OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
We are excited to announce Ory Hydra v1.10.0!
This release adds significant data management improvements. As such, we introduce the new "hydra janitor" command which cleans up stale data and can be run, for example, as a (Kubernetes) CronJob.
The new janitor command is able to clean up invalid and expired access and refresh tokens as well as login and consent requests. This solves issues observed in installations with lots of traffic.
This patch refactors the internal file embed system by migrating to Go 1.16, simplifying and speeding up the build process.
To follow OAuth2 best-practice, refresh tokens will now invalidate the whole access and refresh token chain if reused.
Add docs/node_modules make target (b302501)
Add network specific error message to avoid confusion (#2367) (56d71e6), closes #2338
Adds sqa section to config.schema.json (#2360) (89df8d7), closes #2358:
Move from viper to koanf caused env vars without corresponding paths in config.schema.json to be ignored. This commit adds missing sqa section, so the SQA_OPT_OUT env var has effect again.
Adopt new cli renderer pipeline (02483ce)
Better http resiliency and sqlite updates (883a84f)
Improve cache and update CI images to go 1.16 (#2388) (7803202)
Increase conformance test timeout (e9bd064)
Record cypress videos (c9d0a26)
Resolve clidoc issues (8257cb2)
Resolve docs build issues (6612099)
Resolve e2e test issues (4812f54)
Resolve migrator duplicate files (b1f63ff)
Resolve migrator regression issues (cdfc03d)
Revert mode default and maximum values (#2349) (b20fc48):
I made a mistake in previous pull request, these socket mode values are in decimal, not octal format. Sorry.
Update janitor help (b7965c6)
Use appropriate migrations with precedence (b61d05c)
Use gelf windows hotfix (0cac0f1)
Use go 1.16 in conformity suite (3fbda05)
Fix subject identifier algorithms to match configuration (#2400) (dd19b86):
On https://www.ory.sh/hydra/docs/reference/configuration/ under 'subject identifiers' the name for defining which subject identifier algorithms are supported it is called "supported_types", not "enabled" as in these pages.
Update config.schema.json default values (#2348) (8494822):
Updated wrong config schema values
Update examples to new helm install command format (#2369) (f006556):
Tried example with helm 3.5.2 and it does not support
--name
flag. So I moved name and repository to first line of commands.
Add --no-shutdown flag to "hydra token user" to prevent auto-termination (#2382) (#2386) (a17d10e)
Add front/backchannel logout params to client cli (#2387) (055f801), closes #1487
Flush inactive/expired login and consent requests (#2381) (f039ebb), closes #1574:
This patch resolves various table growth issues caused by expired/inactive login and consent flows never being purged from the database.
You may now use the new
hydra janitor
command to remove access & refresh tokens and login & consent requests which are no longer valid or used. The command follows thenotAfter
safe-guard approach to ensure records needed to be kept are not deleted.To learn more, please use
hydra help janitor
.This patch phases out the
/oauth2/flush
endpoint as the janitor is better suited for background tasks, is easier to run in a targeted fashion (e.g. as a singleton job), and does not cause HTTP timeouts.
Flush refresh tokens for service oauth2/flush (#2373) (b46a14c), closes /github.com/ory/hydra/issues/1574#issuecomment-736684327
Move to go 1.16 and static embed files (6fa591c)
Refresh token reuse detection (#2383) (bc349f1), closes #2022:
This patch adds support for Refresh Token reuse Detection introduced by https://github.com/ory/fosite/pull/567. Ory Hydra's persister no longer deletes refresh tokens when using them, but instead deactivates them - similar to how authorization codes work.
ce7ee75c autogen(docs): generate and format documentation 74bfe9ce autogen(docs): generate and format documentation ec93526e autogen(docs): generate and format documentation 4cc80123 autogen(docs): generate and format documentation 21c62857 autogen(docs): generate and format documentation 67d9b387 autogen(docs): generate and format documentation dc97559d autogen(docs): generate and format documentation a11527f1 autogen(docs): generate and format documentation e18e9669 autogen(docs): generate and format documentation 9ad9c1d3 autogen(docs): generate and format documentation d3697cd9 autogen(docs): generate cli docs 83f8ebd0 autogen(docs): generate cli docs 7731121d autogen(docs): generate cli docs d6c82091 autogen(docs): generate cli docs 8f939da6 autogen(docs): generate cli docs 5005c9a7 autogen(docs): regenerate and update changelog 48b75ab7 autogen(docs): regenerate and update changelog 97e3f80f autogen(docs): regenerate and update changelog 69e7bef3 autogen(docs): regenerate and update changelog 003a6820 autogen(docs): regenerate and update changelog c1e9b38a autogen(docs): regenerate and update changelog eb5c5305 autogen(docs): regenerate and update changelog 5210a0fd autogen(docs): regenerate and update changelog 4eafcfe1 autogen(docs): regenerate and update changelog c84fcdf4 autogen(docs): update milestone document d4d243ff autogen(docs): update milestone document 1cce525e autogen(docs): update milestone document ac95a335 autogen(openapi): Regenerate swagger spec and internal client f6ef7514 autogen(openapi): Regenerate swagger spec and internal client cc7a8e46 autogen(openapi): Regenerate swagger spec and internal client b660fa39 autogen(openapi): Regenerate swagger spec and internal client 72a2e2f3 autogen(openapi): Regenerate swagger spec and internal client 756f19fc autogen(openapi): Regenerate swagger spec and internal client f5b993a2 autogen(openapi): Regenerate swagger spec and internal client 577ad1bc autogen(openapi): Regenerate swagger spec and internal client 582aca38 autogen(openapi): Regenerate swagger spec and internal client 27dc147a autogen: add v1.9.2 to version.schema.json ed096e92 autogen: add v1.9.3-pre.5 to version.schema.json bf8f805f autogen: pin v1.10.0 release commit 60b2434e autogen: pin v1.10.0 release commit 2287ac59 autogen: pin v1.10.1 release commit c3833af2 autogen: pin v1.10.1-pre.1 release commit 01af32f3 autogen: pin v1.10.1-pre.2 release commit 440d171d autogen: pin v1.9.3-pre.0 release commit 38b6317a autogen: pin v1.9.3-pre.1 release commit 149db769 autogen: pin v1.9.3-pre.2 release commit 26615cbb autogen: pin v1.9.3-pre.3 release commit bf652999 autogen: pin v1.9.3-pre.4 release commit be012b6d autogen: pin v1.9.3-pre.5 release commit d2aecf88 chore(deps): bump pug-code-gen in /test/e2e/oauth2-client (#2376) d0ef3e37 chore: fix go mod ab06db3e chore: fix link (#2359) 4b595e87 chore: update docusaurus template 15653367 chore: update docusaurus template (#2424) 785e743e chore: update package lock f4ed887a chore: update repository templates 96627651 chore: update repository templates cb64d68d chore: update repository templates 1d314105 chore: update repository templates (#2362) a3295561 chore: update repository templates (#2378) e3d60323 ci: add trailing slash to prettier check (#2389) e819e7b5 ci: adopt new swagger ignorepkgs 0afd9fc0 ci: bump orbs 7f806e55 ci: fix yaml syntax error 0326699f ci: link to cypress project d8ad323f ci: reorder e2e execution 94593db5 ci: run e2e tests in one container (#2391) d17f5050 ci: use nancy command instead of job (#2390) 854b9eed consent: do not send 404 on revoke consent / delete login (#2397) 471e85d2 docs: faq custom data (#2334) 68068651 docs: fix basic examples for the golang SDK (#2399) dd19b86b docs: fix subject identifier algorithms to match configuration (#2400) 277afe9d docs: improve readme tests section (#2380) f20f6459 docs: quickstart config (#2328) 84948220 docs: update config.schema.json default values (#2348) f006556f docs: update examples to new helm install command format (#2369) a17d10e7 feat: add --no-shutdown flag to "hydra token user" to prevent auto-termination (#2382) (#2386) 055f801e feat: add front/backchannel logout params to client cli (#2387) f039ebbd feat: flush inactive/expired login and consent requests (#2381) b46a14cd feat: flush refresh tokens for service oauth2/flush (#2373) 6fa591c8 feat: move to go 1.16 and static embed files bc349f1f feat: refresh token reuse detection (#2383) b302501b fix: add docs/node_modules make target 56d71e67 fix: add network specific error message to avoid confusion (#2367) 89df8d7b fix: adds sqa section to config.schema.json (#2360) 02483ce4 fix: adopt new cli renderer pipeline 883a84f8 fix: better http resiliency and sqlite updates 78032026 fix: improve cache and update CI images to go 1.16 (#2388) e9bd0642 fix: increase conformance test timeout c9d0a262 fix: record cypress videos 8257cb29 fix: resolve clidoc issues 6612099b fix: resolve docs build issues 4812f549 fix: resolve e2e test issues b1f63fff fix: resolve migrator duplicate files cdfc03d8 fix: resolve migrator regression issues b20fc48d fix: revert mode default and maximum values (#2349) b7965c6f fix: update janitor help b61d05ce fix: use appropriate migrations with precedence 0cac0f1e fix: use gelf windows hotfix 3fbda05a fix: use go 1.16 in conformity suite c76309cf test: bump cypress to newer version and add resilience 1a03c077 test: bump ory/x and resolve regressions b248406d test: fix record arg 9d4764d8 test: improve e2e script and add record option 356b05f6 test: resolve flaky cypress tests e59e2bc9 test: resolve migration regression 2aa09804 test: use cypress fetchers ccd983d7 test: use go 1.16 in conformity 10496024 tests: resolve oidc conformity regression
docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.10-sqlite
docker pull oryd/hydra:v1.10.1-sqlite
docker pull oryd/hydra:v1.10.1-sqlite
docker pull oryd/hydra:latest-sqlite
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.10
docker pull oryd/hydra:v1.10.1
docker pull oryd/hydra:v1.10.1
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.10-alpine
docker pull oryd/hydra:v1.10.1-alpine
docker pull oryd/hydra:v1.10.1-alpine
docker pull oryd/hydra:latest-alpine
This release adds more telemetry data to the prometheus exporter.
8a415d92 autogen(docs): generate and format documentation eb6f682f autogen(docs): regenerate and update changelog fcd80d16 autogen(docs): regenerate and update changelog 0b4673ec autogen: add v1.9.1 to version.schema.json f0580e25 autogen: pin v1.9.2 release commit c1f1ba5c feat: enable emittance of response time metrics (#2323)
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.9
docker pull oryd/hydra:v1.9.2
docker pull oryd/hydra:v1.9.2
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.9-alpine
docker pull oryd/hydra:v1.9.2-alpine
docker pull oryd/hydra:v1.9.2-alpine
docker pull oryd/hydra:latest-alpine
docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.9-sqlite
docker pull oryd/hydra:v1.9.2-sqlite
docker pull oryd/hydra:v1.9.2-sqlite
docker pull oryd/hydra:latest-sqlite
This release makes Dart and Rust SDKs available for Ory Hydra!
Add faq items (8d31cb3):
Added two items to the FAQ that were sitting in meta/tmp.
Add Rust and Dart SDKs (c4b4f73):
We now support for Rust and Dart SDKs!
Update javascript documentation (a2b3a49):
Update npm package name (#2302) (d05d82e):
Changed npm client package from @oryd/hydra-client to @ory/hydra-client
efa4c4ce autogen(docs): generate and format documentation ea5edb39 autogen(docs): generate cli docs 7e162f65 autogen(docs): generate cli docs 10b5d594 autogen(docs): generate cli docs 994d4d4d autogen(docs): regenerate and update changelog 97c664bd autogen(docs): regenerate and update changelog 2a0c1d06 autogen(docs): regenerate and update changelog 8d5c8b18 autogen(docs): regenerate and update changelog 7e546aa0 autogen(docs): regenerate and update changelog 3027833e autogen(docs): regenerate and update changelog bdf79911 autogen(docs): update milestone document 1921e54c autogen: add v1.9.0 to version.schema.json 5cedc9e2 autogen: pin v1.9.1 release commit 68cb6670 chore: bump gjson (#2298) 183d421a chore: update repository templates (#2301) c4b4f73e docs: add Rust and Dart SDKs 8d31cb34 docs: add faq items 1316cc00 docs: add link endings. (#2313) 341f3ede docs: fix npm links (#2303) a8ad7052 docs: quickstart cleanup (#2324) 4fdb7f1c docs: reorg faq sidebar (#2318) d2ee4f6c docs: update before oauth2.mdx (#2299) a2b3a49e docs: update javascript documentation d05d82e9 docs: update npm package name (#2302)
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.9
docker pull oryd/hydra:v1.9.1
docker pull oryd/hydra:v1.9.1
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.9-alpine
docker pull oryd/hydra:v1.9.1-alpine
docker pull oryd/hydra:v1.9.1-alpine
docker pull oryd/hydra:latest-alpine
docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.9-sqlite
docker pull oryd/hydra:v1.9.1-sqlite
docker pull oryd/hydra:v1.9.1-sqlite
docker pull oryd/hydra:latest-sqlite
Today, we are very excited to announce the stable release of ORY Hydra 1.9! This release contains significant internal code refactoring, making ORY Hydra more reliable, lightweight, and even more scalable! Also, for the first time ever, ORY Hydra handled over 13.3 billion API requests in December 2020 in over 23.000 production environments around the globe.
