OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
Ory Hydra has a new place for documentation at github.com/ory/docs and www.ory.sh/docs/hydra! Additionally, the CI/CD infrastructure was moved to GitHub actions.
Artifacts can be verified with cosign using this public key.
autogen: pin v1.11.4 release commit
Artifacts can be verified with cosign using this public key.
autogen: pin v1.11.3 release commit
Artifacts can be verified with cosign using this public key.
autogen: pin v1.11.2 release commit
Artifacts can be verified with cosign using this public key.
Happy new year! We are excited to announce to you the next iteration of Ory Hydra: Version 1.11.0!
This version has significant new features contributed by the awesome Open Source Community - you! But not only that:
Ory Hydra 2.0 is coming!
While a major version, we intend to keep all APIs with as few breaking changes as possible. The efforts focus on some long-standing issues in the persistence layer. In particular, data growth rate and performance improvements are the focus areas! If you are interested to see what is going on, check out PR #2796
And Ory Hydra 2.0 will be available as an API in Ory Cloud! If you are interested in Ory Cloud, apply to Ory Acceleration Program and receive a one-year free subscription for Ory Cloud's Start-Up plan. The Start-Up plan comes with convenient features such as custom domains and unlimited identities/tokens!
More on timelines and Ory Hydra 2.0 plans will follow later this year.
If these changes are not exciting enough already, Ory Hydra now supports loading Private and Public Keys from Hardware Security Modules, a physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, strong authentication, and other cryptographic functions. Thank you @aarmam for this amazing work! For more information, please read the guide.
Next up, Ory Hydra now natively supports the OpenID Connect Dynamic Client Registration and OAuth2 Dynamic Client Registration Protocol which can be enabled (optionally) in the configuration! Thank you @fjvierap for your hard work!
We do not stop there, @Xopek and @jagobagascon added the Support for JSON Web Token (JWT) Profile for OAuth 2.0 Authorization Grants (RFC7523) to Ory Hydra! This major improvement allows Ory Hydra to have an even better integration API than before!
For our Apple users and everyone eyeballing ARM64, we now distributed binaries and Docker Images for all platforms and CPU architectures, including Apple M1, Linux ARM (v6, v7, v8, ARM64), and - this is new - FreeBSD!
Lastly, we resolved a bug in the configuration loading which now allows loading complex configuration keys from environment variables without hassle!
Please notice that this release requires SQL migrations to be applied! As always, please make a backup before applying them!
To celebrate this change, we cleaned up the ways you install Ory software. There is now one central brew / bash curl repository:
-brew install ory/hydra/hydra
+brew install ory/tap/hydra
-bash <(curl https://raw.githubusercontent.com/ory/kratos/master/install.sh)
+bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) hydra
Endpoint PUT /clients now returns a 404 error when the OAuth2 Client to be updated does not exist. It returned 401 previously. This change requires you to run SQL migrations!
Co-authored-by: fjviera [email protected]
Please notice that this change requires SQL migrations to be applied! As always, please make a backup before applying them!
Co-authored-by: aeneasr [email protected] Co-authored-by: Jagoba Gascón [email protected] Co-authored-by: Gajewski Dmitriy [email protected]
Contributors is upper case (5bad542)
FreeBSD build issue, env loading, add OTEL tracing (5158faa), closes #2597 #2912:
This fix addresses an issue where configuration values in arrays could not be loaded from environment variables, which is now possible. For more information on how Ory Hydra parses configuration, head over to the documentation!
Additionally, this PR resolves a build issue on FreeBSD - making it now possible to compile Ory Hydra with the FreeBSD target.
Lastly, this change adds OpenTelemetry support!
Missing imports (42fec62)
Patch should not reset client secret (#2872) (895de01), closes #2869
Remove codecov report for internal testhelpers (52a77a3), closes #2871
Remove contributors file (565aa2d)
Update v1.10 installation instructions for linux (#2799) (45afd0d):
The documentation for how to install hydra on linux is still using the old version tags
Use pop/v6 (b284353)
docs: Opentelemetry tracing (74da7b6)
Hardware Security Module support (#2625) (7578aa9):
This change introduces support for Hardware Security Modules, a physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, strong authentication, and other cryptographic functions.
