Table of Contents generated with DocToc
- Change Log
- Unreleased
- v1.0.0-rc.12 (2019-05-10)
- v1.0.0-rc.11 (2019-05-02)
- v1.0.0-rc.10 (2019-04-29)
- v1.0.0-rc.9+oryOS.10 (2019-04-18)
- v1.0.0-rc.8+oryOS.10 (2019-04-03)
- v1.0.0-rc.7+oryOS.10 (2019-04-02)
- v1.0.0-rc.6+oryOS.10 (2018-12-18)
- v1.0.0-rc.5+oryOS.10 (2018-12-13)
- v1.0.0-rc.4+oryOS.9 (2018-12-12)
- v1.0.0-rc.3+oryOS.9 (2018-12-06)
- v1.0.0-rc.2+oryOS.9 (2018-11-21)
- v1.0.0-rc.1+oryOS.9 (2018-11-21)
- v1.0.0-beta.9 (2018-09-01)
- v1.0.0-beta.8 (2018-08-10)
- v1.0.0-beta.7 (2018-07-16)
- v1.0.0-beta.6 (2018-07-11)
- v1.0.0-beta.5 (2018-07-07)
- v0.11.14 (2018-06-15)
- v1.0.0-beta.4 (2018-06-13)
- v1.0.0-beta.3 (2018-06-13)
- v1.0.0-beta.2 (2018-05-29)
- v1.0.0-beta.1 (2018-05-29)
- v0.11.12 (2018-04-08)
- v0.11.10 (2018-03-19)
- v0.11.9 (2018-03-10)
- v0.11.7 (2018-03-03)
- v0.11.6 (2018-02-07)
- v0.11.4 (2018-01-23)
- v0.11.3 (2018-01-23)
- v0.11.2 (2018-01-22)
- v0.11.1 (2018-01-18)
- v0.11.0 (2018-01-08)
- v0.10.10 (2017-12-16)
- v0.10.9 (2017-12-13)
- v0.10.8 (2017-12-12)
- v0.10.7 (2017-12-09)
- v0.10.6 (2017-12-09)
- v0.10.5 (2017-12-09)
- v0.10.4 (2017-12-09)
- v0.10.3 (2017-12-08)
- v0.10.2 (2017-12-08)
- v0.10.1 (2017-12-08)
- v0.10.0 (2017-12-08)
- v0.10.0-alpha.21 (2017-11-27)
- v0.10.0-alpha.20 (2017-11-26)
- v0.10.0-alpha.19 (2017-11-26)
- v0.10.0-alpha.18 (2017-11-06)
- v0.10.0-alpha.17 (2017-11-06)
- v0.10.0-alpha.16 (2017-11-06)
- v0.10.0-alpha.15 (2017-11-06)
- v0.10.0-alpha.14 (2017-11-06)
- v0.10.0-alpha.13 (2017-11-06)
- v0.10.0-alpha.11 (2017-11-06)
- v0.10.0-alpha.12 (2017-11-06)
- v0.10.0-alpha.10 (2017-10-26)
- v0.10.0-alpha.9 (2017-10-25)
- v0.9.16 (2017-10-23)
- v0.10.0-alpha.8 (2017-10-18)
- v0.9.15 (2017-10-11)
- v0.9.14 (2017-10-06)
- v0.10.0-alpha.7 (2017-10-06)
- v0.10.0-alpha.6 (2017-10-05)
- v0.10.0-alpha.5 (2017-10-05)
- v0.10.0-alpha.4 (2017-10-05)
- v0.10.0-alpha.3 (2017-10-05)
- v0.10.0-alpha.2 (2017-10-05)
- v0.10.0-alpha.1 (2017-10-05)
- v0.9.13 (2017-09-26)
- v0.9.12 (2017-07-06)
- v0.9.11 (2017-06-30)
- v0.9.10 (2017-06-29)
- v0.9.9 (2017-06-17)
- v0.9.8 (2017-06-17)
- v0.9.7 (2017-06-16)
- v0.9.6 (2017-06-15)
- v0.9.5 (2017-06-15)
- v0.9.4 (2017-06-14)
- v0.9.3 (2017-06-14)
- v0.9.2 (2017-06-13)
- v0.9.1 (2017-06-12)
- v0.9.0 (2017-06-07)
- v0.8.7 (2017-06-05)
- v0.8.6 (2017-06-05)
- v0.8.5 (2017-06-01)
- v0.8.4 (2017-05-24)
- v0.8.3 (2017-05-23)
- v0.8.2 (2017-05-10)
- v0.8.1 (2017-05-08)
- v0.8.0 (2017-05-07)
- v0.7.13 (2017-05-03)
- v0.7.12 (2017-04-30)
- v0.7.11 (2017-04-28)
- v0.7.10 (2017-04-14)
- v0.7.9 (2017-04-02)
- v0.7.8 (2017-03-24)
- v0.7.7 (2017-02-11)
- v0.7.4 (2017-02-11)
- v0.7.5 (2017-02-11)
- v0.7.6 (2017-02-11)
- v0.7.3 (2017-01-22)
- v0.7.2 (2017-01-02)
- v0.7.1 (2016-12-30)
- v0.7.0 (2016-12-30)
- v0.6.10 (2016-12-26)
- v0.6.9 (2016-12-20)
- v0.6.8 (2016-12-06)
- v0.6.7 (2016-12-04)
- v0.6.6 (2016-12-04)
- v0.6.5 (2016-11-28)
- v0.6.4 (2016-11-22)
- v0.6.3 (2016-11-17)
- v0.6.2 (2016-11-05)
- v0.6.1 (2016-10-26)
- v0.6.0 (2016-10-25)
- v0.5.8 (2016-10-06)
- v0.5.7 (2016-10-04)
- v0.5.6 (2016-10-03)
- v0.5.5 (2016-09-29)
- v0.5.4 (2016-09-29)
- v0.5.3 (2016-09-29)
- v0.5.2 (2016-09-23)
- v0.5.0 (2016-09-22)
- v0.5.1 (2016-09-22)
- v0.4.2-alpha.4 (2016-09-03)
- v0.4.2 (2016-09-03)
- v0.4.3 (2016-09-03)
- v0.4.2-alpha.3 (2016-09-02)
- v0.4.2-alpha.2 (2016-09-01)
- v0.4.2-alpha.1 (2016-09-01)
- 0.4.2-alpha (2016-09-01)
- v0.4.1 (2016-08-18)
- v0.4.0 (2016-08-17)
- v0.3.1 (2016-08-17)
- v0.3.0 (2016-08-09)
- v0.2.0 (2016-08-09)
- 0.1-beta.4 (2016-06-26)
- 0.1-beta.3 (2016-06-20)
- 0.1-beta.2 (2016-06-14)
- 0.1-beta1 (2016-05-29)
Closed issues:
- Feature request: CockroachDB support #990
v1.0.0-rc.12 (2019-05-10)
Implemented enhancements:
- cmd: add the post logout redirect uris flag to the clients create command #1426
- all: add cockroachdb support #1348 (lopezator)
Closed issues:
- Invalid namespace on composer.json #1429
- CORS No 'Access-Control-Allow-Origin' header is present #1421
- client_secret_basic fails when client_secret is auto-generated #1419
Merged pull requests:
- Fixed composer namespace #1431 (MASNathan)
- sdk: Remove go sdk submodule #1430 (aeneasr)
- Swapped handlers to match correct values #1428 (MASNathan)
- cmd: allow to set the client's post-logout URIs #1427 (aberasarte)
- sdk/go: Add go.mod definition in sdk directory #1425 (aeneasr)
- driver: Fix broken cors option test #1423 (aeneasr)
v1.0.0-rc.11 (2019-05-02)
Fixed bugs:
- consent: Regression causes login to skip remember on consecutive calls #1409
- jwk: Remove duplicates from jwks list #1408
- nil pointer panic on /oauth2/sessions/logout without id token hint #1403
Closed issues:
- jwk: Remove duplicates from jwks list #1413
- Help message for
migrate sql
is unclear regarding source of database URL. #1411 - Documentation is incorrect for some admin URLs #1410
- Accept login request 404s #1406
- Audience is not set on access tokens #1405
- cors: Apply sane defaults for cors #1400
- sql: insert/update statements are slow on MySQL 8.0.x #1397
Merged pull requests:
- consent: Resolve nil pointer panic in logout flow #1418 (aeneasr)
- cors: Use sane default settings for CORS options #1417 (aeneasr)
- config: Remove duplicates JWKS IDs from wellknown config #1416 (aeneasr)
- consent: Do not confirmLoginSession when skip is true (#1414) #1415 (aeneasr)
- Do not confirmLoginSession when skip is true to prevent remember reset to false #1414 (saadtazi)
- Fix migrate SQL command message regarding config file. #1412 (dkushner)
- ttl is a top-level config value #1407 (MDrollette)
- fix fallback routes and templates #1402 (MDrollette)
- docs: Add OIDC FC/BC changes to upgrade guide #1401 (aeneasr)
v1.0.0-rc.10 (2019-04-29)
Implemented enhancements:
- cmd: Add plans to migrations #1139
- docker: Investigate adding entrypoint.sh #1108
- client: Whitelist logout redirect URL per client #1004
- cmd: Remove notice about BETA in OAUTH2_ACCESS_TOKEN_STRATEGY #946
- oauth2: Consider implementing OIDC Session Management #834
- consent: Move to query parameters #1375 (aeneasr)
Closed issues:
- [Question] What is the correct way to run
hydra token client
CLI command ? #1396 - /.well-known/jwks.json output wrong keys #1395
- test: Add consent revokation to e2e testing #1389
- go sdk is broken in rc9 #1388
- CORS for public is disabled? #1387
- Class naming inconsistent in swagger comment to cause swagger generated sdk could not be built on case sensitive os. #1384
- Outdated hydra PHP composer package #1382
- Add support for ACME TLS Certificates #1378
- SDK documentation dissapeared #1377
- Access Tokens JWT signed with ID Token key when AcessTokenStrategy is JWT #1371
- /.well-known/jwks.json only returns OpenIDConnect keys when strategy is JWT #1369
- Introduce e2e testing using cypress #1368
- how to get userinfo #1367
- Unable to test silent refresh in local development #1364
- Memory leak with jaeger tracing enabled #1363
- docs: Are refresh tokens introspectable or not? #1250
Merged pull requests:
- docker: Remove full tag from build pipeline #1399 (aeneasr)
- docker: Update jaeger tracing docker compose file #1398 (aeneasr)
- sdk: Ignore sdk directory when generating OA spec #1394 (aeneasr)
- Resolve several minor issues #1393 (aeneasr)
- Improve e2e test performance #1392 (aeneasr)
- consent: Allow prompt=none for public clients #1391 (aeneasr)
- sdk: Make clear that refresh tokens are introspectable #1390 (aeneasr)
- README.md: Fix contributors link #1385 (mkontani)
- Implement OpenID Connect Front-/Backchannel logout #1376 (aeneasr)
- oauth2: Resolve memory leak in gorilla/sessions #1374 (aeneasr)
- driver: Use proper key name when JWT is enabled #1373 (aeneasr)
- cmd: fix help text on migrate cmd #1372 (MDrollette)
v1.0.0-rc.9+oryOS.10 (2019-04-18)
Implemented enhancements:
- consent: Login and consent request challenge should be sent as query parameter #1307
- oauth2: Support OAuth2 discovery #1127
- pagination: Add paging to output #1047
- Allow for insecure redirect URI for development #1021
- consent: Share session state between login and consent #1003
- cli: Add retry for broken network #846
- cmd: Add resilience to CLI REST commands #1359 (aeneasr)
Fixed bugs:
- Missing /.well-known/jwks.json endpoint #1349
Closed issues:
- Misuse of
http.Header{}.Write\(...\)
#1361 - Hydra (Linux Container) on Windows docker cannot reach PostgreSQL #1360
- Migrations have stopped working on tests locally #1357
- Reenable Config Option #1344
- OpenID Connect Discovery endpoint is missing revocation_endpoint #1268
- Error: "Command failed because error occurred: invalid character 'p' after top-level value" on running hydra client create #1244
- Problem with import path for go-resty and go1.11 modules #1063
Merged pull requests:
- Fix pagination headers #1362 (kminehart)
- Pagination headers #1358 (kminehart)
- oauth2: Expose revocation endpoint at OIDC Discover #1356 (aeneasr)
- oauth2: Expose revocation endpoint at OIDC Discovery #1355 (aeneasr)
- oauth2: Allow whitelisting insecure redirect URLs #1354 (aeneasr)
- consent: Add ability to share data from login to consent request #1353 (aeneasr)
- Add package-lock.json #1352 (aeneasr)
- consent: Use query parameters for challenges #1351 (aeneasr)
- driver: Initialize everything on start up #1350 (aeneasr)
- sdk: Move to go-swagger code generator #1347 (aeneasr)
- make: Introduce install-stable and install tasks #1346 (aeneasr)
- cmd: Reenable -c cli flag #1345 (aeneasr)
- docs: Fix environment variable DATABASE_URL to DSN #1343 (sawadashota)
v1.0.0-rc.8+oryOS.10 (2019-04-03)
Merged pull requests:
v1.0.0-rc.7+oryOS.10 (2019-04-02)
Implemented enhancements:
- cmd: Clients list command #1310
- Empty subject not validated during login/consent #1254
- consent: Remember logic confuses developers #1165
Fixed bugs:
- Call to consent accept/reject for a second time gives error #1256
- Profiling doesn't log any data #1061
- oauth2: Fix swagger documentation for oauth2/token #1284 (aeneasr)
Closed issues:
- Rest API
Logs user out by deleting the session cookie is not working
#1329 - max_conns and max_idle_conns are not removed from DSN #1327
- Update docker-compose to v3 #1321
- Token user container exit after getting the access token for a single login. #1320
- cmd: Support client secret encryption at stdout #1317
- jwk: Improve key rotation #1316
- docker-compose restart value is wrong #1312
- docs: Improve Quickstart guide #1309
- Terraform Provider #1304
- ERROR: Service 'hydra-migrate' failed to build: The command '/bin/sh -c go mod download' returned a non-zero code: 1 #1298