Let's talk features - in a TL;DR overview:
response_mode=form_post
Response Mode.If you wish to get into ORY Hydra, check out the new YouTube tutorial:
See you on slack, signed HACKERMAN.
ORY Kratos
We would like to take a bit of your time and introduce you to ORY Kratos. ORY Kratos implements all the hard things related to users: login, registration, customizable profile fields, multi-factor authentication scheduled for v0.6, secure account recovery, email and SMS verification, profile management, session and device management, user administration, social sign in and sign up, and much, much more! Everything works with proven and ORY-hardened protocols in the same lightweight fashion you are used to from our other products. And it natively targets mobile, desktop, web, and robots! ORY Kratos is essentially an open-source alternative to Auth0, Okta, and Google Firebase with the added benefit of avoiding the complexity of implementing OAuth2 and OpenID Connect for your first-party apps just to get login to work. So if you are wondering whether you really need OAuth2, this is worth your time!
To get a feeling for ORY Kratos, check out our exemplary React Native app (available on GitHub, Android and iOS) demonstrating user registration, login, and profile management. It uses APIs from ORY Cloud, which will be publicly announced this year. If you are interested in becoming an early adopter, get in touch now! We have more super exciting stuff planned!
Changes in-depth
Let's break down the most significant changes in more detail:
The configuration system has been reworked
--config
flag.Please be aware that deprecated configuration flags have been removed with this change. It is also possible that ORY Hydra might complain about an invalid configuration due to a significantly improved validation process.
The OpenID Connect Conformity Test Suite is now part of the ORY Hydra CI pipeline.
This means every PR and change will be checked for OpenID Connect Compliance. As part of these tests, we uncovered some regression issues which have since been resolved. Please be aware that fields error_hint
and error_debug
will no longer be sent. You can re-enable those legacy fields by setting oauth2.include_legacy_error_fields
to true
.
Supporting response_mode=form_post
Support OpenID Connect flows response_mode=form_post
was added and has been tested with the OpenID Connect Conformity Test Suite, making it ready for production.
Compatibility with MITREid
Adds an option that allows granting the OAuth2 Client's authorized scope when performing a client_credentials
flow without specifying a scope. This enables compatibility with MITREid and allows migrating from MITREid to ORY Hydra.
Refactoring the internal DBAL
We completely refactored the internal database abstraction layer (DBAL). We have been using gobuffalo/pop successfully in ORY Kratos and decided to move the ORY Hydra DBAL to gobuffalo/pop as well. As part of this refactoring, ORY Hydra now supports SQLite for both in-memory as well as on-disk databases, de-duplicating the codebase and allowing for quick and easy persistence in test environments.
Add 400 as possible reply to /oauth2/token (24daede), closes #2260
Do not require unset pairwise (4136aaf)
Update schema reference for subject_identifiers.supported_types (0e14a08), closes #2270
Add encrypt_at_rest option to config schema (3219c16)
Add required aud, jti claims to userinfo response (d0697fa)
Add standardized client registration errors (02a9137):
Adds new errors to fully comply with the OpenID Connect Dynamic Client Registration specification.
Allow all request object signing algs per default (edc54c2):
This patch resolves an issue where RS256 would be the only allowed request object signing algorithm. The spec however mandates that all algorithms are allowed if the client does not explicitly set the request object signing algorithm.
Allow lower bcrypt values and add tests (812a21c)
Ensure consistent auth_time in session handling (e973ffe)
Increase parallelism to 4 (ae02706)
Mark false gosec positive (206d1ee)
Nonce is not required for hybrid flows (c708ada)
Quickstart yml (5ebd984)
Remove session from store on logout (4495f56):
This patch resolves an issue where the session would not be purged from the store when performing an RP-initiated logout request from a client, if said client does not purge the authentication session properly because the client does not have access to it or because the client misbehaves.
Remove unrelated quickstart entry (#2214) (a583d78), closes #2213
Request_id should not be unique (a8ca333):
This patch resolves an issue where certain OpenID Connect Hybrid flows would error with a UNIQUE violation. The cause of this issue was an incorrect UNIQUE constraint on the
request_id
field of the access, refresh, pkce, and other, similar tables.
Resolve broken quickstart (95a1dfb)
Update deprecated config in quickstart (1c1433a)
Update invalid quickstart config (8d076a5)
Update package lock (18bfc96)
Update schema to support new koanf (29763c8)
Add support for tracing to SQL (b3dda7c)
Address pop inconsistencies and update tests (8f3462f)
CGO build issues on Windows and Go 1.15+ (1c1fe19)
Do not require sqlite and CGO for other databases (8069205)
Do not run migrations in background (308edb9)
Explicitly set pwd in makefile (aeb1090)
Goreleaser add docker images (7a81908)
Improve cli flags and add -c
config flag (bf3be84)
Improve schema typing for tracing (4cc25c3)
Improve tests and pop adapter (1354611)
Remove obsolete makefile targets (dc5d37f)
Remove unnecessary transactions (1df50ec)
Run tests only once (4e1d0f6)
Set context in connection getter (644967a)
Update docker and quickstart examples (b01c246)
Update format to goimports (c4438b0)
Use context in transaction creator (db0ac86)
Use sqlite for standalone (e5b7147)
Add docs format to make format (cfa50fe)
Client update breaks primary key (#2150) (7662917), closes #2148
Explicitly use no-CGO images for non-SQLite (1ec2d1d)
Force brew install statement (0252b5a)
Update install script (c614c0b)
Add note about mounting the config file when using docker (#2235) (766e8f1), closes #2231
Change deprecated fallback url (#2275) (0bf61aa), closes #2254
Client api upper bound on limit parameter (#2277) (bc2bbd2), closes #2267
Fix incorrect version replacements (70a6b8f)
Oidc.subject_identifiers config key change (#2232) (2172f25):
oidc.subject_identifiers.enabled is now oidc.subject_identifiers.supported_types. Docs should get updated.