If enabled, the Hardware Security Module is used to look up any keys. If no key is found, the software module is used as a fallback for lookup. This allows you to use the HSM for privileged keys, and the software module to manage lifecycle keys (e.g. for Token Exchange).
For more information, please read the guide.
Thank you to aarmam for this great contribution!
Native ARM64 support in Docker and Binaries (abffb09):
This release adds important security updates for the base Docker Images (e.g. Alpine). Additionally, Ory Hydra now has full ARM support have been resolved and the binaries are now downloadable for all major platforms.
OpenID Connect Dynamic Client Registration and OAuth2 Dynamic Client Registration Protocol (#2909) (6a18f62), closes #2568 #2549:
This feature adds first-class support for two IETF RFCs and one OpenID Spec:
To enable this feature, which is disabled by default, set
oidc:
dynamic_client_registration:
enabled: true
in your Ory Hydra configuration. Once enabled, endpoints POST, GET, PUT, and DELETE for /connect/register will be available at the public port!
Support for urn:ietf:params:oauth:grant-type:jwt-bearer grant type RFC 7523 (#2384) (858f2cf), closes #2229:
This change adds support for JSON Web Token (JWT) Profile for OAuth 2.0 Authorization Grants (RFC7523). Users of Ory Hydra will be able to grant permission for OAuth 2.0 Client to act on behalf of some Resource Owner using JWT Bearer Assertions.
For more information about this feature, please head over to the documentation: https://www.ory.sh/hydra/docs/next/guides/oauth2-grant-type-jwt-bearer
Artifacts can be verified with cosign using this public key.
Ory Hydra v1.10.7 ships an exciting new feature that enables the updating of access and ID tokens during a refresh flow via an HTTP webhook. To set it up, use the oauth2.refresh_token_hook configuration to set up an HTTP(S) endpoint which receives a POST request when a refresh token is about to be issued!
And even more exciting, we would like to invite you to our first developer conference which is happening tomorrow and the day after (October 28th and 29th, 2021). The event is digital and tickets are free. After short keynotes from Ory's founders Aeneas (hackerman) and Thomas (tacurran), you will learn from fellow community members and contributors about building robust authorization and authentication, best practices for modern cloud infrastructure and many other developer topics! Grab your free tickets now!
Additionally, improvements to tracing, documentation, ID token claims have been merged. Also, Ory Hydra now no longer takes 3 seconds for the CLI to become responsive as we have found a transient dependency that caused slow initialization times:
$ time hydra
hydra 1.87s user 1.90s system 620% cpu 0.607 total
$ time ./hydra-v1.10.7
./hydra-patch 0.03s user 0.01s system 8% cpu 0.450 total
$ time ./hydra-v1.10.7
./hydra-patch 0.02s user 0.01s system 104% cpu 0.032 total
Please note that the location of our Homebrew tap has changed for Ory Hydra from ory/ory/hydra to ory/tap/hydra:
- brew install ory/ory/hydra
+ brew install ory/tap/hydra
All homebrew taps will move to this location, including Ory Kratos, Ory Oathkeeper, Ory Keto, and the Ory CLI!
Please note that the location of our Homebrew tap has changed for Ory Hydra from ory/ory/hydra to ory/tap/hydra:
- brew install ory/ory/hydra
+ brew install ory/tap/hydra
Documentation correction mentioned in the issue (#2732) (#2773) (ea7a20c)
Ignore dockertest in sdk generator (f9506db)
List oauth2 clients query parameter 'name' -> 'client_name' (#2747) (283c351):
This commit renders the docs to be in parity with an earlier change [1]
Reference(s): [1] https://github.com/ory/hydra/pull/2706
Replace fatal error of jaeger initialization with print (#2777) (433ce74), closes #2642
Resolve panic caused by new prometheus library (ff0a43e)
Resolve prometheus panic (f38511f)
Slow hydra start up time (ce1b378):
Found a deeply nested dependency which was importing https://github.com/markbates/pkger, causing unreasonable CPU consumption and significant delay at start up time. With this patch, start up time was reduced from almost 2 seconds to 0.03s seconds for cold starts and ~0.02s for hot starts.