- Invalid expiration time during introspection the token refresh #1296
- 504 Timeout when refreshing token #1295
- Website displays 0 github stars #1292
- Ambiguous Dockerfile versions #1289
- flush endpoint throw error #1288
- Redirect url is not getting the access token and refresh token when changed. #1287
- How to store my access token in the browser storage? #1286
- Consent /reject without error data will always return an invalid_request error #1285
- Support multi proxies between TLS termination proxy and hydra #1282
- Is the hydra security console open source? #1281
- CSRF value not present in session cookie in ory hydra login flow #1280
- Log readiness and liveness routes in debug log level #1278
- oAuth calls failing with 404 not found #1276
- Not Generating other token #1275
- Help needed for API endpoints #1274
- CI: cannot install gometalinter at CircleCI #1272
- CVE-2019-6486 - DoS vulnerability in the crypto/elliptic implementations #1270
- Website caveat #1269
- sql: Unable to connect to database URL with special chars in username/password #1266
- localhost https bug x-forward-proto is back #1265
- Granted audience not set in OIDC token #1264
- CI: can't load package github.com/stretchr/testify v1.3.0 #1261
- Revoking consent session breaks database #1255
- Deployment on Heroku #1253
- oauth2: token introspection does not work #1252
- Support fosite delegated transactions in SQL storage #1247
- Refresh token not works properly #1246
- Error : The "redirect_uri" parameter does not match any of the OAuth 2.0 Client's pre-registered redirect urls #1245
- Feature request: Service account #1221
- DX: Easily support different workflows by sharing compose configurations #1196
- cmd: Replace checkDependency with privates & getter/setter #1121
- Replace gox and ghr with goreleaser #1107
Merged pull requests:
- Improve release pipeline and update changelog #1341 (aeneasr)
- ci: Improve release build pipeline #1340 (aeneasr)
- ci: Resolve dirty release issue #1339 (aeneasr)
- ci: Move scoop and homebrew to new repos #1338 (aeneasr)
- ci: Execute e2e tests immediately #1337 (aeneasr)
- ci: Improve cci workflow #1336 (aeneasr)
- ci: Remove pure git tag from docker release #1335 (aeneasr)
- ci: Use oryOS naming topology for docker release #1334 (aeneasr)
- consent: Login revokation is exposed at public not admin #1333 (aeneasr)
- Resolve sql testing race issues #1332 (aeneasr)
- ci: Fix broken configuration docs task #1331 (aeneasr)
- Add shell installer to repo for curl | bash #1330 (aeneasr)
- Default
Remember
to false in payloads withskip
#1325 (kminehart) - Remove opencollective from package.json #1324 (DASPRiD)
- docker: update docker-compose to v3 + docker-compose files refactor #1323 (lopezator)
- cmd: Add client secret encryption option #1322 (sawadashota)
- Prevent errors when calling HandleConsentRequest a second time #1318 (kminehart)
- docker: Bump Golang to 1.12.1 #1315 (sawadashota)
- config: Improve configuration and service management #1314 (aeneasr)
- 5min-tutorial: fix docker-compose wrong restart values #1313 (lopezator)
- cmd: Add clients list command #1311 (sawadashota)
- Add check for empty subject in AcceptLoginRequest #1308 (kminehart)
- cmd: Fix no-open inverted flag check #1306 (RomanMinkin)
- cmd: Fix description of clients create --subject-type option #1305 (sawadashota)
- circleci: disable modules support temporarily when fetching a tool #1302 (aaslamin)
- Return the expiration time of the token, depending on its type, on the endpoint of introspection. #1300 (pr0head)
- Fix 1285 #1297 (kminehart)
- docker: Bump golang to 1.12.0 #1293 (sawadashota)
- docker: Bump alpine version #1291 (sawadashota)
- cmd: Add --allowed-cors-origins to client create. #1290 (jgiles)
- config: Support multi proxies between TLS termination proxy and hydra #1283 (sawadashota)
- docs: Update docs how to serve with in memory database #1279 (sawadashota)
- addresses #1247 #1277 (michaelwagler)
- docker: Bump base docker image versions #1271 (sawadashota)
- vendor: Bump ory/x to 0.0.35 #1267 (aeneasr)
- Bump testify v1.3.0 #1262 (sawadashota)
- Disable RejectInsecureRequest middleware on unix sockets #1259 (jayme-github)
- Fix disable-telemetry check #1258 (jtescher)
- fix token flush CLI description #1251 (sawadashota)
- Enable to validate by old system secret #1249 (sawadashota)
- fix error message of too short NEW_SYSTEM_SECRET #1248 (sawadashota)
v1.0.0-rc.6+oryOS.10 (2018-12-18)
Fixed bugs:
- Scope value double-escaping? #1201
Closed issues:
- sql: Scan error on column index 13, name "login_challenge": unsupported Scan, storing driver.Value type <nil> into type *string #1240
- Security: bump Golang version to 1.11.3 (CVE-2018-16875) #1238
- Why is the Ory Hydra Docker image nearly 1GB in size? #1237
- Feature request: Database migrations without downtime #1236
- typo in "building from source" #1235
Merged pull requests:
- docker: Bump base docker image versions #1243 (aeneasr)
- docs: Fix install guide typo GO111MOUDULE #1242 (aeneasr)
- consent: Properly declare SQL NullStrings #1241 (aeneasr)
v1.0.0-rc.5+oryOS.10 (2018-12-13)
Implemented enhancements:
- Keep tests exportable #1204
Closed issues:
- Running the migrate database does not work properly #1227
Merged pull requests:
- ci: Resolve flaky test issues #1234 (aeneasr)
- README.md: Oktober typo #1233 (hisamura333)
- oauth2: Improve introspection debugability #1232 (aeneasr)
- Support binding frontend/backend to unix sockets #1230 (jayme-github)
- Fix help output of hydra serve #1229 (jayme-github)
- ci: Fix flaky sql migration tests #1228 (aeneasr)
v1.0.0-rc.4+oryOS.9 (2018-12-12)
Implemented enhancements:
Fixed bugs:
- Unable to return consent sessions for a user #1203
- consent: Show all granted consent requests #1206 (aeneasr)
Closed issues:
- Unable to run migrate when comming from beta.7 (mysql) #1225
- Migration from beta.9 fails on google cloudsql #1224
- Service account #1220
- service account #1219
- Implement "on behalf of" flow / token exchange #1218
- Bump github.com/ory/x to v0.0.33 #1213
- OAuth2 Authorization Endpoint Doesn't Use CORS #1211
- hydra migrate sql requires superuser privileges #1209
- Accept consent flow cause bug with id_token have field in utf8 value for MySQL 5.7+ #1205
- Key rotation CLI message is unclear how to use ROTATED_SYSTEM_SECRET #1187
Merged pull requests:
- sql: Remove superuser requirements from postgres migrations #1226 (aeneasr)
- docker: Remove dep from build chain #1217 (aeneasr)
- docs: Fix broken links #1216 (aeneasr)
- ci: Use new document id in appendix #1215 (aeneasr)
- addresses #1213 by bumping github.com/ory/x to v0.0.33 #1214 (aaslamin)
- [oauth2] export tests again #1212 (someone1)
- docs: Adapt new docs id structure #1208 (aeneasr)
- Set ROTATED_SYSTEM_SECRET to old secret as speficied in docs. #1195 (prateek1192)
v1.0.0-rc.3+oryOS.9 (2018-12-06)
Closed issues:
- PHP-SDK: Composer autoloading broken #1199
- sql: Unable to run migrations when coming from beta.9 #1185
Merged pull requests:
- oauth2: Use html templates in fallback endpoints #1202 (aeneasr)
- Fix #1199: Generated composer autoloader non-functional #1200 (Takuto88)
- Migrate links from old docs to new docs #1197 (techthumb)
- Fixed tutorial link in README.md #1193 (jimmystridh)
- setup: add instructions for updating the
hydra-migrate
service to use mysql instead of postgres #1192 (aaslamin) - client: rename grant type authorize_code to authorization_code #1191 (sjkaliski)
- refactoring #1190 (RikiyaFujii)
- Remove duplicated refresh token section #1188 (condemil)
v1.0.0-rc.2+oryOS.9 (2018-11-21)
Merged pull requests:
v1.0.0-rc.1+oryOS.9 (2018-11-21)
Implemented enhancements:
- cmd:
token user
should be able to set up ssl #1147 - client: Deleting a client should delete all associated data too #1131
- Use
-mod=vendor
when building binaries / docker #1112 - Switch to go mod #1074
- CORS_ALLOWED_ORIGINS doesn't respect wildcards #1073
- consent: Add authorize code URL to consent and login response payloads #1046
- [Feature Request] Update consent tests to match oauth2/client tests #1043
- cmd/server: Export useful bootstrap function #973
- sdk: C# language SDK #958
- Opentracing tracing integration #931
- consent: Add ability to specify Access Token Audience #883
- Prepare v1.0.0-rc.1 release #1175 (aeneasr)
- vendor: Update fosite to 0.27.3 #1164 (aeneasr)
- sdk: Document userinfo as GET instead of POST #1161 (aeneasr)
- oauth2: Add audience and improve refresh flow #1156 (aeneasr)
- cmd: Improve issuer error message #1152 (aeneasr)
- oauth2: Add OAuth2 audience claim and improve migrations #1145 (aeneasr)
- Switch to go modules #1077 (aeneasr)
- cmd: Fix flaky port finder #1076 (aeneasr)
- rand: Fix flaky random test #1075 (aeneasr)
Fixed bugs:
- tracing: sql args are added as tags when they should be omitted #1181
- consent: Require proof of authentication before ending user session #1154
- oauth2: Audience is potentially not being refreshed #1153
- Hydra shut down after a race condition #1141
- oauth2: Tables oidc, code, openid, refresh are missing indices #1140
- consent: SQL field
subject\_obfuscated
does not have an index #1138 - Setting up a fresh hydra installation results in panic #1137
- Copy-paste error in manager_0_sql_migrations_test.go #1135
- cmd: Error message regarding IssuerURL should contain environment variable name #1133
- client: Deleting a client should delete all associated data too #1131
- CORS\_ALLOWED\_ORIGINS doesn't respect wildcards #1073
- OpenID configuration endpoint returns wrong registration endpoint #1072
- OAuth2 Token Revoke call results in 404 Not Found #1070
- Missing database indices #1067
- Use PKCE with hybrid flow #1060
- cmd: Consent timeout is currently hardcoded but environment variable exists #1057
- ACR claim not being set on id token when requested by login accept request #1032
- List all consent sessions returns 404 #1031
- Introspect endpoint reports expiration time for refresh tokens #1025
- sql: Resolve index/fk regression issues #1178 (aeneasr)
- Prepare v1.0.0-rc.1 release #1175 (aeneasr)
- consent: Ignore row count in revoke #1173 (aeneasr)
- vendor: Upgrade to fosite 0.27.4 #1171 (aeneasr)
- vendor: Update fosite to 0.27.3 #1164 (aeneasr)
- consent: Properly propagate acr value #1160 (aeneasr)
- cmd: Resolve broken wildcard cors #1159 (aeneasr)
- cmd: Resolve panic in migration handler #1151 (aeneasr)
- consent: Only fetch latest consent state #1124 (aeneasr)
- server: Instantiate PKCE after oidc #1123 (aeneasr)
- cli: Improve migrate error messages #1080 (aeneasr)
