Skip to content

Releases: ory/hydra

v2.3.0

17 Jan 08:51
ee8c339
Compare
Choose a tag to compare

We’re thrilled to announce the release of Ory Hydra 2.3.0! This version comes packed with graceful token refresh, performance improvements, and fixes that enhance stability, reduce database load, and streamline the developer experience. We strongly recommend upgrading to take advantage of these enhancements and ensure the best possible OAuth2 and OpenID Connect experience with Ory Hydra. Thank you to everyone who contributed!

Ory Hydra now supports graceful refresh token rotation, making OAuth2 and OpenID Connect refresh flows significantly more resilient in scenarios such as Single Page Apps and IoT. Even in highly distributed or concurrent environments, Hydra gracefully handles token refreshes reliably, ensuring tokens are not dropped or double-used.

PRs: #3860, #3895

Previously, the redirect_uri was not required when performing flows with scope=openid. This release enforces the requirement to comply with the OpenID Connect standard.

PR: #3900

Hydra now supports explicit SQL migration commands migrate sql up|down|status that streamline database schema management and help with zero-downtime upgrades.

PR: #3894

  • Access token strategy & advanced CLI improvements
    The CLI introduces new parameters and an option to specify a custom client ID on creation, making it easier to manage and script Hydra deployments.
    PRs: #3718, #3725, #3874
  • Built-in login & consent UI for hydra perform authorization-code
    A minimal built-in UI for login and consent can be enabled when testing with the CLI, removing the need to spin up a separate service.
    PR: #3845

Unused indices have been removed, down migration scripts renamed for consistency, and all migrations are more efficient overall.

PRs: #3859, #3911

  • Improve persistence logic – Database transactions and concurrency have been improved across the authorization and token handlers.
    PRs: #3756, #3763, #3886

  • Support for more claims in password grant – You can now include additional claims in the password grant flow, providing extra flexibility in advanced scenarios. Only available with an Ory Enterprise License.
    PR: #3864

  • Transaction Wrappers
    Authorization and token issuance are now wrapped more consistently to prevent partial writes and race conditions.
    PRs: #3730, #3763

  • Improved Docker setup
    Docker configurations have been refined, removing inconsistencies in the Compose setup and enabling a fully static binary build.
    PRs: #3826, #3924

  • Proper JSON round-tripping
    Fixed an issue causing custom claims to break if they were nested or unexpectedly typed. JSON round-trips are now correct.
    PR: #3819

  • Speed up public key retrieval
    Reduced overhead for the JWK public endpoint, solving CPU contention issues in large-scale deployments.
    PRs: #3787, #3870

  • Fix Docker Compose references
    The CLI now properly references docker compose instead of docker-compose, ensuring compatibility with modern Docker setups.
    PR: #3815

  • Dependency upgrades
    Bumped fosite, ory/x, pgx/v5, and various third-party libraries for improved stability and performance.

  • Updated docs
    Updated examples, improved JWK documentation, added notes on Docker Compose usage, and refined OpenID Connect discovery docs.

  • More tracing context
    Tracing calls have been consistently standardized with otelx.End(), and additional context ensures better observability.

  • Code generation & housekeeping
    Various housekeeping tasks: pinned GHA versions, fixed minor comment typos, updated newsletters/links, and more.

To upgrade to 2.3.0, follow the usual steps:

  1. Back up your database (always recommended).
  2. Update your Hydra version in your Docker configuration, binary, or build to v2.3.0.
  3. Run hydra migrate sql up (if using the new commands) or your usual migration procedure.
  4. Restart your services and confirm that Hydra is up and running.

Check the migration docs for detailed information.

As always, we love hearing from our community. Here are some ways to get involved:

Thanks to all contributors for making Ory Hydra the best-in-class OAuth2 and OpenID Connect server.

For Ory Hydra v2.4.0 we are looking at another highly anticipated community-contributed feature, the OAuth 2.0 Device Authorization Grant!