$ time hydra
hydra 1.87s user 1.90s system 620% cpu 0.607 total
$ time ./hydra-patch
./hydra-patch 0.03s user 0.01s system 8% cpu 0.450 total
$ time ./hydra-patch
./hydra-patch 0.02s user 0.01s system 104% cpu 0.032 total
Sqlite regression (5881c13)
Update client filter to client_name (#2706) (dee4fa2), closes #2691
Upgrade regression (da58453)
Add method to detect public keys without prefixing (#2758) (b12e70c), closes #2459
Include amr claim in ID token (#2770) (f701310), closes #1756
Making use of the updated instrumentedsql version (#2713) (0a9df15)
Refresh token hook to update claims (#2649) (1a7dcd1), closes #2570:
This patch adds a new feature to Ory Hydra which allows the updating of access and ID tokens during the refresh flow. To set it up, use the oauth2.refresh_token_hook configuration to set up a HTTP(S) endpoint which receives a POST request when a refresh token is about to be issued.
Support updating keys in CLI (#2460) (e874f4f), closes #2436
8832324c autogen(docs): generate and format documentation
92bcbb1e autogen(docs): generate and format documentation
336afa03 autogen(docs): generate and format documentation
1248553c autogen(docs): generate and format documentation
b7d968fb autogen(docs): generate and format documentation
606f9c8e autogen(docs): generate and format documentation
3371217b autogen(docs): generate and format documentation
c8f89961 autogen(docs): generate and format documentation
3baa4b79 autogen(docs): generate and format documentation
8e10504b autogen(docs): generate and format documentation
934c9bef autogen(docs): generate and format documentation
536c9cd2 autogen(docs): generate and format documentation
7122bae5 autogen(docs): generate and format documentation
8901b09c autogen(docs): generate cli docs
ec3e5d82 autogen(docs): regenerate and update changelog
de46daba autogen(docs): regenerate and update changelog
a22619e4 autogen(docs): regenerate and update changelog
37104682 autogen(docs): update milestone document
fce9286d autogen(docs): update milestone document
beb72e4b autogen(docs): update milestone document
b48929bd autogen(docs): update milestone document
a2a9d4aa autogen(docs): update milestone document
5d62b44b autogen(docs): update milestone document
8373bbad autogen(docs): update milestone document
0fc6718c autogen(openapi): Regenerate swagger spec and internal client
f991a179 autogen(openapi): Regenerate swagger spec and internal client
088e9757 autogen(openapi): Regenerate swagger spec and internal client
68055469 autogen(openapi): Regenerate swagger spec and internal client
7c7dc400 autogen(openapi): Regenerate swagger spec and internal client
10ce0046 autogen(openapi): Regenerate swagger spec and internal client
738e0b43 autogen(openapi): Regenerate swagger spec and internal client (#2813)
0c8afaf7 autogen: add v1.10.6 to version.schema.json
0a425352 autogen: pin v1.10.7 release commit
5ad9ac29 autogen: pin v1.10.7-pre.0 release commit
1bf546f9 chore: fix version schema & bump Ory CLI (#2759)
80846d7f chore: replace dgrijalva/jwt-go with the maintained golang-jwt/jwt (#2742)
ab50e02d chore: update docusaurus template
4aecb618 chore: update docusaurus template (#2771)
ac6c4e53 chore: update docusaurus template (#2800)
709ef44c chore: update ory/x to v0.0.278 (#2707)
7b1b6c8b chore: update repository templates
48a19df6 chore: update repository templates
918656a0 chore: update repository templates (#2690)
72a5dc36 chore: update repository templates (#2704)
7cb75f9a chore: update repository templates (#2754)
20041539 chore: update repository templates (#2756)
e5a1f21a chore: update repository templates (#2762)