- cmd: Fix flaky port finder #1076 (aeneasr)
Closed issues:
- Resolve regression issues related to foreign keys #1177
- DELETE
/oauth2/auth/sessions/login/{user}
returns 404 #1168 - How to authenticate with POST /clients endpoint #1148
- Implementation of user idel time sout #1146
- Move SQL migrations to files and improve test pipeline #1144
- cmd: Show error hint in oauth2 error view #1143
- Login time deteriorates over time #1119
- why hydra-login-consent-go didn't work, is there will have login provider and consent provider with golang? #1117
- Intro Blog source code is unreadable #1111
- consent: ignores extra claims for id and access token #1106
- Invalid_request while generate the Access token in own OAuth 2.0 server #1104
- Invalid_request while generate the Access token in own OAuth 2.0 server #1103
- Document query parameters for /oauth2/auth #1100
- PHP SDK is not PSR-4 compliant #1099
- CHALLENGE_TOKEN_LIFESPAN unused #1097
- Improve follow-up on numerous ORY repos #1093
- Run your own OAuth 2.0 Server : " Client authentication failed " #1091
- govet cmd/tooken_user.go: the cancel function returned by context.WithTimeout should be called #1090
- Enhancement: specify lifespan for refresh_token #1088
- Add at_hash claim to id_token in code flow. #1085
- Disable https://api.segment.io POST request #1083
- Move internal dependencies to ory/x #1081
- Support Kubernetes Secrets #1079
- Silent token refresh fails with "The Authorization Server requires End-User consent" #1068
- Invalid login_challenge #1065
- sql: Add auto-increment PKs #1059
- Feature: admin endpoint for deleting expired tokens #1058
- consent: Send error response if consent or login challenge is expired or invalid #1056
- consent: Add original request URL to login and consent request payloads #1055
- Fix flaky random-port generator #1054
- Fix flaky pseudo-random test #1053
- API doc: GET /userinfo works but not documented #1049
- go SDK userInfo response does not support extra claims #1048
- Issuer url is allways fallowed by / even when defined without #1041
- missing end_session_endpoint from .well-known doc #1040
- oryd/hydra:v1.0.0-beta.9 clients api return 404 #1036
- DELETE login/{user} and DELETE consent/{user} can not redirect to Login page #1035
- remember in requests/login/{challenge}/accept api cause get same subject always #1034
- Out of Band OAuth2 Authorization #1033
- [Cleanup] CORS Settings #1028
- Key rotation leads to "Could not fetch private signing key for OpenID Connect" #1026
Merged pull requests:
- More e2e tests #1184 (aeneasr)
- fix migrate sql command at upgrading guide #1183 (sawadashota)
- rc.1 release preparations #1182 (aeneasr)
- e2e: Improve e2e test pipeline #1180 (aeneasr)
- docs: Auto-generate appendix #1174 (aeneasr)
- vendor: Upgrade to fosite 0.28.0 #1172 (aeneasr)
- ci: Generate benchmarks in docus format #1170 (aeneasr)
- ci: Update release pipeline for new versioning #1169 (aeneasr)
- oauth2: Make client registration endpoint configurable #1167 (aeneasr)
- sdk: Update swagger endpoint definition #1166 (aeneasr)
- sql: Add missing indices #1157 (aeneasr)
- cmd: Add ability to specify consent and login lifespan #1155 (aeneasr)
- cmd: Add https option to token user command #1150 (aeneasr)
- cmd: Improve token user error handling #1149 (aeneasr)
- Minor bug fix in JWK sql migrations test case #1136 (jacor84)
- tracing: remove bad tracing config from docker-compose.yml #1132 (aaslamin)
- cmd: Resolve issues with secret migration #1129 (aeneasr)
- health: Register healthx.AliveCheckPath route for frontend #1128 (jayme-github)
- consent: Set fetch order to descending #1126 (aeneasr)
- cors: add options cors middleware handler #1125 (JiaLiPassion)
- ci: Check vet and fix vet errors #1122 (aeneasr)
- jwks: cors for wellknown endpoints #1118 (JiaLiPassion)
- oauth2: wellknown should use corsMiddleware #1116 (JiaLiPassion)
- tracing: add support for tracing db interactions #1115 (aaslamin)
- build: Improve build pipeline #1114 (aeneasr)
- e2e: Check for access/id token claims #1113 (aeneasr)
- sdk/js: Declare opencollective as devdep #1109 (aeneasr)
- Fix missing LoginChallenge and LoginSessionID from GetConsentRequest #1105 (jcxplorer)
- Update README - Benchmarks section #1102 (kishaningithub)
- docs: Updates issue and pull request templates #1101 (aeneasr)
- Add error response if consent or login challenge is expired #1098 (k-lepa)
- docs: Updates issue and pull request templates #1096 (aeneasr)
- Move dependencies to ory/x #1095 (aeneasr)
- docs: Updates issue and pull request templates #1094 (aeneasr)
- Add schema changes introduced to UPGRADE.md #1082 (aaslamin)
- sql: Add auto-increment PKs #1078 (aeneasr)
- tracing: use context aware database methods #1071 (aaslamin)
- Add missing indices to resolve #1067 #1069 (aaslamin)
- change go-resty import path for gopkg.in/resty.v1 #1064 (pierredavidbelanger)
- fosite: bump to version 0.24.0 with associated code changes #1062 (someone1)
- Bump fosite version to 0.23.0 + New tracing instrumented Hasher #1052 (aaslamin)
- consent: migrate to test helpers [closes #1043] #1051 (someone1)
- Fix swagger #1045 (pierredavidbelanger)
- client: fix test to pass non-nil context #1044 (someone1)
- Bump fosite version and integrate breaking changes #1042 (aaslamin)
- two littles things that bugs me when I compile or run tests #1039 (pierredavidbelanger)
- cmd: Do not echo secrets if explicitly set #1038 (aeneasr)
- propagate context through to the sql store #1030 (aaslamin)
- consent: Add SessionsPath const #1027 (someone1)
- Use latest version of sqlcon #1024 (davidjwilkins)
- cmd/server: Export Handler bootstrap functions (#973) #1023 (someone1)
- Add support for distributed tracing #1019 (aaslamin)
v1.0.0-beta.9 (2018-09-01)
Implemented enhancements:
- Duplicate entry error for second consent request #1007
- cmd: Print version when booting up #987
- client: client specific CORS settings #957
- cmd: Add cli helper for importing and exporting environments (clients, policies, keys) #699
- sql: jsonb support for postgres #516
- client: filter oauth2 clients by field through REST API #505
- cmd: Allow SYSTEM_SECRET key rotation #73
- consent: Forward session and login information #1013 (aeneasr)
- jwk: Add ability to rotate SYSTEM_SECRET #1012 (aeneasr)
- vendor: Upgrade sqlcon to 0.0.6 #1008 (aeneasr)
- cmd: Use viper for cors detection #998 (aeneasr)
- cmd: Disable CORS by default #997 (aeneasr)
- cmd: Add version to banner #995 (aeneasr)
- sdk: Add new methods to SDK interface #994 (aeneasr)
Fixed bugs:
- Client creation gives incorrect error message #1016
- oauth2: id_token_hint should work with expired ID tokens #1014
- cors: Don't automatically auto-allow CORS #996
- Use ID_TOKEN_LIFESPAN when doing refresh #985
- MySQL/MariDB broken on default Debian installations #377
- cmd: Clarify HYDRA_ADMIN_URL in missing endpoint message #1018 (aeneasr)
- oauth2: Accept expired JWTs as id_token_hint #1017 (aeneasr)
- cmd: Disable CORS by default #997 (aeneasr)
- consent: Populate consent session with default values #989 (aeneasr)
Closed issues:
- cmd: Replace cors fork with upstream #1010
- Auth State mismatch. URL Double Encoding #1005
- Can not remember consent because no user interaction was required with resp['skip'] false #999
- invalid if condition about SubjectTypesSupport #992
- sdk: add oauthapi functions to golang interface #991
- After redirecting from consent -- runtime error: invalid memory address or nil pointer dereference #988
Merged pull requests:
- docker: Update compose definitions #1020 (aeneasr)
- config: Fix use of uninitialized logger #1015 (vHanda)
- cmd: Replace aeneasr/cors with rs/cors #1011 (aeneasr)
- oauth2: Enable client specific CORS settings #1009 (aeneasr)
- oauth2: Resolve broken expiry when refreshing id token #1002 (aeneasr)
- Delete Procfile #1001 (MOZGIII)
- Fix serve all cmd in docker files #1000 (condemil)
- cmd: Public subject type should cause public id alg #993 (aeneasr)
- config: disable plugin backend through 'noplugin' tag #986 (glerchundi)
v1.0.0-beta.8 (2018-08-10)
Implemented enhancements:
- Allow logging out and deleting a single session cookie #970
- vendor: Upgrade to MySQL 1.4 driver #965
- oauth2: abstract oauth2/handler JWT Strategies #960
- consent: expose a list of all clients authorized by a user #953
- oauth2: Support for Pairwise Subject Identifier Type #950
- [Enhancement/Proposal] Update Plugin System #949
- The JWK api should be able to export .pem #175
- cmd: Add flags for new client fields in create #939
- client: Deprecate the
public
flag #938 - client: Clarify error message regarding client auth method #936
- cmd: Add option to specify new oidc parameters in client #935
- consent: Obtain previously selected scopes #902
- oauth2: allow issuing of JWT access tokens #248
- oauth2: Add scope to introspection test suite #941 (aeneasr)
- consent: Add logout api endpoint #984 (aeneasr)
- sdk: Upgrade superagent to 3.7.0 #983 (aeneasr)
- vendor: Upgrade to latest sqlcon #975 (aeneasr)
- oauth2: Refactor JWT strategy #972 (someone1)
- oauth2: Removes authorization from introspection #969 (aeneasr)
- oauth2: Support for Pairwise Subject Identifier Type #966 (aeneasr)
- cmd: Introduce public and administrative ports #963 (aeneasr)
- oauth2: Adds JWT Access Token strategy #947 (aeneasr)
- oauth2: Improve token endpoint authentication error message #942 (aeneasr)
Fixed bugs:
- client: Improve error messages from managers #976
- consent: Duplicate row error should return a better error message #880
- oauth2: error_hint, error_debug are not shared when redirect fails #974
- oauth2: Introspect response is empty when
active
is false. #964 - consent: MemoryManager should return
errNoPreviousConsentFound
when no previous consent was found #959 - consent: Auth session should check for
pkg.ErrNotFound
, notsql.ErrNoRows
#944 - sdk: Add AdminURL and PublicURL to configuration #968 (aeneasr)
- cmd: Introduce public and administrative ports #963 (aeneasr)
- consent: Properly identify revoked login sessions #945 (aeneasr)
Closed issues:
- Refresh token and access token share same lifetime #955
- Id_token_hint doesn't work as expected #951
- consent: Check if helper rejects unknown JSON fields #940
- Unable to specify a custom claim to hydra #937
- [HTTP API] get /version returns empty #934
- docs: Add limitations section #839
- Expose administrative APIs at a different port (e.g. 4445) #904
Merged pull requests:
- client: Improve memory manager error messages #978 (aeneasr)
- consent: Add ListUserConsentSessions to OAuth2API interface #977 (clausdenk)
