v0.5.4-alpha.1

This release introduces the new CLI command kratos hashers argon2 calibrate 500ms. This command will choose the best parameterization for Argon2. Check out the Choose Argon2 Parameters for Secure Password Hashing and Login blog article for more insights!

0.5.4-alpha.1 (2020-11-11)

Bug Fixes

• Case in settings handler method (#798) (83eb4e0)

• Force brew install statement (#796) (ad542ad):

  Closes ory/homebrew-kratos#1

Code Refactoring

• Move pkger and ioutil helpers to ory/x (60a0fc4)

Documentation

• Fix another broken link (15bae9f)
• Fix broken links (#795) (0ab0e7e), closes #793
• Fix broken relative link (#812) (b32b173)
• Fix links (#800) (5fcc272)
• Fix oidc config examples (#799) (8a4f480)
• Fix self-service recovery flow typo (#807) (800110d)
• Remove duplicate words & fix spelling (#810) (4e1b966)
• Remove leftover category from reference sidebar (#813) (94fde51)
• Use correct links (#797) (a4de293)

Features

• Add helper for choosing argon2 parameters (#803) (ca5a69b), closes #723 #572 #647:

  This patch adds the new command "hashers argon2 calibrate" which allows one to pick the desired hashing time for password hashing and then chooses the optimal parameters for the hardware the command is running on:

  $ kratos hashers argon2 calibrate 500ms
  Increasing memory to get over 500ms:
      took 2.846592732s in try 0
      took 6.006488824s in try 1
    took 4.42657975s with 4.00GB of memory
  [...]
  Decreasing iterations to get under 500ms:
      took 484.257775ms in try 0
      took 488.784192ms in try 1
    took 486.534204ms with 3 iterations
  Settled on 3 iterations.
  
  {
    "memory": 1048576,
    "iterations": 3,
    "parallelism": 32,
    "salt_length": 16,
    "key_length": 32
  }
  

Changelog

1829042 autogen(docs): generate and format documentation
e1ff24a autogen(docs): regenerate and update changelog
4fdb860 autogen(docs): regenerate and update changelog
b95e176 autogen(docs): regenerate and update changelog
4fd3b47 autogen(docs): regenerate and update changelog
ddcffff autogen(docs): regenerate and update changelog
c9ba42b autogen(docs): regenerate and update changelog
1595eda autogen(docs): regenerate and update changelog
d9e27c8 autogen(docs): regenerate and update changelog
7784eee autogen(docs): regenerate and update changelog
13d8a40 autogen(docs): regenerate and update changelog
9247ec9 autogen(docs): update milestone document
75185b5 autogen(docs): update milestone document
aa1e392 autogen(docs): update milestone document
5ea97df autogen: add v0.5.3-alpha.1 to version.schema.json
b02926c autogen: pin v0.5.4-alpha.1 release commit
4645ef0 chore: update docusaurus template
58d86bd chore: update docusaurus template (#806)
cb4bbf6 chore: update docusaurus template (#816)
15bae9f docs: fix another broken link
0ab0e7e docs: fix broken links (#795)
b32b173 docs: fix broken relative link (#812)
5fcc272 docs: fix links (#800)
8a4f480 docs: fix oidc config examples (#799)
800110d docs: fix self-service recovery flow typo (#807)
4e1b966 docs: remove duplicate words & fix spelling (#810)
94fde51 docs: remove leftover category from reference sidebar (#813)
a4de293 docs: use correct links (#797)
ca5a69b feat: add helper for choosing argon2 parameters (#803)
83eb4e0 fix: case in settings handler method (#798)
ad542ad fix: force brew install statement (#796)
60a0fc4 refactor: move pkger and ioutil helpers to ory/x
a046ef9 style: format

Docker images

• docker pull oryd/kratos:v0
• docker pull oryd/kratos:v0.5
• docker pull oryd/kratos:v0.5.4
• docker pull oryd/kratos:v0.5.4-alpha.1
• docker pull oryd/kratos:latest
• docker pull oryd/kratos:v0-sqlite
• docker pull oryd/kratos:v0.5-sqlite
• docker pull oryd/kratos:v0.5.4-sqlite
• docker pull oryd/kratos:v0.5.4-alpha.1-sqlite
• docker pull oryd/kratos:latest-sqlite

v0.5.3-alpha.1

This release improves the developer and user experience around CSRF counter-measures. It should now be possible to use the self-service API flows without having to explicitly disable cookie features in your SDKs and integrations. Additionally, another issue in the CGO pipeline was resolved which finally allows running ORY Kratos without CGO if the target database is not SQLite.