Full Changelog: v2.2.0...v2.3.0

Happy building with Ory Hydra!

Breaking Changes

Going forward, OAuth2 Clients requesting an OpenID Connect flow must include the redirect_uri parameter or the request will be rejected.

Deleting consents no longer returns 404 in certain edge cases but instead always 204.

Bug Fixes

  • Advertise support for response_mode=form_post in OIDC discovery document (#3861) (9cc5f28)

  • Broken JSON round-tripping for custom claims (b36b701):

    Adding custom claims with numerical types (think JavaScript Number) previously did not
    round-trip through Hydra correctly. For example, passing UNIX timestamps in custom claims
    would end up as floating points in exponential notation in the final token. That, in turn,
    confused or broke downstream consumers of the token, including Kratos.

    Ref go-jose/go-jose#144

  • Change comment on revokeOAuth2LoginSessions (#3853) (6d829dd)

  • Change index name in down migration (#3911) (3a09db2)

  • Correct span names (554238b)

  • Correctly pass multiple token audiences and prompt parameters when performing the authorization code flow from the CLI (#3736) (632faef)

  • Cpu contention when reading JWKs and suppress generating duplicate JWKs (#3870) (d5f65c5):

    Previously each concurrent caller would need to lock a shared mutex when reading or writing a given JWK set.
    The read path now doesn't require locking a mutex at all and instead returns valid query results directly.

    The write path is now protected by a concurrency control mechanism (using x/sync/singleflight) to ensure only one JWK set is generated and persisted.

    Note: Duplicate JWK sets may still be improperly generated if running more than one Hydra instance in a high traffic environment.

  • Do not iteratively delete records (#3766) (5ef20a2):

    Resolves performance issues on some databases when deleting consent.

  • Do not retry sending responses (#3764) (1bbfdb5)

  • docs: Adjust note about SDK support on oauth2 flow endpoints (#3812) (d0e047c)

  • Error log when RP responds with status code 204 (#3731) (153e4b5)

  • Faster GetPublicKeys (#3787) (04c34aa):

    GetPublicKeys used to fetch all keys in a set, even if they were actually not being used. This patch fixes that.

  • Improve docker set up (#3924) (8ca6cbd), closes #3914 #3683:

    Improves the docker set up and removes some unused files.

  • Incorrect context passthru (fa50e3e)

  • Incorrect indices (#3778) ([cb0004b](https://github.com/ory/hydr...

Read more

v2.2.0

12 Feb 11:37
57096be
Compare
Choose a tag to compare

Ory Hydra 2.2.0

Ory Hydra, the OAuth2 and OpenID Connect server designed for web-scale deployments introduces over 6x higher OAuth2 throughput on a single PostgreSQL instance!

Want to check out Ory Hydra yourself? Try common OAuth2 flows in the Ory OAuth2 Get Started guide!

This version significantly enhances performance, processing over 6x more authorization flows than version 2.1, thanks to architectural improvements that minimize database interactions for login and consent processes.

Key improvements include:

  • Enhanced integration with Ory Kratos, ensuring seamless synchronization of login and logout states across both services. Users logged out from Ory Hydra will automatically log out from Ory Kratos, enhancing security and user experience.
  • The ability to bypass the logout consent screen for specific clients, streamlining the logout process.
  • Simplified migration with the new feature to import OAuth2 Client IDs, making the transition to Ory Hydra smoother.
  • Support for the OIDC Verifiable Credentials specification, expanding the server's capabilities in identity verification.

Thank all contributors who have made this release available!

Bug Fixes

Documentation

Features

  • Add --skip-logout-consent flag to CLI (#3709) (f502d6e)

  • Add authentication options to hooks (#3633) (5c8e792)

  • Add flag to export public keys (#3684) (62c006b)

  • Add missing index for jwk table (#3691) (39ee5e1)

  • Add prompt=registration (#3636) (19857d2):

    Ory Hydra now supports a registration value for the prompt parameter of
    the authorization request. When specifying prompt=registration, Ory Hydra
    will redirect the user to the URL found under urls.registration
    (instead of urls.login).