Update install from source instructions (bcfd9b7)
Add config debug section (c53f036)
Add contributing to sidebar (#2209) (21f3b1f):
Added Contributing Guidelines to the introduction menu point on the sidebar. I think it should be as obvious as possible. Another good solution would be to add them to the top bar?
If this is merged, I will do the same changes for Kratos/Oathkeeper/Keto.
Add newsletter banner (5b63aa4)
Deps are installed automagically and make deps was removed (#2157) (25e96e2), closes #2154
Minor improvements to the concepts/consent page (#2168) (1128cfc)
Use codefromremote for consent samples (51c0874)
Fix typo (71a4495)
Remove obsolete doc section (443a225)
Swagger route headline capitalization (4540ece), closes #2015
Update code listings and image tags (3cd22c4)
Update sql instructions (bfed7f2)
Updates kubernetes helm chart url (6d63a73)
Add missing trailing slash (97bc47d)
Deprecate driver semantics (8fc3e2e)
Move oauth2 cors to own package (3beddbd)
Rename token_type
to token_use
in introspection (152fd5d), closes #1762
Replace viper with koanf config management (8c12b27)
Move Dockerfiles to .docker directory (5508f2a)
Use gobuffalo/pop for SQL abstraction (#2059) (56bce67), closes #1730:
This patch replaces the existing SQL and memory managers with a pop based persister. Existing SQL migrations are compatible as they have been migrated to the new SQL abstraction in version 1.7.x. As a goodie, ORY Hydra now supports SQLite for both in-memory as well as on-disk (useful for development and very small deployments) databases!
Add ability to override oidc discovery urls (bb8b982):
Added config options
webfinger.oidc_discovery.token_url
,webfinger.oidc_discovery.auth_url
,webfinger.oidc_discovery.jwks_url
.
Add new request_object_signing_alg_values_supported
to oidc discovery (4220959)
Add oidc conformity tests (651f424)
Improve and clean up error handling (b727367)
Improve error responses for consent handler (44ab747)
Improve error stack trace wrapping (fdf142c)
Only set state-param if it was passed (#2183) (568434a):
Using
state
in the logout flow is optional, sostate
can be empty. In order to avoid an ugly/post-logout-redirect-uri?state=
URI, the state should only be appended if it is not empty.
Remove legacy error fields unless configured to do so (e2a7135)
Support OpenID Connect's response_mode=form_post
(8ab9eff), closes #1621:
This patch adds support for the
response_mode
parameter as defined in OAuth 2.0 Form Post Response Mode. Additionally, valuesfragment
andquery
are supported as defined in OAuth 2.0 Multiple Response Type Encoding Practices.
Support pkger (07a360e)
Add configuration option to grant default client_credential scope when no scope is requested (#2144) (0b1de34), closes #2141:
Adds an option which allows granting the OAuth2 Client's authorized scope when performing a
client_credentials
flow without specifying a scope. This enables compatibility with MITREid.
Implement docker for quickstart (8e64202)
Support sqlite in goreleaser (e946487)
Add timeout to wait (90dfaf5)
Completely refactor consent tests (defc063)
Fix jwt e2e tests (1b480d8)
Improve github action conformity tests (1015e49)
Improve TestClientCredentialsGrantAllScopes (19409b4)
Increase timeout for conformity (a65d289)
Oidc conformity tests should run as workflow dispatch (5b8fa0a)
Refactor client credential tests (b74cffa)
Refactor consent logout tests and add failing case (ef12c06)
Refactor oauth2 auth code tests (c376473)
Resolve conformity test suite concurrency issues (ef312c3)
Resolve e2e startup issues (5af4cef)
Resolve e2e test failures (03f5e8e)
Resolve failing rotation key tests (8e8b943)
Resolve flaky test issue (e17a074)
Resolve incorrect retry loop (ef141c2)
Retry conformity failures (409ae42)
Retry interrupted tests (c72367b)
Skip preloading in migration tests (14272f2)
Update config to pass validation (6931461)
Use 16 workers for conformance (9cf0e65)
Use correct test context (45bc907)
Use prebuilt images for conformity testing (4dd7a62)
Fix confusing expected/got (#2135) (14b6db2):
And fixed assert.EqualError params in right order in TestStrategyLoginConsent
Move tests to persistence (46d0571)
Write migrate logs to file (9a1fbd8)
--config
flag.Please be aware that deprecated configuration flags have finally been removed with this change. It is also possible that ORY Hydra might complain about an invalid configuration, because the validation process has improved significantly.
authentication_session
table contains a lot of data.error_hint
and error_debug
fields from OAuth2 responses. These are now all merged into error_description
which is according to the OAuth2 and OpenID Connect specification. If you wish to keep the old behavior around, set oauth2.include_legacy_error_fields
to true
in your ORY Hydra configuration.token_type
would return access_token
or refresh_token
. The specification however mandates that token_type
is always Bearer
. This patch resolves that issue. The previous behaviour of token_type
has now been moved to token_use
which can be access_token
or refresh_token
.docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.9
docker pull oryd/hydra:v1.9.0
docker pull oryd/hydra:v1.9.0
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.9-alpine
docker pull oryd/hydra:v1.9.0-alpine
docker pull oryd/hydra:v1.9.0-alpine
docker pull oryd/hydra:latest-alpine
docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.9-sqlite
docker pull oryd/hydra:v1.9.0-sqlite
docker pull oryd/hydra:v1.9.0-sqlite
docker pull oryd/hydra:latest-sqlite
We are excited to present the next big step towards ORY Hydra 1.9! In this release we completely refactored the configuration internals and moved from spf13/viper to knadh/koanf:
--config
flag now possible.Please be aware that deprecated configuration flags have finally been removed with this change. It is also possible that ORY Hydra might complain about an invalid configuration due to a significantly improved validation process.