- docker: Update .dockerignore #967 (aeneasr)
- cli: fix reporting of epected vs. received status codes #961 (rjw57)
- all: Introduce database backend interface and update plugin system an… #956 (someone1)
- Add api endpoint to list all authorized clients by user #954 (kingjan1999)
- Use spdx expression for license in package.json #952 (kingjan1999)
- Improve client API compatibility with oidc dynamic discovery #943 (aeneasr)
- oauth2: Share error details with redirect fallback #982 (aeneasr)
- cli: Print "active:false" when token is inactive #981 (aeneasr)
- consent: Return proper error when no consent was found #980 (aeneasr)
- vendor: Upgrade sqlcon to 0.0.5 #979 (aeneasr)
v1.0.0-beta.7 (2018-07-16)
Implemented enhancements:
- Panic when calling oauth2/auth/sessions/consent/{user} or oauth2/auth/sessions/consent/{user}/{client} #928
- client: Improve handling of legacy
id
field #927 (aeneasr)
Fixed bugs:
- Panic when calling oauth2/auth/sessions/consent/{user} or oauth2/auth/sessions/consent/{user}/{client} #928
- jwk: Auto-remove old keys when upgrading from < beta.7 #925 (aeneasr)
Closed issues:
- migration 0.11.10 > 1.0 : did you forget to run hydra migrate sql" or forget to set the SYSTEM_SECRET #926
- ClientID property is ignored when creating a new OAuth2 Client #924
- The CSRF value from the token does not match the CSRF value from the data store #923
- Which version is stable? #922
- JSON Web Key Store default keys broken after upgrading to beta.6 #921
Merged pull requests:
- Document that ORY Hydra is OpenID Certified #933 (aeneasr)
- cmd: Show error when loading x509 cert fails #932 (aeneasr)
- Allow cookie without max age #930 (BastianHofmann)
- cmd: Check dependencies are defined before instantiation #929 (aeneasr)
- README: fix docker linux link #920 (philips)
v1.0.0-beta.6 (2018-07-11)
Implemented enhancements:
- consent: Add endpoint to revoke authentication and consent sessions #856
- jwk: improve JWK tests #588
- cli/clients: allow to import multiple clients with one file #388
- oauth2: allow token revocation without knowing the token (i.e. per user) #304
- cmd: CLI should be able to import PEM keys to JWK store #98
Fixed bugs:
- migration 0.9.x -> 1.0: sector_identifier_uri contains null values #918
Closed issues:
- Hydra version 0.11.13-alpine break cli #917
- health: Check if and why the health endpoint returns a HTTPS response #879
- docs: disallow secrets from docs/tutorials in production mode #573
Merged pull requests:
- client: Fix sql migration step for oidc #919 (aeneasr)
- cmd: Allows import of PEM/DER/JSON encoded keys #916 (aeneasr)
v1.0.0-beta.5 (2018-07-07)
Implemented enhancements:
- client: Improve and DRY validation in handler #909
- cmd/server: Die when system secret is in wrong format #817
- OpenID Connect Certification #689
Fixed bugs:
- Public and private key pair fetched from store does not match #912
- 500 error returned on GET /clients/{id} when client doesn't exist #903
- metrics: Properly handle metrics log messages #833
Closed issues:
- go get return error #913
- Can't create clients using the CLI #911
- is hydra can build on window ? #910
- Let's improve the docs! #385
- Add benchmarks to documentation #161
Merged pull requests:
- consent: Adds ability to revoke consent and login sessions #915 (aeneasr)
- jwk: Tests for simple equality in JWT strategy #914 (aeneasr)
- Adds OpenID Connect Dynamic Client Registration #908 (aeneasr)
- docs: Adds link to examples repository #907 (aeneasr)
- docs: Removes obsolete issue template #906 (aeneasr)
v0.11.14 (2018-06-15)
Fixed bugs:
- Missing commits between v0.11.10 and v0.11.12 #894
v1.0.0-beta.4 (2018-06-13)
v1.0.0-beta.3 (2018-06-13)
Implemented enhancements:
Fixed bugs:
Closed issues:
- cmd: Add flag to allow reading database url in migration command from env #896
Merged pull requests:
- ci: Stops benchmark result commit & pushes #905 (aeneasr)
- docs: Adds CI benchmarks #897 (aeneasr)
- all: Moves to metrics-middleware #895 (aeneasr)
v1.0.0-beta.2 (2018-05-29)
Closed issues:
- 1.0.0-alpha.1 Release Notes #885
Merged pull requests:
v1.0.0-beta.1 (2018-05-29)
Implemented enhancements:
- oauth2: Revoke tokens when performing refreshing grant #889
- docs: Explicitly document in upgrade guide that hydra is no longer protected by default #888
- Extend status page to check dependencies. #887
- oauth2: Revoke previous and future access tokens when revoking a token #884
- consent: Investigate if prompt=none should be allowed with implicit flows #866
- consent: Implement login_hint capabilities #860
- consent: Always remove session if rememberLogin=false #859
- consent: Resolve broken time out #852
- oauth2: Support max_age #851
- consent: Include id_token_hint in oidc context #850
- health: Document prometheus endpoint #844
- config: Deprecate
ClusterURL
,ClientID
,ClientSecret
#841 - oauth2: Return token type on token introspection #831
- oauth2: Support id_token_hint at authorization endpoint #826
- consent app: Restart consent flow #809
- oauth2: Allow multiple audience claims on ID token #790
- client: Add field
client\_secret\_expires\_at
to create #778 - all: All JSON output/input should be using
\_
instead of camelCase #777 - oauth2: Reject authorization requests for invalid scopes before redirecting to consent endpoint #776
- oauth2: Improving the consent flow design #772
- oauth2: Expire consent request on successful consent interaction #771
- health: Add ability to retrieve version (protected endpoint) #743
- Deprecate
hydra policies create -f
#708 - Disallow unknown JSON fields #707
- oauth2: Remember authentication and application authorization #697
- oauth2: Revoke access and refresh tokens when authorization code is used twice #693
- oauth2: Require consent for OAuth 2.0 public clients #692
- oauth2: Reintroduce audience claim #687
- policy: evaluate wildcard matching strategy #580
- installer: homebrew recipe for macOS users #572
- Warden group metadata #387
- policy: search policies by subject and resource #362
- warden: check against multiple policies #264
- core: add warden context everywhere #238
- better and more e2e tests #192
- Health and test improvements #891 (aeneasr)
- Resolves various issues related to OAuth2 #890 (aeneasr)
- Improve oidc conformity #876 (aeneasr)
- Improves compatibility with OIDC Conformity Tests #873 (aeneasr)
- sdk: Remove the need for OAuth2 credentials #869 (aeneasr)
- Minor improvements #868 (aeneasr)
- consent: Always bust auth session if remember is false #864 (aeneasr)
- oauth2: Returns token type on introspection #832 (aeneasr)
Fixed bugs:
- Incorrect CORS-related env vars parsing #886
- consent: Remove the client secret from consent/login response #878
- oauth2: ID Token must be returned in both authorize and token response in hybrid flows with response type
code
#875 - consent: On first prompt=none after authentication, times mismatch #874
- oauth2: Reject requests without nonce unless using the code flow #867
- oauth2: max_age fails if max_age=1 #862
- oauth2: Figure out why MySQL tests are flaky on CI #861
- oauth2: Resolve broken prompt parameter #843
- oauth2: Duplicate requests to /oauth2/token cause 500 #828
- consent app: Restart consent flow #809
- Hydra connect fails when the client secret contains "%" #631
- Health and test improvements #891 (aeneasr)
- Resolves various issues related to OAuth2 #890 (aeneasr)
- Improves OpenID Connect Conformity #882 (aeneasr)
- Improve oidc conformity #876 (aeneasr)
- cmd: Adds jwt strategy and fixes nil pointer exception #865 (aeneasr)
Closed issues:
- consent: Authentication session cookie invalidation scenarios #855
- consent: Investigate if failure during consent should cause session to be revoked #854
- Please support Type Definition (d.ts) for typescript. #848
- security: add HttpOnly cookie flag #847
- cmd: Deprecate
hydra connect
and replace with per-command flags and environment variables #840 - REST API /clients limit & offset bug #838
- Allow configuring consent URL per client #837
- Duplicate client creation results in 500 #835
- Error 1406: Data too long for column 'subject' at row 1 #829
- Does warden groups work with internal Hydra APIs? #823
- Hydra sdk error hydra.introspectOauth2Token is not a function #822
- Improve the lint percentage #818
- docs: Refactor examples / tutorials #810
- Moving the access control engine to Oathkeeper #807
- Can you build an identity provider with hydra or not? #789
- docker: Add image capable of loading policies/clients/jwks from an init.d directory #760
- Add PUT method for /warden/groups/:id #745
- Document that the install guide is different from the 5 minute guide #718
- Prometheus metrics #669
- docs: Port numbers from docker compose and the lengthy tutorial do not match #653
- docs: add subject + id mocks in the policy section of the swagger specs for each endpoint #614
- docs: /warden/allowed do not fully specify security parameters #565
- docs: explain oauth2 better #356
- docs: have a "running hydra in production" section #354
- docs: clarify that the consent app is responsible for implementing full OIDC #353
- docs: add auth0 seminar to docs #347
- docs: add bug bounty section to readme #84
- docs: add passport.js real-world example #83
Merged pull requests:
- vendor: Upgrades fosite dependency #892 (aeneasr)
- Minor consent improvements #881 (aeneasr)
- oauth2: Ignores JTI in userinfo #877 (aeneasr)
- oauth2: Rejects requests without nonce in implicit/hybrid #872 (aeneasr)
- Improves health endpoints and cleans up code #871 (aeneasr)
- Client secret expires #870 (zepatrik)
- Fix mysql timing bug #863 (aeneasr)
- consent: Removes stray fmt.Print #858 (aeneasr)
- Improves consent flow #857 (aeneasr)
- Resolves issues with auth_time #853 (aeneasr)
- add /health/version endpoint #845 (zepatrik)
- Deprecate connect #842 (aeneasr)
- Move policy merged #830 (aeneasr)
- [Prometheus] Add new prometheus metrics and metrics endpoint #827 (dolbik)
- 1.0.x #825 (aeneasr)
- Merge from 0.11.x #824 (aeneasr)
v0.11.12 (2018-04-08)
Fixed bugs:
- sdk: PHP sdk missing from releases #781
Closed issues:
Merged pull requests:
- Resolves dep and tests issues #821 (aeneasr)
- oauth2: Resolves client secrets from potentially leaking to the database in cleartext #820 (aeneasr)
- Activating Open Collective #805 (monkeywithacupcake)
- metrics: Improves naming of traits #804 (aeneasr)
- 0.11 #796 (aeneasr)
v0.11.10 (2018-03-19)
Closed issues:
- docs: Link to php sdk README is wrong #811
Merged pull requests:
- Minor code cleanup #815 (euank)