  • Add skip_logout_consent option to clients (#3705) (2a653e6):

    Adds a special field which disables the logout consent screen when performing OIDC logout.

  • Allow injecting extra fosite strategies (#3646) (88b0b7c)

  • Re-enable legacy client IDs (#3628) (5dd7d30):

    This patch changes the primary key of the hydra_client table. We do not expect issues, as that table is probably not overly huge in any deployment. We do however highly recommend to test the migration performance on a staging environment with a similar database setup.

  • Remove flow cookie (#3639) (cde3a30):

    This patch removes the flow cookie. All information is already tracked in the request query parameters as part of the {login|consent}_{challenge|verifier}.

  • Remove login session cookie during consent flow (#3667) (5f41949)

  • Support multiple token URLs (#3676) (95cc273)

  • Add hydra migrate status subcommand (#3579) (749eb8d)

  • Add more resolution to events and collect client metrics (#3568) (466e66b)

  • Add state override (b8b9154)

  • Add support for OIDC VC (#3575) (219a7c0):

    This adds initial support for issuing verifiable credentials
    as specified in https://openid.net/specs/openid-connect-userinfo-vc-1_0.html.

    Because the spec is still in draft, public identifiers are
    suffixed with draft_00.

  • Allow additional SQL migrations (#3587) (8900cbb)

  • Allow Go migrations (#3602) (8eed306)

  • Allow to disable claim mirroring ([#3563](https:...

Read more

v2.2.0-rc.3

16 Aug 21:09
ad8a4ba
Compare
Choose a tag to compare
v2.2.0-rc.3 Pre-release
Pre-release

Introduces logout compatibility with Ory Kratos.

Bug Fixes

  • Add exceptions for internal IP addresses (#3608) (1f1121c)
  • Add kid to verifiable credential header (#3606) (9f1c8d1)
  • Deflake ttl test (6741a49)
  • Docker build (#3609) (01ff9da)
  • Enable CORS with hot-reloaded origins (#3601) (6f592fc)
  • Only query access tokens by hashed signature (a21e945)
  • Racy random string generation (#3555) (1b26c4c)
  • Reject invalid JWKS in client configuration / dependency cleanup and bump (#3603) (1d73d83)
  • Restore ability to override auth and token urls for exemplary app (#3590) (dfb129a)
  • Return proper error when the grant request cannot be parsed (#3558) (26f2d34)
  • Use correct tracer in middleware (#3567) (807cbd2)

Code Generation

  • Pin v2.2.0-rc.3 release commit (ad8a4ba)

Features

  • Add hydra migrate status subcommand (#3579) (749eb8d)

  • Add more resolution to events and collect client metrics (#3568) (466e66b)

  • Add state override (b8b9154)

  • Add support for OIDC VC (#3575) (219a7c0):

    This adds initial support for issuing verifiable credentials
    as specified in https://openid.net/specs/openid-connect-userinfo-vc-1_0.html.

    Because the spec is still in draft, public identifiers are
    suffixed with draft_00.

  • Allow additional SQL migrations (#3587) (8900cbb)

  • Allow Go migrations (#3602) (8eed306)

  • Allow to disable claim mirroring (#3563) (c72a316):

    This PR introduces another config option called oauth2:mirror_top_level_claims which may be used to disable the mirroring of custom claims into the ext claim of the jwt.
    This new config option is an opt-in. If unused the behavior remains as-is to ensure backwards compatibility.