In addition, this release includes the new OpenID Connect Conformity Test Suite as part of the ORY Hydra CI pipeline. This means every PR and change will be checked for OpenID Connect Compliance. As part of these tests, we uncovered some regression issues which have since been resolved. Please be aware that fields error_hint
and error_debug
will no longer be sent. You can re-enable those legacy fields by setting oauth2.include_legacy_error_fields
to true
.
Furthermore, support for OpenID Connect flows response_mode=form_post
was added and has been tested with the OpenID Connect Conformity Test Suite, making it ready for production.
Several other bugs have been resolved and we have completely overhauled the tests, deprecating test tables in favor of test suites. This greatly improves the readability of our tests and allows new contributors to more easily understand what is going on!
If you wish to get into ORY Hydra, check out the newly published YouTube tutorial:
Add encrypt_at_rest option to config schema (3219c16)
Add required aud, jti claims to userinfo response (d0697fa)
Add standardized client registration errors (02a9137):
Adds new errors to fully comply with the OpenID Connect Dynamic Client Registration specification.
Allow all request object signing algs per default (edc54c2):
This patch resolves an issue where RS256 would be the only allowed request object signing algorithm. The spec however mandates that all algorithms are allowed if the client does not explicitly set the request object signing algorithm.
Allow lower bcrypt values and add tests (812a21c)
Ensure consistent auth_time in session handling (e973ffe)
Increase parallelism to 4 (ae02706)
Mark false gosec positive (206d1ee)
Nonce is not required for hybrid flows (c708ada)
Quickstart yml (5ebd984)
Remove session from store on logout (4495f56):
This patch resolves an issue where the session would not be purged from the store when performing an RP-initiated logout request from a client, if said client does not purge the authentication session properly because the client does not have access to it or because the client misbehaves.
Remove unrelated quickstart entry (#2214) (a583d78), closes #2213
Request_id should not be unique (a8ca333):
This patch resolves an issue where certain OpenID Connect Hybrid flows would error with a UNIQUE violation. The cause of this issue was an incorrect UNIQUE constraint on the
request_id
field of the access, refresh, pkce, and other, similar tables.
Resolve broken quickstart (95a1dfb)
Update deprecated config in quickstart (1c1433a)
Update invalid quickstart config (8d076a5)
Update package lock (18bfc96)
Update schema to support new koanf (29763c8)
token_type
to token_use
in introspection (152fd5d), closes #1762
Add config debug section (c53f036)
Add contributing to sidebar (#2209) (21f3b1f):
Added Contributing Guidelines to the introduction menu point on the sidebar. I think it should be as obvious as possible. Another good solution would be to add them to the top bar?
If this is merged, I will do the same changes for Kratos/Oathkeeper/Keto.
Add newsletter banner (5b63aa4)
Deps are installed automagically and make deps was removed (#2157) (25e96e2), closes #2154
Minor improvements to the concepts/consent page (#2168) (1128cfc)
Use codefromremote for consent samples (51c0874)
Add ability to override oidc discovery urls (bb8b982):
Added config options
webfinger.oidc_discovery.token_url
,webfinger.oidc_discovery.auth_url
,webfinger.oidc_discovery.jwks_url
.
Add new request_object_signing_alg_values_supported
to oidc discovery (4220959)
Add oidc conformity tests (651f424)
Improve and clean up error handling (b727367)
Improve error responses for consent handler (44ab747)
Improve error stack trace wrapping (fdf142c)
Only set state-param if it was passed (#2183) (568434a):
Using
state
in the logout flow is optional, sostate
can be empty. In order to avoid an ugly/post-logout-redirect-uri?state=
URI, the state should only be appended if it is not empty.
Remove legacy error fields unless configured to do so (e2a7135)
Support OpenID Connect's response_mode=form_post
(8ab9eff), closes #1621:
This patch adds support for the
response_mode
parameter as defined in OAuth 2.0 Form Post Response Mode. Additionally, valuesfragment
andquery
are supported as defined in OAuth 2.0 Multiple Response Type Encoding Practices.
Support pkger (07a360e)
--config
flag.Please be aware that deprecated configuration flags have finally been removed with this change. It is also possible that ORY Hydra might complain about an invalid configuration, because the validation process has improved significantly.
authentication_session
table contains a lot of data.error_hint
and error_debug
fields from OAuth2 responses. These are now all merged into error_description
which is according to the OAuth2 and OpenID Connect specification. If you wish to keep the old behavior around, set oauth2.include_legacy_error_fields
to true
in your ORY Hydra configuration.token_type
would return access_token
or refresh_token
. The specification however mandates that token_type
is always Bearer
. This patch resolves that issue. The previous behaviour of token_type
has now been moved to token_use
which can be access_token
or refresh_token
.d849bd50 autogen(docs): generate and format documentation
eb0baa20 autogen(docs): generate and format documentation
2d54c1e7 autogen(docs): generate and format documentation
14577a0c autogen(docs): generate and format documentation
450d69b8 autogen(docs): generate and format documentation
af4b0115 autogen(docs): generate and format documentation
a84a34cc autogen(docs): generate and format documentation
a45b64d2 autogen(docs): generate and format documentation
f7bed354 autogen(docs): generate and format documentation
876cd963 autogen(docs): generate and format documentation
6529d512 autogen(docs): generate and format documentation
b569aca2 autogen(docs): generate and format documentation
7390886d autogen(docs): generate and format documentation
23d6a028 autogen(docs): generate and format documentation
2be52835 autogen(docs): generate and format documentation
f267f722 autogen(docs): generate and format documentation
c56ff713 autogen(docs): generate and format documentation
a0db388b autogen(docs): generate and format documentation
ddee4eab autogen(docs): generate and format documentation
97b16632 autogen(docs): generate cli docs
05be6b81 autogen(docs): regenerate and update changelog
7a4d972f autogen(docs): regenerate and update changelog
45674ca3 autogen(docs): regenerate and update changelog
c4591ca9 autogen(docs): regenerate and update changelog
e46b9d0a autogen(docs): regenerate and update changelog
fd5729da autogen(docs): regenerate and update changelog
81076b9d autogen(docs): regenerate and update changelog
84230bf5 autogen(docs): update milestone document
1d7e7a2a autogen(docs): update milestone document
6da7cf42 autogen(docs): update milestone document