- docs: Resolves broken swagger definitions #812 (aeneasr)
- docs: Updates banner in readme #808 (aeneasr)
- Update links to discord and readme #806 (aeneasr)
v0.11.9 (2018-03-10)
Implemented enhancements:
- telemetry: Add version and build info as custom dimensions #802
- docs: Adds redirects for broken guide links #798 (aeneasr)
Fixed bugs:
- id_token not returned after request at the /oauth2/token endpoint using the refresh_token #794
- docker: Build time always return time.Now() #792
- cmd: Resolves an issue with broken build time display #799 (aeneasr)
- cmd: Adds OpenID Connect refresh handler #797 (aeneasr)
Closed issues:
- docs: document difference between scopes and policies #590
Merged pull requests:
- metrics: Improves naming of traits #803 (aeneasr)
- docs: Resolves broken images and build #801 (aeneasr)
- docs: Moves documentation to new repository. #800 (aeneasr)
- all: Updates license headers #793 (aeneasr)
v0.11.7 (2018-03-03)
Implemented enhancements:
- make --skip-newsletter the default #779
- group: Add pagination to group management #741
- jwk: Add pagination to jwk lists #740
- client: Add pagination to client list #739
- ConsentRequest should use time.Now().UTC() for ExpiresAt. #679
- sdk: add python sdk #639
- Importing a client should fail when an unrecognized field is found #357
- ci: Automatically pushes docs to website #784 (aeneasr)
- oauth2: Forces UTC in consent strategy #775 (aeneasr)
- client: Introduces pagination to client management #774 (aeneasr)
Fixed bugs:
- oauth2: Remove exp and iat from ID token header #787
- Don't push to coveralls in CI when PR comes from fork #782
- policy: List tests do not care about offset/limit - fix that #746
Closed issues:
- A way to skip the consent screen for certain clients (first party) #791
- Where's the tutorial? #788
- Feature Request: oauth2/token endpoint json payload option #786
- docs: Deprecate recovering root access section #756
- oauth2: Document how to make the well known endpoint public #688
- oauth2: replace redirect uri exact match with protocol/host/path match #257
Merged pull requests:
- docs: Adds automatic summary and toc generation #785 (aeneasr)
- Remove coveralls token from circleci config #783 (zepatrik)
- Update newsletter text #780 (zepatrik)
- Minor improvements to the gitbook guide #773 (aeneasr)
v0.11.6 (2018-02-07)
Implemented enhancements:
- server: Add default policy for well-known/jwks.json #761
- cmd: Add newsletter info and sign up #755
- metrics: Improve metrics endpoint #742
- oauth2: Add ability to purge old access tokens #738
- jwk: refactor jwk id generation #589
- oauth2: Adds support for PKCE (IETF RFC7636) #769 (aeneasr)
- Forces unique JWK IDs and allows anonymous access to ./well-known/jwks.json #762 (aeneasr)
Fixed bugs:
- Do not show client secret when client is public in CLI #737
- oauth2: Client secret error message should be shown on creation #725
- sdk: Resolves composer license complaint #763 (aeneasr)
Closed issues:
- docker-compose encountered errors #758
- AWS Lambda Support? #749
- cmd/client: Ask for security newsletter sign up when using client side CLI #747
- oauth2: Add PKCE support #744
Merged pull requests:
- Gen php sdk #814 (pnicolcev-tulipretail)
- oauth2: Resolves possible session fixation attack #770 (aeneasr)
- docs: Fix dead link to example policy #767 (gr-eg)
- Purge tokens #766 (aeneasr)
- client: do not show/send secret when client is public #765 (zepatrik)
- fix #725 #764 (zepatrik)
- Cmd newsletter signup #759 (aeneasr)
- sdk: Generate php sdk and point php autoloader to lib folder #736 (pnicolcev-tulipretail)
v0.11.4 (2018-01-23)
v0.11.3 (2018-01-23)
Implemented enhancements:
Closed issues:
- possible consent session id attack? #753
v0.11.2 (2018-01-22)
Fixed bugs:
Merged pull requests:
v0.11.1 (2018-01-18)
Implemented enhancements:
- groups: Add ability to list all groups, not just by member #729
Fixed bugs:
Closed issues:
- Timezone Issue with new consent flow in 0.10? #735
- policies: change effect type from string to boolean #666
- cmd:
hydra connect --url
should work with and without trailing slash #650
Merged pull requests:
v0.11.0 (2018-01-08)
Implemented enhancements:
- group: List groups without owner #732
- Add an alias for offline scope called offline_access #722
- oauth2: Print debug message to logs and evaluate transmitting it to clients too #715
- groups: Add ability to list all groups, not just by member #734 (aeneasr)
- sdk: Adds php registry dummy #733 (aeneasr)
- oauth2: Prints debug message to logs and evaluate transmitting it to clients too #727 (aeneasr)
- vendor: Adds offline_access scope alias #724 (aeneasr)
Fixed bugs:
- health: Should not require x-forwarded-proto #726
- health: Stop requiring x-forwarded-proto #731 (aeneasr)
Closed issues:
- variable part in the subject and resource in ladon policy to be filled by request #730
- Trailing slash redirect strips directories from path #723
- Resolve broken docker-compose tutorial guide #717
- Document external dependencies #716
Merged pull requests:
v0.10.10 (2017-12-16)
Implemented enhancements:
- Make scopes in
hydra token client
command configurable #711 - cmd: Makes scopes in token command configurable #712 (aeneasr)
- cmd: Adds a dedicated command for importing policies #709 (aeneasr)
Fixed bugs:
- Misleading error message when using the SDK #686
- sdk/go: Resolves incorrect error message #713 (aeneasr)
Closed issues:
- Docker readme, in case it is lost #719
- Keep track of version and build hash #706
- Scope is documented as hydra.groups but should by hydra.warden.groups #702
- Rename
hydra policies create -f
tohydra policies import
#701
Merged pull requests:
- docs: Resolves issue with broken 5-minute tutorial #721 (aeneasr)
- Improves userinfo endpoint #714 (aeneasr)
- groups: Corrects group scope documentation #710 (aeneasr)
v0.10.9 (2017-12-13)
Implemented enhancements:
- Reintroduce alpine based image with shell #703
Merged pull requests:
v0.10.8 (2017-12-12)
Implemented enhancements:
- oauth2: Add token_endpoint_auth_methods_supported to openid-configuration #695
Closed issues:
- docs: Add introspect bc to upgrade #698
Merged pull requests:
v0.10.7 (2017-12-09)
v0.10.6 (2017-12-09)
Closed issues:
- oauth2: Write test for userinfo endpoint without token and test for 401 #691
Merged pull requests:
v0.10.5 (2017-12-09)
Closed issues:
- oauth2: Support userinfo endpoint #652
v0.10.4 (2017-12-09)
Merged pull requests:
v0.10.3 (2017-12-08)
v0.10.2 (2017-12-08)
v0.10.1 (2017-12-08)
Implemented enhancements:
- Open source policy naming guidelines #680
Closed issues:
- docs: docker --link should be replaced by networks #555
v0.10.0 (2017-12-08)
Implemented enhancements:
- docs: Improve release and breaking changes management #675
- oauth2: Make sub explicit in the database #658
- oauth2: Add access control to token introspection endpoint #655
- all: make policy resource and action names configurable #640
- Subject field #674 (aeneasr)
- Add changelog #673 (aeneasr)
Fixed bugs:
- oauth2: Token revokation should check client id before revoking tokens #676
- cli/policies: removing a policy subject adds the subject Instead #662
- jwk: Rename ES521 key generation algorithm to ES512 #651
- oauth2: Fixes clients being able to revoke any token #677 (aeneasr)
Closed issues:
- Json logging #670
- swagger: scope pattern requires a space #661
- docs: Add list of undisclosed adopters with requests ranges to readme #659
Merged pull requests:
- Update release notes and prepare 0.10.0 #685 (aeneasr)
- docs: Adds multi-tenant best practices #684 (aeneasr)
- ci: Resolves code climate issues #683 (aeneasr)
- pkg: Adds test for LogError #682 (aeneasr)
- docs: Adds ACP best practices #681 (aeneasr)
- oauth2: Requires firewall check for introspecting access tokens #678 (aeneasr)
- Makes policy resource names prefixes configurable #672 (aeneasr)
- docs: Adds consent state machine #671 (aeneasr)
- docs: Make space optional in scope regex (#661) #668 (pnicolcev-tulipretail)
- Various minor fixes #667 (aeneasr)
- telemetry: Update telemetry identification #654 (aeneasr)
v0.10.0-alpha.21 (2017-11-27)
Closed issues:
- Add support for CORS #506
Merged pull requests:
- cli: Fix hydra cli adding policy subjects on subject remove #665 (jamesnicolas)
v0.10.0-alpha.20 (2017-11-26)
Merged pull requests:
v0.10.0-alpha.19 (2017-11-26)
Closed issues:
- Working with flask-oidc #660
- Multi stage build process removes the ability to shell into hydra container #657
- Support ES256 JWK Algo #627
- oauth2/introspect: skip omitempty in active flag #607
- oauth2: provide CWT token generation #577
Merged pull requests:
- vendor: Upgraded ladon and dockertest versions #663 (aeneasr)
- pkg: Make low entropy RSA key generation explicit in function name #656 (aeneasr)
- docs: Update hydra versions #649 (aeneasr)
v0.10.0-alpha.18 (2017-11-06)
v0.10.0-alpha.17 (2017-11-06)
v0.10.0-alpha.16 (2017-11-06)
Merged pull requests:
v0.10.0-alpha.15 (2017-11-06)
Merged pull requests:
v0.10.0-alpha.14 (2017-11-06)
Fixed bugs:
- sql/postgres: wherever limit/offset is used, include ORDER BY clause #619
- oauth2: fix racy memory consent manager with RW mutex #600
Merged pull requests:
v0.10.0-alpha.13 (2017-11-06)
Implemented enhancements:
- Would it make sense to build hydra statically #374
Merged pull requests:
v0.10.0-alpha.11 (2017-11-06)
v0.10.0-alpha.12 (2017-11-06)
Closed issues:
Merged pull requests:
- Add license header to all source files #644 (aeneasr)
- cmd: require url-encoding of root client id and secret #641 (aeneasr)
- fix health link in docs #637 (DallanQ)
v0.10.0-alpha.10 (2017-10-26)
Implemented enhancements:
Closed issues:
- jwk: add es256 generator to jwk handler in master #634
- groups: add ability to list all groups to master branch #633
- travis: run genswag and gensdk before npm publish #610
v0.10.0-alpha.9 (2017-10-25)
Closed issues:
- docs: followed the installation guide and was unable to get a successful consent #623
- tests: run manager tests in parallel #617
Merged pull requests:
- Changes from zvelo #636 (aeneasr)
- Dep, JWK and groups #635 (aeneasr)
- tests: run database tests in parallel #632 (aeneasr)
- Use recommendations made from cryptopasta repository #630 (aeneasr)
- Support ES256 JWK Algo #628 (joshuarubin)
v0.9.16 (2017-10-23)
Closed issues:
- docs: adding policy to consent app doesn't work as resource using <.*> #621
- documentation vague regarding returned client_secret #620
Merged pull requests:
- updated links to apiary as the old ones didn't work #626 (abusaidm)
- docs: updated hydra version in the tutorial to v0.10.0-alpha.8 and consent app to v0.10.0-alpha.9 #625 (abusaidm)
