: update pricing
• 90523fd0 feat: add hsm key set prefix to support multiple hydra instances on the same hsm partition (#3066)
• a3c4304b feat: add support for trust grants that can issue tokens for any subject (#3012)
• 22e1ebb5 feat: async backchannel logout (#2849)
• 6dda48dc feat: backchannel request logging (#3067)
• 536352c1 feat: make sensitive log value redaction text configurable (#3040)
• 646459a5 fix(sdk): correct polymorph type for consent session (#3074)
• d654911c fix(sdk): incorrect title (#3014)
• 51f6c5d1 fix: add limit and offset to pagination (#3062)
• 00100a1b fix: add missing flags to config schema
• 3115dde2 fix: configure audit logger (#3022)
• 422d4227 fix: do not use cached version
• 270dbe08 fix: generated consent model (#3076)
• e711273e fix: proper response types for 404 errors (#3072)
• 1590542c fix: remove extraneous call to driver.init() (#3093)
• d4b2696b fix: remove unnecessary transaction (#3029)
• ebd16940 fix: sync ports between Dockerfiles and comments (#3027)
• 7d378f18 fix: typo README (#3078)
• 2b024b4f fix: use default for env var
• d38f6e62 test: ensure generator checks are executed (#3061)

Artifacts can be verified with cosign using this public key.

Ory Hydra has a new place for documentation at github.com/ory/docs and www.ory.sh/docs/hydra! Additionally, the CI/CD infrastructure was moved to GitHub actions.

Code Generation

• Pin v1.11.7 release commit (510615b)

Changelog

• 510615bc autogen: pin v1.11.7 release commit

Artifacts can be verified with cosign using this public key.

Ory Hydra has a new place for documentation at github.com/ory/docs and www.ory.sh/docs/hydra! Additionally, the CI/CD infrastructure was moved to GitHub actions.

Code Generation

• Pin v1.11.6 release commit (49d0d75)

Changelog

• 49d0d754 autogen: pin v1.11.6 release commit

Artifacts can be verified with cosign using this public key.