0b8cafba chore: update repository templates (#2804)
b0577dc1 chore: update repository templates to 8191b78131173cce8788143f6ad95119d9b813c5
6211e5e9 ci: bump goreleaser (#2716)
8b52f8b0 ci: bump orbs (#2715)
a483c333 ci: nancy should check only used deps
d772748b docs: clarify endpoint (#2757)
856ccc0c docs: faq item (#2678)
aec73bb1 docs: k8s installation section (#2724)
3f16045d docs: remove outdated information in doc configuration section (#2723)
0274fcc3 docs: typos (#2798)
a2bacc88 docs: typos in docs (#2808)
f6a4dc6d docs: update installation section helm command (#2725)
048156db docs: update k8s examples section part of the page (#2719)
1d6eeba5 docs: update k8s examples section part of the page (#2720)
a2cdc086 docs: update oauth2 debug swction (#2717)
2ea49dac feat: add EdDSA support (#2782)
b12e70c9 feat: add method to detect public keys without prefixing (#2758)
f701310a feat: include amr claim in ID token (#2770)
e5295c6b feat: introduce cve scanning (#2772)
0a9df157 feat: making use of the updated instrumentedsql version (#2713)
1a7dcd1c feat: refresh token hook to update claims (#2649)
e874f4f3 feat: support updating keys in CLI (#2460)
8d0e5e65 fix: add content-type header to hook request (#2775)
c84427d3 fix: broken note (#2769)
ea7a20c0 fix: documentation correction mentioned in the issue (#2732) (#2773)
f9506dbc fix: ignore dockertest in sdk generator
283c3514 fix: list oauth2 clients query parameter 'name' -> 'client_name' (#2747)
433ce746 fix: replace fatal error of jaeger initialization with print (#2777)
ff0a43ec fix: resolve panic caused by new prometheus library
f38511fe fix: resolve prometheus panic
ce1b3780 fix: slow hydra start up time
5881c136 fix: sqlite regression
dee4fa27 fix: update client filter to client_name (#2706)
da58453d fix: upgrade regression
1eeeeae0 refactor: change location of homebrew tap
docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.10-sqlite
docker pull oryd/hydra:v1.10.7-sqlite
docker pull oryd/hydra:v1.10.7-sqlite
docker pull oryd/hydra:latest-sqlite
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.10
docker pull oryd/hydra:v1.10.7
docker pull oryd/hydra:v1.10.7
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.10-alpine
docker pull oryd/hydra:v1.10.7-alpine
docker pull oryd/hydra:v1.10.7-alpine
docker pull oryd/hydra:latest-alpine
2f01882f autogen(docs): generate and format documentation ba9501c8 autogen(docs): generate and format documentation 88890482 autogen(docs): generate and format documentation 3d08e960 autogen(docs): regenerate and update changelog 699c022e autogen(docs): update milestone document 10944a79 autogen: add v1.10.5 to version.schema.json f1771f13 autogen: pin v1.10.6 release commit 57b41e93 chore: update x/sys to support go 1.17 (#2687) 87f4a58c docs: section for debugging jwks based client errors (#2680) 184a3c45 fix: documentation SYSTEM_SECRET -> SECRETS_SYSTEM (#2686) df08c7fc fix: typo in errors.go (#2699)
docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.10-sqlite
docker pull oryd/hydra:v1.10.6-sqlite
docker pull oryd/hydra:v1.10.6-sqlite
docker pull oryd/hydra:latest-sqlite
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.10
docker pull oryd/hydra:v1.10.6
docker pull oryd/hydra:v1.10.6
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.10-alpine
docker pull oryd/hydra:v1.10.6-alpine
docker pull oryd/hydra:v1.10.6-alpine
docker pull oryd/hydra:latest-alpine
This patch introduces a faster and better janitor (database clean up routine), the ability to filter OAuth2 Clients by owner and name, and resolves a regression when parsing config environment variables.