- docs: fixed spelling and wording #624 (abusaidm)
- docs: fix bash command and version used in tutorial #622 (abusaidm)
- add ability to list all groups #612 (joshuarubin)
v0.10.0-alpha.8 (2017-10-18)
Closed issues:
- docs: SDK for Go is actually for Node, fix this typo #615
- server.injectConsentManager doesn't use ConsentRequestSQLManager even if *config.SQLConnection exists #613
Merged pull requests:
- cmd/server: SQLConnection should load SQLRequestManager #618 (aeneasr)
- Clean up helpers and increase test coverage #611 (aeneasr)
- sdk: format js sdk and remove mock tests #609 (aeneasr)
v0.9.15 (2017-10-11)
Merged pull requests:
- Support dep #606 (joshuarubin)
v0.9.14 (2017-10-06)
v0.10.0-alpha.7 (2017-10-06)
v0.10.0-alpha.6 (2017-10-05)
v0.10.0-alpha.5 (2017-10-05)
v0.10.0-alpha.4 (2017-10-05)
Merged pull requests:
- travis: move deploy scripts to its own file #604 (aeneasr)
- tests: skip cpu intense jwk generation in short mode #603 (aeneasr)
v0.10.0-alpha.3 (2017-10-05)
v0.10.0-alpha.2 (2017-10-05)
Implemented enhancements:
- all: refactor http client endpoint logic #584
- oauth2: refresh openid connect id token via refresh_token grant #556
- oauth2: change scope semantics to wildcard #550
- warden: need endpoint that just introspects tokens #539
- sdk: client libraries for all languages #249
- core: enable usage statistics reporting #230
- core: introduce a way to test for bc breaks in datastore #193
Merged pull requests:
- travis: resolve deployment issues #602 (aeneasr)
- warden: remove deprecated http manager #601 (aeneasr)
- docs: fix sdk links #599 (aeneasr)
- travis: re-add goveralls #598 (aeneasr)
v0.10.0-alpha.1 (2017-10-05)
Implemented enhancements:
- oauth2: write test for handling consent deny #597
- group: add warden tests #591
- health: remove TLS restriction on health endpoint when termination is set #586
Fixed bugs:
- cmd:
policies delete
saysConnection \<id\> deleted
instead ofPolicy \<id\> deleted
#583
Closed issues:
Merged pull requests:
- travis: fix binary building #596 (aeneasr)
- cmd/cli: typo Connection -> Policy #592 (ljagiello)
- sdk: switch to swagger codegen sdk #585 (aeneasr)
- 0.10.0 #557 (aeneasr)
v0.9.13 (2017-09-26)
Implemented enhancements:
- RFC: Refactor consent flow #578
- oauth2: remove scope parameter from introspection request #551
- "Subject claim can not be empty" error when trying to retrieve ID Token #460
Fixed bugs:
- cmd:
token user
no longer uses cluster url #581 - warden: do not use refresh tokens as proof of authorization #549
- Fix import path for logrus #477
Closed issues:
- Support for RFC 7636 #576
authorization
header in/oauth2/token
endpoint is case sensitive #575- DATABASE_URL=memory go run main.go host Error #571
- error on mismatch uris #569
- Relation "hydra_jwk" does not exist #568
- Freemium Crap #567
- Warden API docs do not talk about access_token #564
- When the client is run through a container, it should pick up configuration from environment #563
- Docker hub documentation showing up as HTML #562
- Allow people to configure the Hydra service using a config file. #561
- Error on go get the project #560
- Open a Patreon account #558
- GET /client/:id broken on master #538
Merged pull requests:
- health: disable TLS restriction for health check #587 (aeneasr)
- cmd:
token user
should use clusterurl instead of empty string #582 (aeneasr) - vendor: update various dependencies #579 (aeneasr)
- Update to ladon 0.8.2 #570 (olivierdeckers)
- install.md: port typo #566 (rnback)
- oauth2: give meaningful hint when subject claim is empty #554 (aeneasr)
v0.9.12 (2017-07-06)
Implemented enhancements:
- oauth2: use wildcards for scope strategy #552
Merged pull requests:
- warden: refresh tokens are no longer proof of authZ #553 (aeneasr)
- README.md: hydra container doesn't include bash #548 (srenatus)
- docs: fix typo in tutorial #547 (aeneasr)
- cmd/token/user: fix auth and token-url mixup #546 (aeneasr)
- docs: update docs #545 (aeneasr)
v0.9.11 (2017-06-30)
Merged pull requests:
v0.9.10 (2017-06-29)
Implemented enhancements:
- cmd/host: move status info from health endpoint to another one and protect it #532
Fixed bugs:
- Decode Basic Auth Credentials #536
Closed issues:
- Cannot try tutorial install, not existing dependencies #541
- [docker-compose] ERROR: for postgresd expected string or buffer #540
Merged pull requests:
- vendor: update fosite to remove forced nonce #542 (aeneasr)
- oauth2: form-urldecode authorization basic header #537 (aeneasr)
- [DOC] Update "Build from source" section to actual state #534 (dolbik)
- cmd/host: move status info to dedicated endpoint #533 (aeneasr)
v0.9.9 (2017-06-17)
Fixed bugs:
- cmd/policy/create: not exiting on error #527
Merged pull requests:
- cmd: add test for get handler #531 (aeneasr)
- cmd/policy/create: exit on error - closes #527 #530 (aeneasr)
v0.9.8 (2017-06-17)
Fixed bugs:
- Updating policies may cause loss of policy data #503
Closed issues:
- oauth2: investigate panic #512
Merged pull requests:
- oauth2: resolve panic with nested at_ext and id_ext #529 (aeneasr)
- vendor: update to ladon 0.8.0 - closes #503 #528 (aeneasr)
v0.9.7 (2017-06-16)
Closed issues:
- Fatal error when running docker container #525
Merged pull requests:
v0.9.6 (2017-06-15)
Merged pull requests:
v0.9.5 (2017-06-15)
Merged pull requests:
v0.9.4 (2017-06-14)
Merged pull requests:
- cmd: resolve issuer test issue #522 (aeneasr)
- all: improve test exports #521 (aeneasr)
- docs: start writing faq from gitter #504 (aeneasr)
v0.9.3 (2017-06-14)
Closed issues:
- Generating Client ID/Secret in >= 0.8.0 #517
- Could not gracefully run server #513
- authorize_code without password #511
Merged pull requests:
- metrics: resolve potential data race #520 (aeneasr)
- Fix warden docs #519 (aeneasr)
- all: export test helpers #518 (aeneasr)
- oauth2: add tests for refresh token grant #515 (aeneasr)
- oauth2: use issuer-prefixed auth URL in challenge redirect #509 (wyattanderson)
- cmd: resolve failing test #501 (aeneasr)
v0.9.2 (2017-06-13)
Merged pull requests:
v0.9.1 (2017-06-12)
Merged pull requests:
- client: export tests #510 (aeneasr)
- metrics: improve metrics #508 (aeneasr)
- cmd: add auto migration image #502 (aeneasr)
v0.9.0 (2017-06-07)
Implemented enhancements:
- cmd/cli: add flag for X-Forwarded-Proto for faking https termination #349
- metrics: add metrics and telemetry package #500 (aeneasr)
Fixed bugs:
- warden/group: investigate missing transaction rollback in group manager #462
- policies: validate conditions and return error instead of silently dropping them #350
Closed issues:
- Headers should be case-insensitive #496
- docs: add FAQ on missing migrate in docker image #484
- docs: include oauth2 example #358
- warden: allow scopes in policies #330
Merged pull requests:
- sdk: add simple example of hydra sdk #499 (aeneasr)
- docs: add FAQ on missing migrate in docker image #498 (aeneasr)
- vendor: upgrade to ladon 0.7.4 - closes #350 #497 (aeneasr)
- docs: add scopes to oauth2 #495 (aeneasr)
- warden/group: add rollback to transactions #494 (aeneasr)
v0.8.7 (2017-06-05)
Implemented enhancements:
- oauth2: add possibility for denying consent requests #400
- oauth2: allow redirection to client if consent was denied #371
Fixed bugs:
- Introspection endpoint responds with 401 on invalid payload token #457
Closed issues:
- Allow configuration of
DB\_HOST
,DB\_PASS
,DB\_USER
,DB\_NAME
separately. #480
Merged pull requests:
- all: implement --fake-tls-termination flag #493 (aeneasr)
- oauth2/introspect>: resolve 401 on invalid token #492 (aeneasr)
- client/manager_sql: return an empty slice if string is empty #491 (faxal)
v0.8.6 (2017-06-05)
Implemented enhancements:
- Assign clients different consent urls #378
Fixed bugs:
- Creating policies via the CLI does not populate the 'description' field #472
- Missing "iss" field from /oauth2/introspect response #399
- client: getting a non-existing client raises 500 instead of 404 #348
Closed issues:
- Libraries version problem, build break. #481
- oauth2: update to latest fosite which removed implicit storage #468
- Unable to set Public flag to false #463
- oauth2: allow client specific token TTLs #428
- docs: hint at health check #355
- Hydra URLs mounted to a subpath #352
- oidc: hydra as federated user auth for AWS Console/API #315
- jwk: when retrieving a key, stray request missing a subject 403 #271
Merged pull requests:
- oauth2/introspect: send issuer in introspection #490 (aeneasr)
- oauth2: allow redirection to client if consent was denied #489 (aeneasr)
- docs: add health check to swagger and resolve swagger issues #488 (aeneasr)
- jwk/handler: nest ac check and resolve stray log message #487 (aeneasr)
- pkg/errors: make ErrNotFound return a status code #486 (aeneasr)
- cmd/policies: description is a string field, not slice #485 (aeneasr)
- Vendor update #483 (aeneasr)
- vendor: update to latest versions #482 (aeneasr)
- client/manager: remove merging of stored and updated client #478 (faxal)
- Fix Swagger for Warden Groups #476 (pbarker)
v0.8.5 (2017-06-01)
Fixed bugs:
- max_conns and max_conn_lifetime breaks db.Ping #464
- cmd/server: resolve gorilla session mem leak - closes #461 #475 (aeneasr)
Closed issues:
Merged pull requests:
- fix spelling of challenge #471 (sstarcher)
- oauth2: remove unused implicit grant storage #469 (aeneasr)
v0.8.4 (2017-05-24)
Closed issues:
- Kubernetes Helm chart #430
Merged pull requests:
- config: connect to cleaned DSN #470 (aeneasr)
- docs: hint to kubernetes helm chart - see #430 #467 (aeneasr)
- Improve documentation #466 (aeneasr)
v0.8.3 (2017-05-23)
Implemented enhancements:
- http: harden http server for public net #334
Fixed bugs:
Closed issues:
- Listing policies not working with database #458
- go install github.com/ory/hydra Fails to compile #456
- Challenge claims redirect http instead of https #455
- core/store: document aes gcm nonce limitation #76
Merged pull requests:
v0.8.2 (2017-05-10)
Implemented enhancements:
- Missing
kid
parameter in ID token header #433 - no /.well-known/openid-configuration endpoint implementation #379
Merged pull requests:
- Add Key Id to Header #454 (pbarker)
- cmd: improve error message for when database tables are missing #453 (aeneasr)
- Wellknown #427 (pbarker)
v0.8.1 (2017-05-08)
Implemented enhancements:
- cmd: database migrations should not be run automatically but have a cmd instead #444
- all: move herodot to ory/herodot #436
Fixed bugs:
- cmd: token client fails in ci sometimes #443
Closed issues:
- all: deprecating rethinkdb and redis support #425