    Example:

    oauth2:
      allowed_top_level_claims:
        - test_claim
      mirror_top_level_claims: false # -> this will prevent test_claim to be mirrored within ext

    Closes #3348

  • Bump fosite and add some more tracing (0b56f53)

  • cmd: Add route that redirects to the auth code url (4db6416)

  • Parallel generation of JSON web key set (#3561) (5bd9002)

  • Propagate logout to identity provider (#3596) (c004fee):

    • feat: propagate logout to identity provider

    This commit improves the integration between Hydra and Kratos when logging
    out the user.

    This adds a new configuration key for configuring a Kratos admin URL.
    Additionally, Kratos can send a session ID when accepting a login request.
    If a session ID was specified and a Kratos admin URL was configured,
    Hydra will disable the corresponding Kratos session through the admin API
    if a frontchannel or backchannel logout was triggered.

    • fix: add special case for MySQL
    • chore: update sdk
    • chore: consistent naming
    • fix: cleanup persister
  • Support different jwt scope claim strategies (#3531) (45da11e)

Changelog

  • 2c452ef autogen(docs): regenerate and update changelog
  • 551c359 autogen(docs): regenerate and update changelog
  • 93ebaee autogen(docs): regenerate and update changelog
  • 7cfba84 autogen(docs): regenerate and update changelog
  • cb64770 autogen(docs): regenerate and update changelog
  • 938d4bb autogen(docs): regenerate and update changelog
  • 0072ddf autogen(docs): regenerate and update changelog
  • c30de7f autogen(docs): regenerate and update changelog
  • 6c298b2 autogen(docs): regenerate and update changelog
  • a547a74 autogen(docs): regenerate and update changelog
  • 5704640 autogen(docs): regenerate and update changelog
  • e586cc2 autogen(docs): regenerate and update changelog
  • 2bdad2c autogen(docs): regenerate and update changelog
  • dc878b8 autogen(docs): regenerate and update changelog
  • 425c977 autogen(docs): regenerate and update changelog
  • 339bf40 autogen(docs): regenerate and update changelog
  • ea40d44 autogen(docs): regenerate and update changelog
  • 71d1853 autogen(docs): regenerate and update changelog
  • be85c29 autogen(docs): regenerate and update changelog
  • 598c21d autogen(docs): regenerate and update changelog
  • 42a9615 autogen(docs): regenerate and update changelog
  • 330530d autogen(openapi): regenerate swagger spec and internal client
  • 254a21b autogen(openapi): regenerate swagger spec and internal client
  • ad8a4ba autogen: pin v2.2.0-rc.3 release commit
  • 6631c21 autogen: render config schema
  • 59ec76b chore(deps): bump semver from 5.7.0 to 5.7.2 (#3569)
  • 9fd59e2 chore(deps): bump semver from 5.7.0 to 5.7.2 in /test/e2e/oauth2-client (#3570)
  • 3c5c126 chore(deps): bump tough-cookie, @cypress/request and wait-on (#3592)
  • 48d5df4 chore: add hperl as codeowner (#3607)
  • efd9ca7 chore: bump deps (#3560)
  • d5099cb chore: remove fosite branch override (#3599)
  • 3914585 chore: replace fosite rewrite (#3564)
  • 8ed2a2d chore: support in README (#3565)
  • 1a1f504 chore: update repository templates to ory/meta@ac80097
  • eb89af7 chore: update repository templates to ory/meta@af28aff
  • 4db6416 feat(cmd): add route that redirects to the auth code url
  • 749eb8d feat: add hydra migrate status subcommand (#3579)
  • 466e66b feat: add more resolution to events and collect client metrics (#3568)
  • b8b9154 feat: add state override
  • 219a7c0 feat: add support for OIDC VC (#3575)
  • 8eed306 feat: allow Go migrations (#3602)
  • 8900cbb feat: allow additional SQL migrations (#3587)
  • c72a316 feat: allow to disable claim mirroring (#3563)
  • 0b56f53 feat: bump fosite and add some more tracing
  • 5bd9002 feat: parallel generation of JSON web key set (#3561)
  • c004fee feat: propagate logout to identity provider (#3596)
  • 45da11e feat: support different jwt scope claim strategies (#3531)
  • 1f1121c fix: add exceptions for internal IP addresses (#3608)
  • 9f1c8d1 fix: add kid to verifiable credential header (#3606)
  • 6741a49 fix: deflake ttl test
  • 01ff9da fix: docker build (#3609)
  • 6f592fc fix: enable CORS with hot-reloaded origins (#3601)
  • a21e945 fix: only query access tokens by hashed signature
  • 1b26c4c fix: racy random string generation (#3555)
  • 1d73d83 fix: reject invalid JWKS in client configuration / dependency cleanup and bump (#3603)
  • dfb129a fix: restore ability to override auth and token urls for exemplary app (#3590)
  • 26f2d34 fix: return proper error when the grant request cannot be parsed (#3558)
  • 807cbd2 fix: use correct tracer in middleware (#3567)