Further improvements to default config values have been made and a full end-to-end test suite for the exemplary kratos-selfservice-ui-react-native app. The app is now available in the iTunes store as well - just search for "ORY Profile App"!

0.5.3-alpha.1 (2020-10-27)

Bug Fixes

• Add "x-session-token" to default allowed headers (3c912e4)

• Do not set cookies on api endpoints (2f67c28)

• Do not set csrf cookies on potential api endpoints (4d97a95)

• Ignore unsupported migration dialects (12bb8d1), closes #778:

  Skips sqlite3 migrations when support is lacking.

• Improve semver regex (584c0b5)

• Properly set nosurf context even when ignored (0dcb774)

• Update cypress (ba8b172)

• Use correct regex for version replacement (ce870ab), closes #787

Documentation

• Fix docosaurus admonitions (#788) (281a7c9)
• Pin download script version (e4137a6)
• Remove trailing garbage from quickstart (#787) (7e70924)

Features

• Improve makefile install process and update deps (d1eb37f)

Tests

• Add e2e tests for mobile (d481d51)
• Add option to disable csrf protection in apis (a0077f1)
• Bump wait time (7a719e1)
• Install expo-cli globally (db21cfa)
• Install expo-cli in cci config with sudo (d255f46)
• Log wait-on output (62b5ba9)
• Output web server address (cb41ca7)
• Resolve csrf test issues in settings (ef8ba7d)
• Resolve test panic (6f6461f)
• Revert delay increase and improve install scripts (1eafcaa)

Changelog

6fdc772 autogen(docs): generate and format documentation
6536f46 autogen(docs): regenerate and update changelog
389e0f9 autogen(docs): regenerate and update changelog
0404e75 autogen(docs): update milestone document
41a8eaf autogen(docs): update milestone document
0fec10c autogen: add v0.5.2-alpha.1 to version.schema.json
054e2e3 autogen: add v0.5.3-alpha.1.pre.0 to version.schema.json
64dc91a autogen: pin v0.5.3-alpha.1 release commit
0de4f93 autogen: pin v0.5.3-alpha.1.pre.0 release commit
c551f0f chore: bump cypress dependency
4dac92d chore: update docusaurus template
281a7c9 docs: fix docosaurus admonitions (#788)
e4137a6 docs: pin download script version
7e70924 docs: remove trailing garbage from quickstart (#787)
d1eb37f feat: improve makefile install process and update deps
3c912e4 fix: add "x-session-token" to default allowed headers
2f67c28 fix: do not set cookies on api endpoints
4d97a95 fix: do not set csrf cookies on potential api endpoints
12bb8d1 fix: ignore unsupported migration dialects
584c0b5 fix: improve semver regex
0dcb774 fix: properly set nosurf context even when ignored
ba8b172 fix: update cypress
ce870ab fix: use correct regex for version replacement
7be571e style: format and update format toolchain
d481d51 test: add e2e tests for mobile
a0077f1 test: add option to disable csrf protection in apis
7a719e1 test: bump wait time
db21cfa test: install expo-cli globally
d255f46 test: install expo-cli in cci config with sudo
62b5ba9 test: log wait-on output
cb41ca7 test: output web server address
ef8ba7d test: resolve csrf test issues in settings
6f6461f test: resolve test panic
1eafcaa test: revert delay increase and improve install scripts

Docker images

• docker pull oryd/kratos:v0
• docker pull oryd/kratos:v0.5
• docker pull oryd/kratos:v0.5.3
• docker pull oryd/kratos:v0.5.3-alpha.1
• docker pull oryd/kratos:latest
• docker pull oryd/kratos:v0-sqlite
• docker pull oryd/kratos:v0.5-sqlite
• docker pull oryd/kratos:v0.5.3-sqlite
• docker pull oryd/kratos:v0.5.3-alpha.1-sqlite
• docker pull oryd/kratos:latest-sqlite

v0.5.2-alpha.1

This release addresses bugs and user experience issues.