73744313 autogen(docs): generate and format documentation 447451ff autogen(docs): generate and format documentation 6f5c01a7 autogen(docs): generate cli docs 3a48df6d autogen(docs): update milestone document a8675dd9 autogen(docs): update milestone document b8085018 autogen(docs): update milestone document cbf1c976 autogen(openapi): Regenerate swagger spec and internal client 4a66d0c5 autogen: add v1.10.3 to version.schema.json 16381f44 autogen: add v1.10.5-pre.1 to version.schema.json a5d30aa0 autogen: pin v1.10.4 release commit 0456f54d autogen: pin v1.10.5 release commit 94cda7ac autogen: pin v1.10.5-pre.0 release commit ba5547a9 autogen: pin v1.10.5-pre.1 release commit 4f74591b chore: adjust CODEOWNERS (#2659) 23bd2f79 chore: update docusaurus template 8d368178 chore: update docusaurus template (#2647) 575dc3fd chore: update docusaurus template (#2655) a4e94615 chore: update docusaurus template (#2658) 5a811305 chore: update repository templates a30f9d09 chore: update repository templates (#2656) 7ec39198 chore: update x library (#2674) 4083684b docs: add long flag --grant-types in 5min tutorial (#2650) ea6fdfd6 feat: add owner/name filter to list clients (#2637) 6ea0bf8f feat: improve delete queries for janitor command (#2540) 564d18b3 fix: docs generator 81ab0af7 style: format
docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.10-sqlite
docker pull oryd/hydra:v1.10.5-sqlite
docker pull oryd/hydra:v1.10.5-sqlite
docker pull oryd/hydra:latest-sqlite
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.10
docker pull oryd/hydra:v1.10.5
docker pull oryd/hydra:v1.10.5
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.10-alpine
docker pull oryd/hydra:v1.10.5-alpine
docker pull oryd/hydra:v1.10.5-alpine
docker pull oryd/hydra:latest-alpine
Ory Hydra v0.10.3 brings several bug fixes and configuration features, in particular:
hydra keys import command;client_id in the logout request;go-jose for JSON Web Keys and JSON Web Tokens;/.well-known/;For a full list of changes, please check below!
Add RFC 8414 pkce info to OpenID Connect Discovery (#2547) (9693168), closes #2311
Add the missing keys import command (#2521) (c4bc248), closes #2520
Build issues (5de255b)
oauth2: Enforce assertion check on userinfo aud field (#2524) (c463d9f):
This is so the check on the ok variable is effectual. Prior to this patch the type assertion on the *client.Client was setting the value of ok. Due to the fact the type assertion on *client.Client is already checked and on a false value it exits the func, this value will always be true.