95e41ca5 autogen(docs): update milestone document
3f8ea204 autogen(docs): update milestone document
ec237ab7 autogen(docs): update milestone document
de0db909 autogen(docs): update milestone document
c345b419 autogen(docs): update milestone document
7b5d6132 autogen(docs): update milestone document
6d0861c3 autogen(docs): update milestone document
c2e6251e autogen(docs): update milestone document
de5d09a2 autogen(docs): update milestone document
906ad87a autogen(docs): update milestone document
94c937cf autogen(openapi): Regenerate swagger spec and internal client
91e0396f autogen: add v1.9.0-alpha.2 to version.schema.json
05809d25 autogen: pin v1.9.0-alpha.3 release commit
e602dcf8 autogen: pin v1.9.0-alpha.3.pre.0 release commit
b6f49cd0 autogen: pin v1.9.0-alpha.3.pre.1 release commit
959aa93c autogen: pin v1.9.0-alpha.3.pre.2 release commit
eff69fb4 autogen: pin v1.9.0-alpha.3.pre.3 release commit
ec7d9877 autogen: pin v1.9.0-alpha.3.pre.4 release commit
e972bcbc chore: apply ory-prettier-styles to cypress tests (#2179)
ee1f3cbe chore: clean up code base
3e6c8d23 chore: clean up test code
428df22c chore: clean up viper mentions
755b12d0 chore: format docs according to upgraded prettier styles
2c883f6f chore: style and install
2dd80fe8 chore: update docusaurus template
f5291a8b chore: update docusaurus template
ddfcd27a chore: update docusaurus template (#2162)
caa11170 chore: update docusaurus template (#2174)
775c8c71 chore: update docusaurus template (#2177)
88ddd906 chore: update docusaurus template (#2178)
71ca67be chore: update docusaurus template (#2185)
1169bd52 chore: update docusaurus template (#2186)
9f037ac8 chore: update docusaurus template (#2189)
99ca5158 chore: update docusaurus template (#2196)
1fc4f433 chore: update docusaurus template (#2198)
781201f5 chore: update docusaurus template (#2201)
e28d99bc chore: update docusaurus template (#2202)
697f4f8b chore: update docusaurus template (#2203)
7f073239 chore: update docusaurus template (#2205)
d37c1edc chore: update docusaurus template (#2210)
cebdd4a4 chore: update docusaurus template (#2212)
2ecb2d8b chore: update docusaurus template (#2219)
415a2792 chore: update docusaurus template (#2221)
dee7fe43 chore: update docusaurus template (#2223)
6f4b26e4 chore: update docusaurus template (#2225)
396ca19c chore: update package locks
8b4628e2 chore: update repository templates (#2176)
2dc526d9 chore: update repository templates (#2190)
ccfbf965 chore: update repository templates (#2197)
f6d02228 chore: update repository templates (#2199)
76e31f15 ci: do not require validation
c9cc7d4a ci: improve docs release config
3c696c4d ci: increase parallelism
98d1a8cd ci: pin exact prettier version
c53f0364 docs: add config debug section
21f3b1f1 docs: add contributing to sidebar (#2209)
5b63aa4b docs: add newsletter banner
d4aa9814 docs: add quickstart video (#2220)
e7eece2d docs: bcrypt reference config (#2161)
25e96e27 docs: deps are installed automagically and make deps was removed (#2157)
d9d719af docs: fix omissions in consent flow description (#2194)
1128cfc5 docs: minor improvements to the concepts/consent page (#2168)
409f2f4b docs: update links and fix typos (#2169)
ee4a9edf docs: update toc (#2158)
51c0874c docs: use codefromremote for consent samples
568434ac feat: Only set state-param if it was passed (#2183)
bb8b9824 feat: add ability to override oidc discovery urls
4220959c feat: add new request_object_signing_alg_values_supported
to oidc discovery
651f4244 feat: add oidc conformity tests
77927158 feat: add support for ElasticAPM tracing (#2155)
b7273676 feat: improve and clean up error handling
44ab7472 feat: improve error responses for consent handler
fdf142cc feat: improve error stack trace wrapping
e2a7135f feat: remove legacy error fields unless configured to do so
8ab9eff6 feat: support OpenID Connect's response_mode=form_post
07a360e3 feat: support pkger
3219c16d fix: add encrypt_at_rest option to config schema
d0697fab fix: add required aud, jti claims to userinfo response
02a91370 fix: add standardized client registration errors
edc54c25 fix: allow all request object signing algs per default
812a21cf fix: allow lower bcrypt values and add tests
b59bdf85 fix: document describe error (#2208)
e973ffe0 fix: ensure consistent auth_time in session handling
ae027064 fix: increase parallelism to 4
206d1eee fix: mark false gosec positive
c708adad fix: nonce is not required for hybrid flows
5ebd984f fix: quickstart yml
4495f56f fix: remove session from store on logout
a583d78d fix: remove unrelated quickstart entry (#2214)
a8ca333b fix: request_id should not be unique
95a1dfb2 fix: resolve broken quickstart
1c1433ab fix: update deprecated config in quickstart
8d076a5e fix: update invalid quickstart config
18bfc96f fix: update package lock
29763c8f fix: update schema to support new koanf
8fc3e2e3 refactor: deprecate driver semantics
3beddbda refactor: move oauth2 cors to own package
152fd5d4 refactor: rename token_type
to token_use
in introspection
8c12b27a refactor: replace viper with koanf config management
9ccf762f style: format
0a801dcb style: format
251f9dc9 style: format cypress files
5f08ff2a styles: format
90dfaf56 test: add timeout to wait
defc063e test: completely refactor consent tests
1b480d82 test: fix jwt e2e tests
19409b4d test: improve TestClientCredentialsGrantAllScopes
1015e49e test: improve github action conformity tests
a65d2892 test: increase timeout for conformity
5b8fa0ae test: oidc conformity tests should run as workflow dispatch
b74cffa8 test: refactor client credential tests
ef12c068 test: refactor consent logout tests and add failing case
c376473c test: refactor oauth2 auth code tests
ef312c39 test: resolve conformity test suite concurrency issues
5af4cef9 test: resolve e2e startup issues
03f5e8e5 test: resolve e2e test failures
8e8b943c test: resolve failing rotation key tests
e17a0747 test: resolve flaky test issue
ef141c28 test: resolve incorrect retry loop
409ae424 test: retry conformity failures
c72367b0 test: retry interrupted tests
14272f2a test: skip preloading in migration tests
69314615 test: update config to pass validation
9cf0e653 test: use 16 workers for conformance
45bc9072 test: use correct test context
4dd7a621 test: use prebuilt images for conformity testing
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.9-alpine
docker pull oryd/hydra:v1.9.0-alpine
docker pull oryd/hydra:v1.9.0-alpha.3-alpine
docker pull oryd/hydra:latest-alpine
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.9
docker pull oryd/hydra:v1.9.0
docker pull oryd/hydra:v1.9.0-alpha.3
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.9-sqlite
docker pull oryd/hydra:v1.9.0-sqlite
docker pull oryd/hydra:v1.9.0-alpha.3-sqlite
docker pull oryd/hydra:latest-sqlite
This release addresses an issue in the update routine of OAuth2 Clients (see kratos#2148) and adds an option which makes ORY Hydra compatible with MITREid.