0.5.2-alpha.1 (2020-10-22)

Bug Fixes

• Add debug quickstart yml (#780) (16e6b4d)
• Gracefully handle double slashes in URLs (aeb9414), closes #779
• Merge gobuffalo CGO fix (fea2e77)
• Remove obsolete recovery_token and add link to schema (acf6ac4)
• Return correct error in login csrf (dd9cab0), closes #785
• Use correct assert package (76be5b0)

Documentation

• Small improvements to discord oidc provider guide (#783) (6a3c453)

Tests

• Add tests for csrf behavior (48993e2), closes #785
• Mark link as enabled in e2e test (c214b81)
• Resolve schema test regression (bb7af1b)

Changelog

35aef2d autogen(docs): generate and format documentation
8720041 autogen(docs): regenerate and update changelog
8ce70d1 autogen(docs): regenerate and update changelog
bb4277f autogen(docs): regenerate and update changelog
850155d autogen(docs): update milestone document
20da86c autogen(docs): update milestone document
6eddbcb autogen: add v0.5.1-alpha.1 to version.schema.json
79fcd8a autogen: pin v0.5.2-alpha.1 release commit
6a3c453 docs: small improvements to discord oidc provider guide (#783)
16e6b4d fix: add debug quickstart yml (#780)
aeb9414 fix: gracefully handle double slashes in URLs
fea2e77 fix: merge gobuffalo CGO fix
acf6ac4 fix: remove obsolete recovery_token and add link to schema
dd9cab0 fix: return correct error in login csrf
76be5b0 fix: use correct assert package
48993e2 test: add tests for csrf behavior
c214b81 test: mark link as enabled in e2e test
bb7af1b test: resolve schema test regression

Docker images

• docker pull oryd/kratos:v0
• docker pull oryd/kratos:v0.5
• docker pull oryd/kratos:v0.5.2
• docker pull oryd/kratos:v0.5.2-alpha.1
• docker pull oryd/kratos:latest
• docker pull oryd/kratos:v0-sqlite
• docker pull oryd/kratos:v0.5-sqlite
• docker pull oryd/kratos:v0.5.2-sqlite
• docker pull oryd/kratos:v0.5.2-alpha.1-sqlite
• docker pull oryd/kratos:latest-sqlite

v0.5.1-alpha.1

This release resolves an issue where ORY Kratos Docker Images without CGO and SQLite support would fail to boot even when SQLite was not used as a data source.

0.5.1-alpha.1 (2020-10-20)

Bug Fixes

• Do not require sqlite without build tag (2ee787b)
• Use extra dc config file for quickstart-dev (72c03f9)

Documentation

• Fix spelling mistake (14e7f65)
• Fix spelling mistake (#772) (bf401a2)
• Improve schemas (#773) (e614859)

Features

• Auto-update docker and git tags on release (08084a9)
• Use fixed versions for docker-compose (e73c4ce)

Tests

• Increase waittime (5e911d6)
• Reduce flakes by increasing wait time for expiry test (cddf29e)

Unclassified

• Format (8be02c8)

Changelog

33df2b4 autogen(docs): generate and format documentation
3fd4b21 autogen(docs): generate and format documentation
75e45cb autogen(docs): regenerate and update changelog
91a45bf autogen(docs): regenerate and update changelog
d64e088 autogen(docs): regenerate and update changelog
4fc1ec9 autogen(docs): update milestone document
ff3d0c7 autogen: add v0.5.0-alpha.1 to version.schema.json
b85b36b autogen: pin v0.5.1-alpha.1 release commit
5cf358a chore: update docusaurus template (#774)
295c376 chore: update docusaurus template (#775)
14e7f65 docs: fix spelling mistake
bf401a2 docs: fix spelling mistake (#772)
e614859 docs: improve schemas (#773)
08084a9 feat: auto-update docker and git tags on release
e73c4ce feat: use fixed versions for docker-compose
2ee787b fix: do not require sqlite without build tag
72c03f9 fix: use extra dc config file for quickstart-dev
8be02c8 styles: format
5e911d6 test: increase waittime
cddf29e test: reduce flakes by increasing wait time for expiry test