Artifacts can be verified with cosign using this public key.

v2.2.0-rc.2

13 Jun 14:15
b183040
Compare
Choose a tag to compare
v2.2.0-rc.2 Pre-release
Pre-release

This release optimizes the performance of authorization code grant flows by minimizing the number of database queries. We acheive this by storing the flow in an AEAD-encoded cookie and AEAD-encoded request parameters for the authentication and consent screens.

BREAKING CHANGE:

  • The client that is used as part of the authorization grant flow is stored in the AEAD-encoding. Therefore, running flows will not observe updates to the client after they were started.
  • Because the login and consent challenge values now include the AEAD-encoded flow, their size increased to around 1kB for a flow without any metadata (and increases linearly with the amount of metadata). Please adjust your ingress / gateway accordingly.

Bug Fixes

  • Version clash in apk install (24ebdd3)

Code Generation

  • Pin v2.2.0-rc.2 release commit (b183040)

Features

Changelog

  • 4194d75 autogen(docs): regenerate and update changelog
  • 898aa00 autogen(docs): regenerate and update changelog
  • b183040 autogen: pin v2.2.0-rc.2 release commit
  • a8ecf80 feat: hot-reload Oauth2 CORS settings (#3537)
  • 3ec683d feat: sqa metrics v2 (#3533)
  • 24ebdd3 fix: version clash in apk install

Artifacts can be verified with cosign using this public key.

v2.1.2

24 May 08:55
d94ed6e
Compare
Choose a tag to compare

We are excited to announce the next Ory Hydra release! This release includes the following important changes:

  • Fixed a memory leak in the OpenTelemetry implementation, improving overall memory usage and stability.
  • Added a missing index for faster janitor cleanup, resulting in quicker and more efficient cleanup operations.
  • Fixed a bug related to SameSite in dev mode, ensuring proper functionality and consistency in handling SameSite attributes during development.

We appreciate your continuous support and feedback. Please feel free to reach out to us with any further suggestions or issues.

Bug Fixes

  • Add index on requested_at for refresh tokens and use it in janitor (#3516) (5b8e712)

  • Disable health check request logs (#3496) (eddf7f3)

  • Do not use prepared SQL statements and bump deps (#3506) (31b9e66)

  • Proper SameSite=None in dev mode (#3502) (5751fae)

  • Sqa config values unified across projects (#3490) (1b1899e)

  • sql: Incorrect JWK query (#3499) (13ce0d6):

    persister_grant_jwk had an OR statement without bracket leading to not using the last part of the query.