- oauth2: consent anti-csrf token should be forcefully removed #367
v0.8.0 (2017-05-07)
Closed issues:
- Refresh token doesn't work #449
Merged pull requests:
- ✏️ minor grammar typo #452 (therebelrobot)
- Add example about securing the consent app #450 (matteosuppo)
- Allow setting SkipTLSVerify Option value #448 (faxal)
- 0.8.0: Towards production friendliness #445 (aeneasr)
v0.7.13 (2017-05-03)
Implemented enhancements:
- ui: implement a basic management interface with react for oauth2 client, jwk, social connections and others #215
Fixed bugs:
- herodot: resolve issue with infinite loop caused by certain error chain #441
- "Could not fetch signing key for OpenID Connect" #439
- vendor: upgrade fosite to resolve regression issue #446 (aeneasr)
Closed issues:
- Peculiar EOF instead of response from the introspect endpoint. #368
Merged pull requests:
v0.7.12 (2017-04-30)
Fixed bugs:
Closed issues:
- Freeze dependencies #437
v0.7.11 (2017-04-28)
Closed issues:
- Mismatch between library versions #434
- Data Passthrough to IDP #431
- Api protection #429
- Gitter.im or irc channel #426
- Outdated fosite #424
- oauth2: resource owner password credentials proposal #214
Merged pull requests:
v0.7.10 (2017-04-14)
Closed issues:
- Build instructions from Readme fail #420
- API error (500) during tests #419
- Uname in session #418
- Resource owner password credentials grant #417
- ory vs ory-am #414
- Cockroachdb support #413
- Small doc error #411
- Rest API documentation not working #410
Merged pull requests:
- Remove uname references from docs #423 (matteosuppo)
- vendor: update common and ladon dependencies #422 (aeneasr)
- docs: resolve broken build instructions in readme - closes #420 #421 (aeneasr)
- Dropping brackets in Create Client example #415 (pbarker)
- Update bash command in tutorial #412 (pbarker)
- Update README.md #409 (joelpickup)
- docs: changes apiary url to current version #407 (aeneasr)
v0.7.9 (2017-04-02)
Closed issues:
Merged pull requests:
- Updated ladon version in glide.lock #404 (ericalandouglas)
- oauth2: fix typo #403 (maximesong)
v0.7.8 (2017-03-24)
Implemented enhancements:
- sdk: add consent helper #397
- Transition Dockerfile to Alpine Linux #393
- redirect_uri domains are case-sensitive #380
- Per-client consent URLs #351
- sdk: add consent helper - closes #397 #398 (aeneasr)
- docs: add example policy for consent app signing #389 (aeneasr)
Fixed bugs:
- cli handler_groups type error? #383
Closed issues:
- oauth2: token introspection fails on HTTP without dangerous-force-http #395
- Create User based on access token provided by Social Provider #394
- investigate why import from json fails #390
- gitter link doesn't work #386
- Possible security bug in warden/group package #382
- relation "hydra_client" does not exist (postgres) #381
- Native login support #375
- Request denied by default #373
Merged pull requests:
- docker: reduce docker image size #396 (aeneasr)
- Added information about auth code exchange to oauth2 docs #392 (therebelrobot)
- Small typo. #391 (darron)
- all: resolve ci issues and improve readme #384 (aeneasr)
v0.7.7 (2017-02-11)
v0.7.4 (2017-02-11)
v0.7.5 (2017-02-11)
v0.7.6 (2017-02-11)
Implemented enhancements:
- sql: limit maximum open connections, document timeout options through DSN #359
Fixed bugs:
- oauth2: invalid consent response causes panic #369
- oauth2: resolve issue with cookie store #376 (aeneasr)
Closed issues:
- Can hydra be easily integrated (embedded) into any golang http application? #372
Merged pull requests:
- oauth2: invalid consent response causes panic - closes #369 #370 (aeneasr)
- Resolve issues with SQL maximum open connections #360 (aeneasr)
v0.7.3 (2017-01-22)
Fixed bugs:
Closed issues:
- Have Hydra store usernames linked to tokens #364
- policy: investigate potential sql connection leak #363
- crypto/bcrypt: hashedPassword is not the hash of the given password #346
Merged pull requests:
v0.7.2 (2017-01-02)
Fixed bugs:
- Problems with the authorization code flow #342
- sql: deleting policies does not delete associated records with mysql driver #326
- vendor: update to fosite 0.6.11 - closes #338 #343 (aeneasr)
Closed issues:
Merged pull requests:
v0.7.1 (2016-12-30)
v0.7.0 (2016-12-30)
Implemented enhancements:
- Implement RemoveSubjectFromPolicy and RemoveResourceFromPolicy #336
- policy: provide rest endpoint for policy updates #305
- 0.7.0: SQL Migrate, Groups, Hardening #329 (aeneasr)
Fixed bugs:
Closed issues:
- Replace # with ? in authentication response #337
v0.6.10 (2016-12-26)
Implemented enhancements:
- oauth2/consent: force jti echo in consent response #322
- include a migration routine for databases #194
- warden: add group management and group based policy checks #68
- Improve http-based warden/introspection error responses #335 (aeneasr)
v0.6.9 (2016-12-20)
Implemented enhancements:
Fixed bugs:
Closed issues:
- openid: support response_type=code id_token #332
- Apparent failure on load with ECDSA key #328
- Why hydra github homepage crash when I visit ( while scrolling down) #323
- JsonWebTokenError: jwt must be provided #321
- write tests for cmd helpers #186
Merged pull requests:
- cmd: replace newline in HTTP_TLS #331 (ewilde)
- Log fixes #324 (johnwu96822)
v0.6.8 (2016-12-06)
Implemented enhancements:
v0.6.7 (2016-12-04)
Merged pull requests:
v0.6.6 (2016-12-04)
Implemented enhancements:
- core: Redis backend #306
Closed issues:
- oauth2: aud parameter does not allow arrays #314
Merged pull requests:
- add missing work in docs/oauth2.md #317 (bbigras)
- docker: --name should be before the image's name #316 (bbigras)
v0.6.5 (2016-11-28)
Implemented enhancements:
v0.6.4 (2016-11-22)
Implemented enhancements:
Fixed bugs:
- oauth2/revocation: token revocation fails silently with sql store #311
- oauth2/revocation: token revocation fails silently with sql store #312 (aeneasr)
Closed issues:
- docs: clean up TokenValid leftovers #310
v0.6.3 (2016-11-17)
Implemented enhancements:
- Rejection reason code to /warden/token/allowed #308
Fixed bugs:
v0.6.2 (2016-11-05)
Implemented enhancements:
- github: comply with Go license terms #300
Merged pull requests:
- Fix client SQL manager missing client_name #303 (johnwu96822)
v0.6.1 (2016-10-26)
Fixed bugs:
- MySQL DB not creating on start – JSON column types only supported from MySQL 5.7 and onwards #299
- 0.6.1 #301 (aeneasr)
Merged pull requests:
- Fix some minor typos and the broken tutorial links #298 (justinclift)
v0.6.0 (2016-10-25)
Implemented enhancements:
- Make it possible for travis-ci to build forked repos #295
- core: add sql support #292
- travis: execute gox build only when new commit is a new tag #285
- cmd: prettify the
hydra token user
output #281 - warden: make it clear that ladon.Request.Subject is not required or break bc and remove it #270
- connections: remove connections API #265
- consider signing up for Core Infrastructure Initiative badge #246
- oauth2: token revocation endpoint #233
- oauth2/rethinkdb: clear expired access tokens from memory #228
- 0.6.0 #293 (aeneasr)
Fixed bugs:
- all: coverage report is missing covered lines of nested packages #296
- oauth2/introspect: make endpoint rfc7662 compatible #289
- rethink: figure out how to deal with unreliable changefeed #269
- oauth2: requests waste a lot of time in fosite storer
requestFromRDB\(\)
routine #260 - 0.6.0 #293 (aeneasr)
Closed issues:
- docs: fix typo in consent.md #294
- docs/apiary: add at_ext note to warden endpoints #287
- core/storage: with rethinkdb being closed, what is our path forward? #286
- docs: warden resource names are wrong on apiary #268
- Request for Comment: Fair Source License / Business Source License #227
- core: (health) monitoring endpoint #216
- add much simpler identity provider and oauth2 consumer example #172
- 2fa: add two factor authentication helper API #69
Merged pull requests:
- cmd: fix typo in host command help text #291 (faxal)
- travis: Only gox build on tags and go1.7 #288 (emilva)
- docs: improve introduction #267 (aeneasr)
v0.5.8 (2016-10-06)
Fixed bugs:
- oauth2: refresh token does not migrate session object to new token #283
- oauth2: refresh token does not migrate session object to new token #284 (aeneasr)
v0.5.7 (2016-10-04)
Implemented enhancements:
- jwk: add use parameter to generated JWKs #279
- jwk: add use parameter to generated JWKs - closes #279 #280 (aeneasr)
v0.5.6 (2016-10-03)
Implemented enhancements:
- oauth2: scopes should be separated by %20 and not +, to ensure javascript compatibility #278 (aeneasr)
Fixed bugs:
Closed issues:
- Scopes should be separated by %20 and not +, to ensure javascript compatibility #277
Merged pull requests:
- cmd: fix #272 typos in the host command controls #276 (cixtor)
- Fix #274 - replace HYDRA_PROFILING with PROFILING #275 (otremblay)
v0.5.5 (2016-09-29)
v0.5.4 (2016-09-29)
v0.5.3 (2016-09-29)
Implemented enhancements:
Fixed bugs:
- investigate if and why slow rethinkdb connection causes client root to be recreated #191
Closed issues:
- Consider extract Go SDK package into separate repository #266
- Showcase: How and where are you using Hydra? #115
v0.5.2 (2016-09-23)
v0.5.0 (2016-09-22)
v0.5.1 (2016-09-22)
Implemented enhancements:
- oauth2: include original request query parameters in the consent challenge #256
- Need a better health check for a load balancer #251
- client: add ability to update client #250
- oauth2: allow access token validation for public clients #245
- all: improve error messages regarding token validation #244
- all: resolve naming inconsistencies in jwk set names used in hydra #239
- sdk: resolve naming inconsistencies #226
- oidc: support kid hint in header #222
- 0.5.0-errors #263 (aeneasr)
- 0.5.0 #243 (aeneasr)
Fixed bugs:
- When invalid/expired token is used for /warden/allowed endpoint, status 500 is returned #262
- docs: fix images in readme #261
- Bad HTML encoding of the scope parameter #259
- docs: images are broken #258
- oauth2: id token hashes are not base64 url encoded #255
- oauth2: state parameter is missing when response_type=id_token #254
- jwk: anonymous request can't read public keys #253
- travis: ld flags are wrong #242
- cmd: hydra token user should show id token in browser #224
- oidc: hybrid flow using
token+code+id\_token
returns multiple tokens of the same type #223 - hydra clients import doesn't print client's secret #221
- 0.5.0-errors #263 (aeneasr)
- 0.5.0 #243 (aeneasr)
Closed issues:
Merged pull requests:
v0.4.2-alpha.4 (2016-09-03)
v0.4.2 (2016-09-03)
v0.4.3 (2016-09-03)
v0.4.2-alpha.3 (2016-09-02)
v0.4.2-alpha.2 (2016-09-01)