Docker images

• docker pull oryd/kratos:v0
• docker pull oryd/kratos:v0.5
• docker pull oryd/kratos:v0.5.1
• docker pull oryd/kratos:v0.5.1-alpha.1
• docker pull oryd/kratos:latest
• docker pull oryd/kratos:v0-sqlite
• docker pull oryd/kratos:v0.5-sqlite
• docker pull oryd/kratos:v0.5.1-sqlite
• docker pull oryd/kratos:v0.5.1-alpha.1-sqlite
• docker pull oryd/kratos:latest-sqlite

v0.5.0-alpha.1

The ORY team and community is very proud to present the next ORY Kratos iteration!

ORY Kratos is now capable of handling native (iOS, Android, Windows, macOS, ...) login, registration, settings, recovery, and verification flows. As a goodie on top, we released a reference React Native application which you can find on GitHub.

We co-released our reference React Native application which acts as a reference on implementing these flows:

In total, almost 1200 files were changed in about 480 commits. While you can find a list of all changes in the changelist below, these are the changes we are most proud of:

• We renamed login, registration, ... requests to "flows" consistently across the code base, APIs, and data storage. We now:
  • Initiate a login, registration, ... flow;
  • Fetch a login, registration, ... flow; and
  • Complete a login, registration, ... flow using a login flow method such as "Log in with username and password".
• All self-service flows are now capable of handling API-based requests that do not originate from Browser such as Chrome. This is set groundwork for handling native flows (see above)!
• The self service documentation has been refactored and simplified. We added code samples, screenshots, payloads, and curl commands to make things easier and clearer to understand. Video guides have also been added to help you and the community get things done faster!
• Documentation for rotating important secrets such as the cookie and session secrets was added.
• The need for reverse proxies was removed by adding the ability to change the ORY Kratos Session Cookie domain and path! The kratos-selfservice-ui-node reference implementation no longer requires HTTP Request piping which greatly simplifies the network layout and codebase!
• The ORY Kratos CLI is now capable of managing identities with an interface that works almost like the Docker CLI we all love!
• Admins are now able to initiate account recovery for identities.
• Email verification and account recovery were refactored. It is now possible to add additional strategies (e.g. recovery codes) in the future, greatly increasing the feature set and security capabilities of future ORY Kratos versions!
• Lookup to Have I Been Pwnd is no longer a hard requirement, allowing registration processes to complete when the service is unavailable or the network is slow.
• We contributed several issues and features in upstream projects such as justinas/nosurf, gobuffalo/pop, and many more!
• The build pipeline has been upgraded to support cross-compilation of CGO with Go 1.15+.
• Fetching flows no longer requires CSRF cookies to be set, improving developer experience while not compromising on security!
• ORY Kratos now has ORY Kratos Session Cookies (set in the HTTP Cookie header) and ORY Kratos Session Tokens (set as a HTTP Bearer Authorization token or the X-Session-Token HTTP Header).

Additionally tons of bugs were fixed, tests added, documentation improved, and much more. Please note that several things have changed in a breaking fashion. You can find details for the individual breaking changes in the changelog below.

We would like to thank all community members who contributed towards this release (in no particular order):

• https://github.com/kevgo
• https://github.com/NickUfer
• https://github.com/drwatsno
• https://github.com/alsuren
• https://github.com/wezzle
• https://github.com/sherbang
• https://github.com/perryao
• https://github.com/jikunchong
• https://github.com/err0r500
• https://github.com/debrutal
• https://github.com/c0depwn
• https://github.com/aschepis
• https://github.com/jakhog

Have fun exploring the new release, we hope you like it! If you haven't already, join the ORY Community Slack where we hold weekly community hangouts via video chat and answer your questions, exchange ideas, and present new developments!