Resolve sdk build issues (68976f8)
Resolve sdk build issues (1807e89)
Use prebuilt ory cli and bump ory/x (#2605) (0f95e01), closes #2596
https://github.com/ory/hydra/issues/2454ler (#2454) (f701b28)
Clearer wording in SPA notice for HTML forms (#2565) (64a332a):
See https://ory-community.slack.com/archives/C012RBW0F18/p1621977892051700
Fix erroneous sidebar commit (94ded27)
Link to correct doc in help command (#2631) (3e5760f), closes #2366
Move api docs to top level (243a617)
New redoc api docs (9fb505f)
Rename sidebar api (f14d2e7)
77d10004 autogen(docs): generate and format documentation
dbdc00cf autogen(docs): generate and format documentation
379f34a5 autogen(docs): generate and format documentation
a27b0575 autogen(docs): generate and format documentation
eddfa2d6 autogen(docs): generate and format documentation
754bb413 autogen(docs): generate and format documentation
64022e88 autogen(docs): generate and format documentation
cc1d698f autogen(docs): generate and format documentation
15581747 autogen(docs): generate and format documentation
2839bc8f autogen(docs): generate cli docs
fdfe7eb5 autogen(docs): generate cli docs
fe63f3fd autogen(docs): regenerate and update changelog
371a9aee autogen(docs): regenerate and update changelog
b98676e1 autogen(docs): update milestone document
6b29f75e autogen(docs): update milestone document
03247394 autogen(docs): update milestone document
8debee76 autogen(openapi): Regenerate swagger spec and internal client
9702d386 autogen(openapi): Regenerate swagger spec and internal client
70cd4a22 autogen(openapi): Regenerate swagger spec and internal client
b597c88e autogen(openapi): Regenerate swagger spec and internal client
02f766c5 autogen(openapi): Regenerate swagger spec and internal client
bdbb775b autogen(openapi): Regenerate swagger spec and internal client
be8de37c autogen(openapi): Regenerate swagger spec and internal client
737685ec autogen(openapi): Regenerate swagger spec and internal client
c07adb6f autogen(openapi): Regenerate swagger spec and internal client
0e9778a1 autogen: add v1.10.2 to version.schema.json
46b438ed autogen: add v1.10.3-pre.1 to version.schema.json
ea931581 autogen: pin v1.10.3 release commit
30b77e69 autogen: pin v1.10.3-pre.1 release commit
2579fe09 autogen: pin v1.10.3-pre.1 release commit
38ba27b4 chore(deps): bump color-string in /test/e2e/oauth2-client (#2592)
f85f5bec chore: bump ory/x and cleanup go.mod Closes #2609 by pulling in upstream fix https://github.com/ory/x/pull/373
e739e63a chore: coc shield
5730436f chore: docs sidebar uniform (#2591)
089fdc1b chore: format
19482e8c chore: update docusaurus template
110f7488 chore: update docusaurus template
52a1a252 chore: update docusaurus template
b48e54d7 chore: update docusaurus template
ef59ab27 chore: update docusaurus template (#2569)
9d5fc15a chore: update docusaurus template (#2590)
a303e9ec chore: update docusaurus template (#2595)
0d9a250e chore: update docusaurus template (#2611)
fc41dbe1 chore: update docusaurus template (#2613)
cb981ecf chore: update docusaurus template (#2615)
e06b8a51 chore: update docusaurus template (#2616)
510456d8 chore: update docusaurus template (#2617)
9cfec9d1 chore: update docusaurus template (#2619)
2ca6de61 chore: update docusaurus template (#2620)
60a14a34 chore: update repository templates
2fca5a4b chore: update repository templates
a347d7b1 chore: update repository templates
8a2b9aaa chore: update repository templates
64f0018c chore: update repository templates
3f88ca3e chore: update repository templates (#2550)
3f059264 chore: update repository templates (#2554)
5ae6fe60 chore: update repository templates (#2601)
06c34823 chore: update repository templates (#2630)
4f8d0bce ci: add codecov reporting
e6ee5b9d ci: explicit go mod cache keys (#2566)
64a332a9 docs: clearer wording in SPA notice for HTML forms (#2565)
94ded27c docs: fix erroneous sidebar commit
00e15aa0 docs: fix typo ('ROCP' to 'ROPC') (#2633)