Add configuration option to grant default client_credential scope when no scope is requested (#2144) (0b1de34), closes #2141:
Adds an option which allows granting the OAuth2 Client's authorized scope when performing a
client_credentials
flow without specifying a scope. This enables compatibility with MITREid.
0f0c5095 autogen(docs): generate and format documentation 26ede918 autogen(docs): generate and format documentation c1887396 autogen(docs): generate and format documentation 92bc86c2 autogen(docs): regenerate and update changelog f79ae296 autogen(docs): update milestone document 7df5ea35 autogen(docs): update milestone document 90d311b0 autogen(docs): update milestone document c654010f autogen: add v1.9.0-alpha.1 to version.schema.json 1a7fe913 autogen: pin v1.9.0-alpha.2 release commit 702b0f5d chore: update docusaurus template 12d4eb3d ci: fix replacer script 97bc47d6 docs: add missing trailing slash fa877d76 docs: replace dex with keycloak 71b05923 docs: version bash-curl script 0b1de34a feat: add configuration option to grant default client_credential scope when no scope is requested (#2144) cfa50fe0 fix: add docs format to make format 76629170 fix: client update breaks primary key (#2150) 1ec2d1df fix: explicitly use no-CGO images for non-SQLite 0252b5a2 fix: force brew install statement c614c0b9 fix: update install script 7289f308 style: format 511e8d27 test: fix misused id field (#2152)
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.9
docker pull oryd/hydra:v1.9.0
docker pull oryd/hydra:v1.9.0-alpha.2
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.9-alpine
docker pull oryd/hydra:v1.9.0-alpine
docker pull oryd/hydra:v1.9.0-alpha.2-alpine
docker pull oryd/hydra:latest-alpine
docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.9-sqlite
docker pull oryd/hydra:v1.9.0-sqlite
docker pull oryd/hydra:v1.9.0-alpha.2-sqlite
docker pull oryd/hydra:latest-sqlite
This release focuses on a complete refactor of the internal database abstraction layer (DBAL). We have been using gobuffalo/pop successfully in ORY Kratos and decided to move the ORY Hydra DBAL to gobuffalo/pop as well. As part of this refactoring, ORY Hydra now supports SQLite for both in-memory as well as on-disk databases, de-duplicating the codebase and allowing for quick and easy persistence in test environments.
This is an alpha release as we want to gather feedback from the community regarding performance and other potential issues before tagging the v1.9.0 version branch as stable.
-c
config flag (bf3be84)Move Dockerfiles to .docker directory (5508f2a)
Use gobuffalo/pop for SQL abstraction (#2059) (56bce67), closes #1730:
This patch replaces the existing SQL and memory managers with a pop based persister. Existing SQL migrations are compatible as they have been migrated to the new SQL abstraction in version 1.7.x. As a goodie, ORY Hydra now supports SQLite for both in-memory as well as on-disk (useful for development and very small deployments) databases!
Fix confusing expected/got (#2135) (14b6db2):
And fixed assert.EqualError params in right order in TestStrategyLoginConsent
Move tests to persistence (46d0571)
Write migrate logs to file (9a1fbd8)
f3056f6c autogen(docs): generate and format documentation
afde5c63 autogen(docs): generate and format documentation
6f517027 autogen(docs): generate and format documentation
c326ae8b autogen(docs): generate and format documentation
f5441d6d autogen(docs): generate and format documentation
8f87c1f1 autogen(docs): generate and format documentation
243adeba autogen(docs): generate and format documentation
d56bfb19 autogen(docs): generate and format documentation
8ff756c6 autogen(docs): generate and format documentation
849ead0c autogen(docs): generate and format documentation
049c4157 autogen(docs): generate and format documentation
d560807b autogen(docs): generate cli docs
4734c883 autogen(docs): generate cli docs
ec71cd9a autogen(docs): generate cli docs
1dee4e35 autogen(docs): generate cli docs
878bd97e autogen(docs): generate cli docs
a8c33bc2 autogen(docs): regenerate and update changelog
3e011f63 autogen(docs): regenerate and update changelog
7b604726 autogen(docs): regenerate and update changelog
bb041f2c autogen(docs): update milestone document
1d45dec9 autogen(docs): update milestone document
e3f71d3f autogen(docs): update milestone document
434a3b1b autogen(docs): update milestone document
0ee3c10c autogen(openapi): Regenerate swagger spec and internal client
0eba003c autogen: add v1.8.5 to version.schema.json
0382fea6 autogen: add v1.9.0-alpha.0.pre.2 to version.schema.json
dc19f4a5 autogen: pin v1.9.0-alpha.0.pre.2 release commit
a270e4ca autogen: pin v1.9.0-alpha.1 release commit
edb221c6 autogen: pin v1.9.0-pre.0 release commit
4fbf3575 autogen: pin v1.9.0-pre.1 release commit
4062f77b chore(deps): bump cci orbs (#2132)
3e259c43 chore(docs): format
3f8f2d7d chore(docs): remove unneeded files (#2121)
1a23377b chore: add schema to gitignore
2fad6048 chore: bump datadog dependency
75cc527f chore: bump gobuffalo/pop
eeb45763 chore: bump gobuffalo/pop
8ee09966 chore: bump gobuffalo/pop and integrate new tracing fixes
f83f662e chore: update Docker Images to golang 1.15.2, alpine 3.12 (#2127)
cf358c55 chore: update docusaurus template (#2104)
4e248246 chore: update docusaurus template (#2137)
92a207b7 chore: update repository templates
70c79980 ci: add docs format checking (#2099)
02edf377 ci: force changelog generation