0.5.0-alpha.1 (2020-10-15)

Bug Fixes

• Add missing 'recovery' path in oathkeeper access-rules.yml (#763) (f180dba)

• Add missing error handling (43c1446)

• Add ory-prettier-styles to main repo (#744) (aeaddbc)

• Add remote help description (f66bbe1)

• Add serve help description (2eb072b)

• Allow using json with form layout in password registration (bd2225c)

• Annotate whoami endpoint with cookie and token (a8a781c)

• Bump datadog version to fix build failure (4dfd322)

• Change KRATOS_ADMIN_ENDPOINT to KRATOS_ADMIN_URL (763fdc5)

• Clarify fetch use (8eb2e6f)

• Complete verification by redirecting to UI with success (f0ecf51)

• Correct cookie domain on logout (#646) (6d77e04), closes #645

• Correct help message for import (a5f46d2)

• Correct password and profile swagger annotations (668c184)

• Correct password registration method api spec (08dd582)

• Correct PHONY spelling (#739) (e3d3617)

• Cover more test cases for persister (37d2e08)

• Create decoder only once (34dc43b)

• Deprecate packr2 dependency in makefile (be9a84d), closes #711 #750

• Do not propagate parent validation error (bf6093d)

• Don't resend verification emails once verified (#583) (a4d9969), closes #578

• Enforce endpoint to be set (171ac18)

• Escape jsx characters in api documentation (0946094)

• Exit with code 1 on unimplemented CLI commands (66943d7)

• Explicitly ignore fprint return values (f50e582)

• Explicitly ignore fprintf results (a83dc50)

• Fallback to default return url if logout after url is not defined (#594) (7edd367)

• Favor packr2 over pkger (ac18a45):

  See markbates/pkger#117

• Find and replace "request" references (41fb673)

• Force exe buildmode for windows CGO (e017bb5)

• Html form parse regression issue (6b07cbb)

• Ignore x/net false positives (7044b95)

• Improve debugging output for login hook and restructure files (dabac40)

• Improve debugging output for registration hook and restructure files (ec11775)

• Improve expired error responses (124a92e)

• Improve hook tests (55ba485)

• Improve makefile dependency building (8e1d69a)

• Improve pagination when listing identities (c60bf44)

• Improve po...

v0.4.6-alpha.1

Resolves build and install issues and includes a few bugfixes.

0.4.6-alpha.1 (2020-07-13)

Bug Fixes

• Use proper binary name in dockerfile (d36bbb0)

Changelog

ad90e77 autogen: pin v0.4.6-alpha.1 release commit
d36bbb0 fix: use proper binary name in dockerfile

Docker images

• docker pull oryd/kratos:v0
• docker pull oryd/kratos:v0.4
• docker pull oryd/kratos:v0.4.6
• docker pull oryd/kratos:v0.4.6-alpha.1
• docker pull oryd/kratos:latest
• docker pull oryd/kratos:v0-sqlite
• docker pull oryd/kratos:v0.4-sqlite
• docker pull oryd/kratos:v0.4.6-sqlite
• docker pull oryd/kratos:v0.4.6-alpha.1-sqlite
• docker pull oryd/kratos:latest-sqlite

v0.4.3-alpha.1

We are very happy to announce the 0.4 release of ORY Kratos with 163 commits and 817 changed files with 52,681 additions and 9,876 deletions.

There have been many improvements and bugfixes merged. The biggest changes are:

1. Account recovery ("reset password") has been implemented.
2. Documentation has been improved with easier to understand examples - currently only for account recovery so let us know what you think!
3. The configuration has been simplified a lot. It is now much easier to enable account recovery and email verification. This is a breaking change - please read the breaking changes section with care!
4. The Identity Traits JSON Schema has been renamed to the Identity JSON Schema. This is a breaking change - please read the breaking changes section with care!
5. prompt=login has been renamed to refresh=true. This is a breaking change - please read the breaking changes section with care!
6. We have reworked how (error) messages are returned. They now include an ID and all the parameters required for translating and customizing UI messages. This is a breaking change - please read the breaking changes section with care!
7. Instead of keeping track of update_successful with booleans, flows (e.g. the settings flow) that have more than one state now include a state machine. This is a breaking change - please read the breaking changes section with care!
8. Tons of tests have been added.
9. We have reworked and fully tested the migration pipeline to prevent breaking schema changes in future versions.
10. ORY Kratos now supports login with Azure AD and the Microsoft Identity Platform.