3e5760f5 docs: link to correct doc in help command (#2631)
243a6173 docs: move api docs to top level
9fb505f2 docs: new redoc api docs
f14d2e71 docs: rename sidebar api
57969942 docs: replace oryd in examples with ory (#2600)
63402dee feat: add custom claims to top-level JWT payload (#2545)
f74fe90d feat: add instana as possible tracing provider (#2548)
81e0784b feat: add max_conn_idle_time flag (#2551)
cd3014cd feat: import keys with a default key id (#2563)
43b391d9 feat: pass client in logout request (#2483)
c463d9f8 fix(oauth2): enforce assertion check on userinfo aud field (#2524)
60e70426 fix: README exemplary apps (#2579)
f701b28e fix: WWW-Authenticate header in userinfo handler (#2454)
96931685 fix: add RFC 8414 pkce info to OpenID Connect Discovery (#2547)
c4bc248b fix: add the missing keys import command (#2521)
8c703945 fix: audience should include client ID (#2455)
5de255b0 fix: build issues
d3ee8598 fix: correct CodeFromRemote syntax (#2626)
bc878224 fix: intro docs (#2602)
db73b441 fix: no more windows workaround (#2632)
f588ec69 fix: prometheus URL label (#2503)
58deacf5 fix: resolve config parsing regression
1807e893 fix: resolve sdk build issues
68976f8f fix: resolve sdk build issues
53a50ddf fix: resolve swagger generation issues (#2610)
0f95e017 fix: use prebuilt ory cli and bump ory/x (#2605)
5553a6f2 fix: wrong description (#2589)
5bdc4bc1 refactor: integrate with fosite v0.40 (go-jose migration) (#2526)
docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.10-sqlite
docker pull oryd/hydra:v1.10.3-sqlite
docker pull oryd/hydra:v1.10.3-sqlite
docker pull oryd/hydra:latest-sqlite
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.10
docker pull oryd/hydra:v1.10.3
docker pull oryd/hydra:v1.10.3
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.10-alpine
docker pull oryd/hydra:v1.10.3-alpine
docker pull oryd/hydra:v1.10.3-alpine
docker pull oryd/hydra:latest-alpine
This maintenance release resolves regressions introduced in Ory Hydra v1.10.1. A big change is that Ory Hydra now supports PATCH operations for OAuth2 Clients and is able to handle TLS for admin and public endpoints individually. The breaking changes included in this release address two bugs which are marked as a BREAKING CHANGE. We believe however that these changes do not affect running systems and given the major improvements introduced by the fixes, we decided to mark this as a patch release.
CookieStore MaxAge value (#2485) (#2488) (aafc901):
CookieStore MaxAge is set to 86400 * 30 by default. This prevents secure cookies retrieval with expiration > 30 days. MaxAge: 0 disables MaxAge check by SecureCookie, thus allowing sessions lasting > 30 days.
Handled requests respond with 410 Gone and include redirect URL (#2473) (e3d9158), closes #1569
Login and consent redirect behavior change since 1.9.x (#2457) (2f3a1af), closes #2363:
Allow #fragment in configured url to keep backwards compatibility.
Make token user command work with public clients (#2479) (a033d6a)
Resolve clidoc issues (f6e5958)
Resolve specignore issues (1431167)
Valid JSON response for already handled requests (#2517) (ac61616), closes #2515
Add the MaxTagValueLength config for jaeger of tracing (#2482) (03c96ee), closes #2447
Enable "nbf" (not before) claim to be optional for Access Token (#2437) (666cd25), closes #1542
Implement partial client updates (PATCH) with JSON Patch syntax (#2411) (540c89d):
Implements a new endpoint
PATCH /clients/{id}which uses JSON Patch syntax to update an OAuth2 client partially. This removes the need to doPUT /clients/{id}with the full OAuth2 Client in the payload.
Split TLS config into admin and public interfaces (#2476) (60704d4), closes #1231 #1962:
Adds the possibility to specify TLS certificates for admin and public endpoints individually. Also improves compatibility for internal networks (e.g. Kubernetes) by removing the need for having TLS termination on admin endpoints. This can be enabled by setting
serve.admin.tls.enabledto false.