fda87cf3 ci: remove mysql parameters which are set automatically
51d93902 ci: revert multiStatements removal
7ed88703 docs: add hypnoglow terraform provider
487e7335 docs: correct port (#2101)
7aca301a docs: correct port (#2102)
71a4495d docs: fix typo
443a2257 docs: remove obsolete doc section
4540ece1 docs: swagger route headline capitalization These should be the last places, therefore closes #2015
3cd22c4d docs: update code listings and image tags
bfed7f22 docs: update sql instructions
6d63a730 docs: updates kubernetes helm chart url
8e64202f feat: implement docker for quickstart
2f198370 feat: re-enable freebsd
e946487a feat: support sqlite in goreleaser
1c1fe192 fix: CGO build issues on Windows and Go 1.15+
b3dda7c8 fix: add support for tracing to SQL
8f3462ff fix: address pop inconsistencies and update tests
80692052 fix: do not require sqlite and CGO for other databases
308edb99 fix: do not run migrations in background
aeb10903 fix: explicitly set pwd in makefile
7a81908a fix: goreleaser add docker images
bf3be849 fix: improve cli flags and add -c
config flag
4cc25c34 fix: improve schema typing for tracing
13546110 fix: improve tests and pop adapter
90caedae fix: remove explicit cve allowlist
dc5d37ff fix: remove obsolete makefile targets
1df50ec0 fix: remove unnecessary transactions
d525983c fix: remove websocket direct dep
4e1d0f6f fix: run tests only once
644967a8 fix: set context in connection getter
b01c2467 fix: update docker and quickstart examples
c4438b0e fix: update format to goimports
db0ac861 fix: use context in transaction creator
e5b7147a fix: use sqlite for standalone
5508f2ab refactor: move Dockerfiles to .docker directory
56bce678 refactor: use gobuffalo/pop for SQL abstraction (#2059)
6b2ad6b7 style: format and cleanup
5257f73d style: update tracing docker-compose definition
14b6db20 test: fix confusing expected/got (#2135)
46d0571e test: move tests to persistence
eda8532e test: remove unused expectSession variable (#2134)
9a1fbd80 test: write migrate logs to file
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.9
docker pull oryd/hydra:v1.9.0
docker pull oryd/hydra:v1.9.0-alpha.1
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.9-alpine
docker pull oryd/hydra:v1.9.0-alpine
docker pull oryd/hydra:v1.9.0-alpha.1-alpine
docker pull oryd/hydra:latest-alpine
docker pull oryd/hydra:v1-sqlite
docker pull oryd/hydra:v1.9-sqlite
docker pull oryd/hydra:v1.9.0-sqlite
docker pull oryd/hydra:v1.9.0-alpha.1-sqlite
docker pull oryd/hydra:latest-sqlite
This is a security-focused release with fixes for CVE-2020-15234, CVE-2020-15223, CVE-2020-15233. Additionally, several system dependencies (e.g. Golang) have been upgraded.
A few things have changed as part of these patches:
error_hint
, error_debug
have been deprecated and are now part of error_description
. The parameters are still included for compatibility reasons but will be removed in a future release.revocation_client_mismatch
was not standardized and has been removed. Instead, you will now receive unauthorized_client
with a description explaining why the flow failed.Additionally, the TypeScript SDK generator has changed from OpenAPI's typescript-node
to typescript-axios
making the SDK compatible with both browser as well as node environments, which was not the case previously. Please be aware that some of the SDK's API signatures - especially responses - have changed and check your TypeScript output for instructions on upgrading. You may still use an older version of the SDK as none of ORY Hydra's HTTP APIs have changed.
Due to several complex CI issues and regressions, build versions v1.8.0 - v1.8.4 failed. v1.8.5 the first and only stable release in the current 1.8.x branch.
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.8
docker pull oryd/hydra:v1.8.5
docker pull oryd/hydra:v1.8.5
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.8-alpine
docker pull oryd/hydra:v1.8.5-alpine
docker pull oryd/hydra:v1.8.5-alpine
docker pull oryd/hydra:latest-alpine
autogen: pin v1.8.0-pre.1 release commit
fe8fdc5f autogen(docs): generate and format documentation ed6360b0 autogen(docs): generate cli docs 0c9ef69d autogen(docs): update milestone document 861fdb7d autogen: pin v1.8.0-pre.1 release commit bb39d287 chore: bump ory/cli 89abc15e chore: bump ory/x 3e60cbfd ci: bump circleci orbs 24062c12 ci: remove freebsd build due to DataDog build error 5ea6fb65 feat: bump golangci-lint and add lint job 08321381 fix: resolve gosec issues and false positives 5b651002 style: make format
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.8
docker pull oryd/hydra:v1.8.0
docker pull oryd/hydra:v1.8.0-pre.1
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.8-alpine
docker pull oryd/hydra:v1.8.0-alpine
docker pull oryd/hydra:v1.8.0-pre.1-alpine
docker pull oryd/hydra:latest-alpine
This release resolves several minor bugs and one slow query. Please be aware that applying this version requires running SQL migrations.
7e2b6cb9 autogen(docs): generate and format documentation 28b31a7c autogen(docs): regenerate and update changelog ff980e6d autogen: pin v1.7.4 release commit 2ce0f14f fix: update e2e docker image
docker pull oryd/hydra:v1
docker pull oryd/hydra:v1.7
docker pull oryd/hydra:v1.7.4
docker pull oryd/hydra:v1.7.4
docker pull oryd/hydra:latest
docker pull oryd/hydra:v1-alpine
docker pull oryd/hydra:v1.7-alpine
docker pull oryd/hydra:v1.7.4-alpine
docker pull oryd/hydra:v1.7.4-alpine
docker pull oryd/hydra:latest-alpine