Before upgrading, please make a backup of your database and read the section "Breaking Changes" with care!

0.4.3-alpha.1 (2020-07-08)

Bug Fixes

• Resolve goreleaser build issues (223571b)
• Update install.sh script (883d99b)

Changelog

44a0525 autogen(docs): generate and format documentation
f80943c autogen(docs): regenerate and update changelog
a3a34b1 autogen: pin v0.4.3-alpha.1 release commit
223571b fix: resolve goreleaser build issues
883d99b fix: update install.sh script

Docker images

• docker pull oryd/kratos:v0
• docker pull oryd/kratos:v0.4
• docker pull oryd/kratos:v0.4.3
• docker pull oryd/kratos:v0.4.3-alpha.1
• docker pull oryd/kratos:latest
• docker pull oryd/kratos:v0-sqlite
• docker pull oryd/kratos:v0.4-sqlite
• docker pull oryd/kratos:v0.4.3-sqlite
• docker pull oryd/kratos:v0.4.3-alpha.1-sqlite
• docker pull oryd/kratos:latest-sqlite

v0.3.0-alpha.1

This release finalizes the OpenID Connect and OAuth2 login, registration, and settings strategy with JsonNet data transformation! From now on, "Sign in with Google, Github, ..." is officially supported! It's also possible to link and unlink these connections using the Self-Service Settings Flow! The documentation has been updated to reflect those changes and includes guides to setting up "Sign in with GitHub" in under 5 Minutes! Please be aware that existing OpenID Connect connections will stop working. Check out the "Breaking Changes" section for more info! Want to learn more? Check out the docs!

We also changed the config validation output, making it easier than ever to find bugs in your config:

% kratos --config invalid-config.yml serve
INFO[0001] Config file loaded successfully.              path=invalid-config.yml
ERRO[0001] The provided configuration is invalid and could not be loaded. Check the output below to understand why.  config_file=invalid-config.yml

dsn: <nil>
     ^-- one or more required properties are missing

urls.whitelisted_return_to_urls: https://selfservice.office.example.com
                                 ^-- expected array, but got string

FATA[0001] The services failed to start because the configuration is invalid. Check the output above for more details.

This release concludes over 50 commits and 16.000 lines of code changed.

0.3.0-alpha.1 (2020-05-15)

Bug Fixes

• Access rules of oathkeeper for quick start (#390) (5ed6d05), closes #389:

  To access / as dashboard

• Active field should not be required (#401) (aed2a5c), closes ory/sdk#14

• Adopt jsonnet in e2e oidc tests (5e518fb)

• Detect postgres unique constraint (3a777af)

• Fix oidc strategy jsonnet test (f6c48bf)

• Improve config validation error message (#414) (d1e6896), closes #413

• Reset request id after parse (9550205)

• Resolve flaky swagger generation (#416) (ac4acfc)

• Resolve regression issues and bugs (e6d5369)

• Return correct error on id mismatch (5915f28)

• Test and implement mapper_url for jsonnet (40ac3dc)

• Transaction usage in the identity persister (#404) (7f5072d)

Code Refactoring

• Adopt new request parser (ad16cc9)

• Dry config and oidc tests (3e98756)

• Improve oidc flows and payloads and add e2e tests (#381) (f9a5079), closes #387:

  This patch improves the OpenID Connect login and registration user experience by simplifying the network flows and introduces e2e tests using ORY Hydra.

• Move cypress files to test/e2e (df8e627)

• Partition files and change creds structure (4f1eb94):

  This patch changes the data model of the OpenID Connect strategy. Instead of using an array of providers as the base config item (e.g. {"type":"oidc","config":[{"provider":"google","subject":"..."}]}) the credentials config is now an object with a providers key: {"type":"oidc","config":{"providers":[{"provider":"google","subject":"..."}]}}. This change allows introduction of future changes to the schema without breaking compatibility.

• settings: Use common request parser (ad6c402)

• Moved scanner json to ory/x (#412) (8a0967d)

• Replace oidc jsonschema with jsonnet (2b45e79), closes #380:

  This patch replaces the previous methodology of merging OIDC data which used JSON Schema with Extensions and JSON Path in favor of a much easier to use approach with JSONNet.