Code Generation

  • Pin v2.1.2 release commit (d94ed6e)

Documentation

Features

Changelog

  • 0e84c24 autogen(docs): generate and bump docs
  • 9f37172 autogen(docs): regenerate and update changelog
  • 872720b autogen(docs): regenerate and update changelog
  • 4907223 autogen(docs): regenerate and update changelog
  • ba45af0 autogen(docs): regenerate and update changelog
  • 3703e5a autogen(docs): regenerate and update changelog
  • ca85a17 autogen(docs): regenerate and update changelog
  • 0e7e95f autogen(docs): regenerate and update changelog
  • be8f726 autogen: add v2.1.1 to version.schema.json
  • d94ed6e autogen: pin v2.1.2 release commit
  • 20c6fa7 autogen: render config schema
  • 400b9af chore(deps): bump @nestjs/core and @openapitools/openapi-generator-cli (#3493)
  • f2f007d chore(deps): bump github.com/docker/distribution (#3514)
  • b69a332 chore: bump ory/x (#3518)
  • cf20054 chore: remove unneeded dependency (#3494)
  • e2b7665 chore: update nodemon version for oauth2 client (#3503)
  • b71a36b docs: incorrect json output format example (#3497)
  • 083d518 feat: add --skip-consent flag to hydra cli (#3492)
  • 13ce0d6 fix(sql): incorrect JWK query (#3499)
  • 5b8e712 fix: add index on requested_at for refresh tokens and use it in janitor (#3516)
  • eddf7f3 fix: disable health check request logs (#3496)
  • 31b9e66 fix: do not use prepared SQL statements and bump deps (#3506)
  • 5751fae fix: proper SameSite=None in dev mode (#3502)
  • 1b1899e fix: sqa config values unified across projects (#3490)

Artifacts can be verified with cosign using this public key.

v2.1.1

11 Apr 10:52
6efae7c
Compare
Choose a tag to compare

We are excited to share this year's Q1 release of Ory Hydra: v2.1!

Highlights:

  • Support for Datadog tracing (#3431).
  • Ability to skip consent for trusted clients (#3451).
  • Setting access token type in the OAuth2 Client is now possible (#3446).
  • Revoke login sessions by SessionID (#3450).
  • Session lifespan extended on session refresh (#3464).
  • Token request hooks added for all grant types (#3427).
  • Reduced SQL tracing noise (#3481).

Don't want to run the upgrade yourself? Switch to Ory Network!

Bug Fixes

Code Generation

  • Pin v2.1.1 release commit (6efae7c)

Changelog

  • df16a26 autogen(docs): generate and bump docs
  • ed2ac06 autogen(docs): regenerate and update changelog
  • 6078f85 autogen(docs): regenerate and update changelog
  • ddfbd65 autogen: add v2.1.0 to version.schema.json
  • 6efae7c autogen: pin v2.1.1 release commit
  • ad549d6 autogen: pin v2.1.1 release commit
  • 2f7cda5 autogen: render config schema
  • 0448284 chore: update ory/x (#3480)
  • 8720b25 fix: double-hashed access token signatures (#3486)
  • 6e1f545 fix: reduce SQL tracing noise (#3481)

Artifacts can be verified with cosign using this public key.

v2.1.0

07 Apr 12:13
3649832
Compare
Choose a tag to compare

We are excited to share this year's Q1 release of Ory Hydra: v2.1.0!

Highlights:

  • Support for Datadog tracing (#3431).
  • Ability to skip consent for trusted clients (#3451).
  • Setting access token type in the OAuth2 Client is now possible (#3446).
  • Revoke login sessions by SessionID (#3450).
  • Session lifespan extended on session refresh (#3464).
  • Token request hooks added for all grant types (#3427).
  • Reduced SQL tracing noise (#3481).

Don't want to run the upgrade yourself? Switch to Ory Network!