v0.4.2-alpha.1 (2016-09-01)
0.4.2-alpha (2016-09-01)
Implemented enhancements:
- Add version option to Hydra's CLI #218
- autobuild #240 (aeneasr)
- Update jwt-go and resolve warden regression issue #232 (aeneasr)
Fixed bugs:
- warden: firewal.Audience overridden with requesting clients subject #236 (faxal)
- Update jwt-go and resolve warden regression issue #232 (aeneasr)
Closed issues:
- how to use hydra without "--dangerous-auto-logon"? #241
- warden: firewal.Audience overridden with requesting clients subject #237
- Vendor: Upgrade to jwt-go 3.0.0 #229
- docs: warden sdk example is misleading #225
- Typo in the apiary documentation #220
- Importing clients with the CLI doesn't work #219
- doc: add "what is hydra not?" section to readme #217
- figure out a process to autobuild releases #210
Merged pull requests:
- fix broken link for tutorial in README.md #213 (allan-simon)
v0.4.1 (2016-08-18)
Fixed bugs:
v0.4.0 (2016-08-17)
Implemented enhancements:
Fixed bugs:
Closed issues:
- docs/guide: warden docs are outdated #206
- fix sdk examples in readme #196
- add tests for clients import #163
- remove go get -t ./... from travis #71
v0.3.1 (2016-08-17)
Implemented enhancements:
- oauth2: introspection should return custom session values #205
- warden: move IntrospectToken from warden sdk to oauth2 #201
- warden: rename InspectToken to IntrospectToken #200
Fixed bugs:
- AccessTokens get overridden during startup of hydra #207
- warden: IntrospectToken always throws an error on Hydra logs #199
- resolve issue with at extra data #198
- Fix 207 #208 (aeneasr)
v0.3.0 (2016-08-09)
Implemented enhancements:
Fixed bugs:
v0.2.0 (2016-08-09)
Implemented enhancements:
- warden sdk should not make distinction between token and request #190
- core scope should not be mandatory #189
- id token claims should be set by consent challenge
id\_token
claim #188 - provide default consent endpoint in hydra #185
- make bcrypt cost configurable #184
- make lifespans configurable #183
- improve env to config #182
- add memory profiling and cpu profiling #179
- add basic http request logging #178
- support edge tls termination #177
- Make client HTTPManager not compatible with fosite.Storage #173
- clean up stale branches #171
- improve hydra connect dialogue #170
- investigate if token creation can be speeded up #168
- consent: allow proxying of id token claims #167
- warden: rename authorized / allowed endpoints to something more meaningful #162
- warden: rename
assertion
totoken
#158 - Implement strict mode for warden #156
- Implement token introspection endpoint #155
- Don't log database credentials #147
- OpenID Connect Session Management #143
- [Feature request] Import clients on startup #140
- Warden for anonymous users #139
- oauth2/consent: id token expiry should be configurable #127
- warden: endpoint should only require valid client, not policy based access control #121
- Improve error message of wrong system secret #104
- warden: rename authorized / allowed endpoints to something more meaningful #187 (aeneasr)
- 0.2.0 #165 (aeneasr)
- all: add test cases for methods returning slices or maps of entities #152 (aeneasr)
- Resolve rethinkdb connection when idle #148 (aeneasr)
- all: resolve issues with the sdk and cli #142 (aeneasr)
- cli: add token validation #134 (aeneasr)
- Add wrapper library for HTTP Managers #130 (faxal)
Fixed bugs:
- investigate runtime panic on warden allowed #181
- oauth2 implicit flow should allow custom protocols #180
- support edge tls termination #177
- Token generation should be always consistent, not eventually consistent #176
- consent: allow proxying of id token claims #167
- config: do not store database config in hydra config #164
- OAuth2 token endpoint does not allow GET method but reads query parameters #160
- OAuth2 token endpoint should be able to handle simple form encoded requests #159
- --dry option does not work correctly #157
- client.GetClients() returns invalid information #150
- RethinkDB connection dies after a certain amount of inactive time #146
- Fails to startup when a SSO connection is added. #141
- id_token: at_hash / c_hash is null #129
- oauth2: some scopes are included twice #126
- warden: iat / exp values are not being set #125
- investigate missing scopes issue #124
- rethinkdb: resolve an issue where missing refresh tokens cause duplicate key error #122
- 0.2.0 #165 (aeneasr)
- ensure client endpoint is initialised for CLI "clients import" command #149 (boyvinall)
- Resolve rethinkdb connection when idle #148 (aeneasr)
- all: resolve issues with the sdk and cli #142 (aeneasr)
- Resolve warden issues #128 (aeneasr)
- Various bugfixes #123 (aeneasr)
Closed issues:
- Error trying to create a token via curl #174
- gorethink: could not decode type []uint8 into Go value of type string #169
- document warden interface sdk #166
- Document what OpenID Connect is and how to use it #154
- Warden endpoints #137
- Environment variables naming scheme #136
- Implicit Flow redirect_uri does not match #133
- hydra 2FA on cloud providers #132
- Document HTTP client libraries for go #101
- Document error redirect to identity provider #96
- use dropbox example to explain oauth2 #95
Merged pull requests:
- client: fix client.GetClients() for multiple clients #151 (boyvinall)
- readme: Fix table of contents links #145 (smithrobs)
- doc: Minor grammar/spelling fixes for README #144 (smithrobs)
- Add some precisions to installation #131 (yageek)
0.1-beta.4 (2016-06-26)
Implemented enhancements:
- Connect to rethinkdb over SSL with self-signed certificate #114
Fixed bugs:
- clients endpoint returns client secret base64 encoded #119
- firewall 403s on warden endpoints #118
- Client secrets should not be hashed when POSTing #113
- Resolve issues with warden and client api #120 (aeneasr)
- client: return client secret on POST and remove it from GET #117 (aeneasr)
Merged pull requests:
- Connect to rethinkdb with a custom certificate #116 (matteosuppo)
- dist: fix typos in exemplary policies #112 (aeneasr)
0.1-beta.3 (2016-06-20)
Implemented enhancements:
Fixed bugs:
- Warden handlers are not mounted #109
Closed issues:
- Installation fails #108
- Exchange token from browser client #107
- Temporary Client not working #106
- Could not fetch initial state with docker-compose #103
Merged pull requests:
- all: update jwt-go to versioned package and update dependencies #111 (aeneasr)
- Mount warden handler #110 (faxal)
0.1-beta.2 (2016-06-14)
Implemented enhancements:
- CLI should have
-dry
option to show what the HTTP request looks like #99 - Add offline scope for refresh tokens #97
- extend jwk cert store #92
- Creating clients with predefined credentials #91
- Passing key and certificate to hydra #88
- AES-GCM key should be sha256(secret)[:32] #86
- Update GoRethink imports #78
- link exemplary policies in the docs #75
- support SAML in addition to OAuth2 #29
- 0.1-beta2 #90 (aeneasr)
- vendor: switch to versioned gorethink api #81 (aeneasr)
Fixed bugs:
- fix issue where tls certificate is regenerated on boot #93
- typo: singing instead of signing #89
- 404 in the gitbook #85
- Update GoRethink imports #78
- client: resolved that secrets can not be set when using http or cli #102 (aeneasr)
Closed issues:
Merged pull requests:
- Fix typo of weather #100 (smurfpandey)
- readme: add security section #87 (aeneasr)
- Fix idiom in README #79 (neuhaus)
0.1-beta1 (2016-05-29)
Implemented enhancements:
- client rest endpoint: rename
name
toclient\_name
#72 - allow using not self-signed TLS certificates #70
- Implement OpenID Connect Dynamic Client Registration 1.0 #65
- Implement default identity provider using postgres #63
- Implement generic connectors #61
- Replace osin with ory-am/fosite #46
- Remove dockertest dependency from handlers #43
- adding RethinkDB as a Store #39
- Add more IdPs #33
- Make JWT as access tokens optional and replace with a custom strategy #32
- support for ldap for user storage #28
- Migrate from mux to httprouter #14
- Decompositioning, implement Fosite #62 (aeneasr)
Fixed bugs:
- spec: /jwk/:set/:kid must return array #74
- client rest endpoint: rename
name
toclient\\_name
#72 - Too many open files probably caused by http client #47
Closed issues:
- Add Dockerfile for autobuild #60
- CLI refactor and initial account set up #59
- ory-am ssl cert invalid #58
- Granted Endpoint Proposal: Performant access decisions for resource providers using REST #48
- Security "audit" pre-analysis (based on rfc6749) #41
- wrong repo #40
- Rename providers to connectors #38
- Are there standards for connecting to third party providers #37
- Add support for scopes #36
- Readme: Accounts CLI Usage #31
- Continue using JWT as access tokens? #22
- remove refresh token claims #21
- godeps should only be commited on release #19
- refactor POST workflow #13
- JWT assertions #5
- Check JWT Algorithm #3
Merged pull requests:
- Remove go get of govet in .travis.yml #67 (sbani)
- Hydra is now using Go 1.6 vendoring and is deployable to heroku #56 (aeneasr)
- Heroku #55 (aeneasr)
- Update README.md #54 (leetal)
- RethinkDB #53 (leetal)
- handler.go:300: no formatting directive in Sprintf call #52 (QuentinPerez)
- providers: added microsoft and improved existing providers #51 (aeneasr)
- oauth: added google provider #50 (aeneasr)
- handle multiple return values from gopass #49 (timothyknight)
- doc: create MAINTAINERS #45 (aeneasr)
- docs: create CONTRIBUTING.md #44 (aeneasr)
- update accounts CLI Usage #34 (akhedrane)
- Add a Gitter chat badge to README.md #30 (gitter-badger)
- Extra arguments #27 (QuentinPerez)
- all: oauth and guard endpoints now accept basic auth instead of token… #26 (aeneasr)
- account: refactor, more endpoints and tests #25 (aeneasr)
- all: username instead of email, token revocation, introspect spec ali… #24 (aeneasr)
- Tutorial #23 (aeneasr)
- Unstaged #20 (aeneasr)
- client: now tries to refresh when token is invalid #18 (aeneasr)
- client: added possibility to skip CA check #17 (aeneasr)
- cli: fixed default TLS and JWT filepaths #16 (aeneasr)
- Policy changes and more tests #15 (aeneasr)
- unstaged #12 (aeneasr)
- Ladon api update & policy http endpoint #11 (aeneasr)
- Improved CLI
client create
and provider workflow. #10 (aeneasr) - cli #9 (aeneasr)
- all: increased test coverage #8 (aeneasr)
- Handlers and cleanup #7 (aeneasr)
- Single Sign On #6 (aeneasr)
- tests: increased coverage #4 (aeneasr)
- Implemented jwt, middleware, test coverage and handlers. #2 (aeneasr)
- Refactor #1 (aeneasr)
* This Change Log was automatically generated by github_changelog_generator