Documentation

• Document account enumeration defenses for oidc (266329c), closes #32

• Document new oidc jsonnet mapper (#392) (088b30f)

• Document oidc strategy (#415) (9f079f4), closes #409 #124 #32

• Explain that form data is merged with oidc data (#394) (b0dbec4), closes #127

• Fix links in README (efb6102), closes #403

• Improve social sign in guide (#393) (647ced3), closes #49:

  This patch changes the social sign in guide to represent more use cases such as Google and Facebook. Additionally, the example has been updated to work with Jsonnet.

  This patch also documents limitations around merging user data from GitHub.

• Improve the identity data model page (#410) (2915b8f)

• Include redirect doc in nav (5aaebff), closes #406

• Prepare v0.3.0-alpha.1 (d6a6f43)

• Ui should show only active form sections (#395) (4db674d)

• Update github templates (#408) (6e646b0)

Features

• Add format and lint for JSONNet files (0a1b244):

  This patch adds two commands kratos jsonnet format and kratos jsonnet lint that help with formatting and linting JSONNet code.

• Implement oidc settings e2e tests (919925c)

• Introduce leaklog for debugging oidc map payloads (238d7a4)

• Write tests and fix bugs for oidc settings (575a61f)

Unclassified

• Format code (bc7557a)

BREAKING CHANGES

• If you upgrade and have existing Social Sign In connections, it will no longer be possible to use them to sign in. Because the oidc strategy was undocumented and not officially released we do not provide an upgrade guide. If you run into this issue on a production system you may need to use SQL to change the config of those identities. If this is a real issue for you that you're unable to solve, please create an issue on GitHub.
• This is a breaking change as previous OIDC configurations will not work. Please consult the newly written documentation on OpenID Connect to learn how to use OIDC in your login and registration flows. Since the OIDC feature was not publicly broadcasted yet we have chosen not to provide an upgrade path. If you have issues, please reach out on the forums or slack.

Changelog

15ce3d8 autogen(docs): generate and format documentation
1b4567b autogen(docs): generate and format documentation
6b0ce46 autogen(docs): regenerate and update changelog
bb68c58 autogen(docs): regenerate and update ch...

v0.2.1-alpha.1

Resolves a bug in the kratos-selfservice-ui-node application.

0.2.1-alpha.1 (2020-05-05)

Documentation

• Fix quickstart hero sections (7c6c439)
• Fix typo in upgrade guide (a1b1d7c)

Changelog

a73a6d8 autogen(docs): generate and format documentation
be9b37e autogen(docs): regenerate and update changelog
dfdb5c6 autogen(docs): regenerate and update changelog
16463ea chore: pin v0.2.1-alpha.1 release commit
7c6c439 docs: fix quickstart hero sections
a1b1d7c docs: fix typo in upgrade guide

Docker images

• docker pull oryd/kratos:v0
• docker pull oryd/kratos:v0.2
• docker pull oryd/kratos:v0.2.1
• docker pull oryd/kratos:v0.2.1-alpha.1
• docker pull oryd/kratos:latest
• docker pull oryd/kratos:v0-sqlite
• docker pull oryd/kratos:v0.2-sqlite
• docker pull oryd/kratos:v0.2.1-sqlite
• docker pull oryd/kratos:v0.2.1-alpha.1-sqlite
• docker pull oryd/kratos:latest-sqlite

v0.2.0-alpha.2

This is a heavy release with over hundreds of commits and files changed! Let's
take a look at some of the highlights!

ORY Oathkeeper now optional

Using ORY Oathkeeper to protect your API is now optional. The basic quickstart
now uses a much simpler set up. Go
check it out now!

PostgreSQL, MySQL, CockroachDB support now tested and official!

All three databases now pass acceptance tests and are thus officially supported!

Self-Service Profile Flow

The self-service profile flow has been refactored into a more generic flow
allowing users to make modifications to their traits and credentials. Check out
the docs to learn
more
about the flow and it's features.

Please keep in mind that the flow's APIs have changed. We recommend re-reading
the docs!

Managing Privileged Profile Fields

Flows such as changing ones profile or primary email address should not be
possible unless the login session is fresh. This prevents your colleague or evil
friend to take over your account while you make yourself a coffee.