Bug Fixes

Code Generation

  • Pin v2.1.0 release commit (3649832)

Changelog

  • 5c2e227 autogen(docs): regenerate and update changelog
  • 3649832 autogen: pin v2.1.0 release commit
  • 6e1f545 fix: reduce SQL tracing noise (#3481)

Artifacts can be verified with cosign using this public key.

v2.1.0-pre.2

03 Apr 09:36
3b1d87e
Compare
Choose a tag to compare
v2.1.0-pre.2 Pre-release
Pre-release

autogen: pin v2.1.0-pre.2 release commit

Code Generation

  • Pin v2.1.0-pre.2 release commit (3b1d87e)

Changelog

  • 3b1d87e autogen: pin v2.1.0-pre.2 release commit

Artifacts can be verified with cosign using this public key.

v2.1.0-pre.1

03 Apr 09:13
2289e6b
Compare
Choose a tag to compare
v2.1.0-pre.1 Pre-release
Pre-release

autogen: pin v2.1.0-pre.1 release commit

Code Generation

  • Pin v2.1.0-pre.1 release commit (2289e6b)

Changelog

  • 2289e6b autogen: pin v2.1.0-pre.1 release commit
  • 0d740d9 chore(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 (#3476)
  • c29b968 chore: update alpine version

Artifacts can be verified with cosign using this public key.

v2.0.3

08 Dec 12:22
16831c5
Compare
Choose a tag to compare

Bugfixes for migration and pagination regressions and a new endpoint.

Bug Fixes

  • Add client_id and client_secret to revokeOAuth2Token (#3373) (93bac07)

  • Docker build (48217bd)

  • Introspect command CLI example (#3353) (4ee4456)

  • Invalidate tokens with inconsistent state (#3385) (542ea77), closes #3346:

    This patch includes SQL migrations targeting environments which have not yet migrated to Ory Hydra 2.0. It removes inconsistent records which resolves issues during the migrations process. Please be aware that some users might be affected by this change. They might need to re-authorize certain apps. However, most active records should not be affected by this.

    Installations already on Ory Hydra 2.0 will not be affected by this change.

  • No longer auto-generate system secret (c5fe043):

    This patch changes Ory Hydra's behavior to no longer auto-generate a temporary secret when no global secret was set. The APIs now return an error instead.

    See ory/network#185

  • Prevent multiple redirections to post logout url (#3366) (50666b9), closes #3342

  • Strip public from schema (#3374) (3831b44), closes #3367

  • Token pagination (#3384) (e8d8de9), closes #3362

Code Generation

  • Pin v2.0.3 release commit (16831c5)

Features

Changelog

  • 5d79e57 autogen(docs): generate and bump docs
  • bd19086 autogen(docs): regenerate and update changelog
  • 2720839 autogen(docs): regenerate and update changelog
  • a400a35 autogen(docs): regenerate and update changelog
  • 6710ddc autogen(docs): regenerate and update changelog
  • d7a28e9 autogen(docs): regenerate and update changelog
  • f2925ee autogen(docs): regenerate and update changelog
  • 2986605 autogen(docs): regenerate and update changelog
  • c586e03 autogen(openapi): regenerate swagger spec and internal client
  • c65342e autogen: add v2.0.2 to version.schema.json
  • 16831c5 autogen: pin v2.0.3 release commit
  • b28bad3 chore(deps): bump decode-uri-component in /test/e2e/oauth2-client (#3377)
  • cb23cca chore(deps): bump minimatch in /test/e2e/oauth2-client (#3381)
  • 93fc0a1 chore(deps): bump qs from 6.5.2 to 6.5.3 (#3380)
  • 316b582 chore(deps): bump qs, body-parser and express in /test/e2e/oauth2-client (#3379)
  • f9f0337 chore: list contributors in file (#3345)
  • d275ad6 feat: list consent sessions by session id (#2853)
  • 93bac07 fix: add client_id and client_secret to revokeOAuth2Token (#3373)
  • 48217bd fix: docker build
  • 4ee4456 fix: introspect command CLI example (#3353)
  • 542ea77 fix: invalidate tokens with inconsistent state (#3385)
  • c5fe043 fix: no longer auto-generate system secret
  • 50666b9 fix: prevent multiple redirections to post logout url (#3366)
  • 3831b44 fix: strip public from schema (#3374)
  • e8d8de9 fix: token pagination (#3384)

Artifacts can be verified with cosign using this public key.