Co-authored-by: hackerman [email protected]
5c611f0c autogen(docs): generate and format documentation 09dc7743 autogen(docs): generate and format documentation 4d58f1fa autogen(docs): generate and format documentation a02ffe9b autogen(docs): generate and format documentation d8682a99 autogen(docs): generate and format documentation 24f91ab7 autogen(docs): generate and format documentation 2666562a autogen(docs): generate and format documentation 3151706d autogen(docs): generate and format documentation 1c0e8117 autogen(docs): generate and format documentation 7ba4b470 autogen(docs): generate and format documentation 79f3b900 autogen(docs): generate and format documentation 0c7a2add autogen(docs): generate and format documentation af6beb81 autogen(docs): generate and format documentation c9b99be2 autogen(docs): generate and format documentation b6c34e0e autogen(docs): generate and format documentation c1cc9476 autogen(docs): generate and format documentation e0ccaf3c autogen(docs): generate and format documentation 40b09cdf autogen(docs): generate cli docs bfa14a53 autogen(docs): regenerate and update changelog 3dbcf87b autogen(docs): update milestone document db4eb720 autogen(docs): update milestone document 5d0d69e0 autogen(docs): update milestone document 598de159 autogen(docs): update milestone document 00a57bd0 autogen(docs): update milestone document d33a4904 autogen(openapi): Regenerate swagger spec and internal client 3e37546a autogen(openapi): Regenerate swagger spec and internal client fcc0dd20 autogen(openapi): Regenerate swagger spec and internal client 17cfc781 autogen(openapi): Regenerate swagger spec and internal client 4e6aebe8 autogen: add v1.10.1 to version.schema.json 1da2f24c autogen: pin v1.10.2 release commit e8c3a06e autogen: pin v1.10.2 release commit 3bb0bb9a chore: bump base alpine images (#2439) b8bac7f8 chore: bump ory/x 638562c7 chore: bump ory/x and gogo/protobuf (#2434) 73c99317 chore: fix links (#2481) bd90f3e8 chore: fix sdk links (#2433) 380fc94d chore: format and cleanup ddb34c1f chore: update docusaurus template d99f2136 chore: update docusaurus template 6b01fa9d chore: update docusaurus template cf2fe0c9 chore: update docusaurus template eaa3f870 chore: update docusaurus template c3d705d4 chore: update docusaurus template (#2493) 69a87a55 chore: update docusaurus template (#2494) a76bf401 chore: update repository templates (#2443) 9a484fc0 chore: update vulnerable jwt-go 3d48259a ci: run conformity on PRs 014c773d docs: add dotnet sdk (#2431) 47cf3c76 docs: add php link sdk page & fix links (#2469) aa2919dc docs: change forum to discussions readme (#2451) 8ac186c2 docs: fix uppercase id 5466d4e3 docs: guide for merging system.secrets (#2448) 03c96ee2 feat: add the MaxTagValueLength config for jaeger of tracing (#2482) 666cd258 feat: enable "nbf" (not before) claim to be optional for Access Token (#2437) 7f7362b4 feat: global docs sidebar and added cloud pages (#2495) 540c89d6 feat: implement partial client updates (PATCH) with JSON Patch syntax (#2411) 60704d49 feat: split TLS config into admin and public interfaces (#2476) aafc901e fix: CookieStore MaxAge value (#2485) (#2488) ff90c47f fix: do not use error_hint anymore (#2450) e3d9158a fix: handled requests respond with 410 Gone and include redirect URL (#2473) 5fdd9130 fix: link in documentation (#2478) 2f3a1afb fix: login and consent redirect behavior change since 1.9.x (#2457) a033d6a7 fix: make token user command work with public clients (#2479) f6e59589 fix: resolve clidoc issues 14311673 fix: resolve specignore issues eefefd51 fix: use PublicURL where given (#2441) ac616163 fix: valid JSON response for already handled requests (#2517) 77812158 fix: version schema (#2427) 44fd4e42 refactor: move unix socket support helpers into ory/x (#2486)
docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.10-sqlite
docker pull oryd/hydra:v1.10.2-sqlite
docker pull oryd/hydra:v1.10.2-sqlite
docker pull oryd/hydra:latest-sqlite
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.10
docker pull oryd/hydra:v1.10.2
docker pull oryd/hydra:v1.10.2
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.10-alpine
docker pull oryd/hydra:v1.10.2-alpine
docker pull oryd/hydra:v1.10.2-alpine
docker pull oryd/hydra:latest-alpine