ORY Kratos now supports this by redirecting the user to the login screen if
changes to sensitive fields are made. The changes will only be applied after
successful reauthentication.

Changes to Hooks

This patch focuses on refactoring how self-service flows terminate and changes
how hooks behave and when they are executed.

Before this patch, it was not clear whether hooks run before or after an
identity is persisted. This caused problems with multiple writes on the HTTP
ResponseWriter and other bugs.

This patch removes certain hooks from after login, registration, and profile
flows. Per default, these flows now respond with an appropriate payload (
redirect for browsers, JSON for API clients) and deprecate the redirect hook.
This patch includes documentation which explains how these hooks work now.

Additionally, the documentation was updated. Especially the sections about hooks
have been refactored. The login and user registration docs have been updated to
reflect the latest changes as well.

BREAKING CHANGE: Please remove the redirect hook from both login,
registration, and settings after configuration. Please remove the session hook
from your login after configuration. Hooks have moved down a level and are now
configured at selfservice.<login|registration|settings>.<after|before>.hooks
instead of selfservice.<login|registration|settings>.<after|before>.
Hooks are now identified by hook: instead of job:. Please rename those
sections accordingly.

We recommend re-reading the
Hooks Documentation.

Changing Passwords

It's now possible to change your password using the Self-Service Settings Flow!
Lean more about this flow
here

End-To-End Tests

We added tons of end-to-end and integration tests to find and fix pesky bugs.

0.2.0-alpha.2 (2020-05-04)

Bug Fixes

• Allow setting new password in profile flow (3b5fd5c)
• Automatically append multiStatements parameter to mySQL URI (#374) (39f77bb)
• Create pop connection without parsed connection options (#366) (10b6481)
• Declare proper vars for setting version (#383) (2fc7556)
• Decouple quickstart scenarios (#336) (17363b3), closes #262:

  Creates several docker compose examples which include various
  scenarios of the quickstart.

  The regular quickstart guide now works without ORY Oathkeeper
  and uses the standalone mode of the example app instead.

  Additionally, the Makefile was improved and now automatically pulls
  required dependencies in the appropriate version.

• Document Schema API and serve over admin endpoint (#299) (4be417c), closes #287
• Exempt whomai from csrf protection (#329) (31d4065)
• Fix swagger annotation (#331) (5c5c78f):

  Closes ory/sdk#10

• Move to ory sqa service (#309) (7c244e0)
• Properly annotate error API (a6f1300)
• Resolve docker build permission issues (f3612e8)
• Resolve failing test issues (2e968e5)
• Resolve NULL value for seen_at (#259) (a7d1e86), closes #244:

  Previously, errorx tests were not executed which caused several bugs.

• Revert use host volume mount for sqlite (#272) (#285) (a7477ab):

  This reverts commit 230ab2d.

• Show log in ui only when unauthenticated or forced (df77310), closes #323
• Use semver-regex replacer func (d5c9a47)
• Use sqlite tag on make install (2c82784)
• docker: Throw away build artifacts (481ec1b)
• Remove unused returnTo (e64e5b0)
• Resolve linux install script archive naming (#302) (c98b8aa)
• Resolve password continuity issues (56a44fa)
• Self-service error query parameter name (#308) (be257f5):

  The query parameter for the self-service errors endpoint was named id
  in the API docs, whereas it is the error param that is used by the
  handler.

• Use host volume mount for sqlite (#272) (230ab2d)
• Use resilient client for HIBP lookup (#288) (735b435), closes #261
• Verified_at field should not be required (#353) (15d5e26):

  Closes ory/sdk#11

• config: Rename config key stmp to smtp (#278) (ef95811)
• session: Regenerate CSRF Token on principal change (#290) (1527ef4), closes #217
• session: Whoami endpoint now supports all HTTP methods (#283) (4bf645b), closes #270
• sql: Rename migrations with same version (#280) (07e46b9), closes #279
• swagger: Move nolint,deadcode instructions to own file (#293) (1935510):

  Closes ory/docs#279

Code Refactoring

• Move docs to this repository (#317) (aa0d726)
• Prepare profile management payloads for credentials ([44493f3](44493f3ddbb44998157...