Skip to content

v2.2.0-rc.3

Pre-release
Pre-release
Compare
Choose a tag to compare
@ory-bot ory-bot released this 16 Aug 21:09
· 225 commits to master since this release
ad8a4ba

Introduces logout compatibility with Ory Kratos.

Bug Fixes

  • Add exceptions for internal IP addresses (#3608) (1f1121c)
  • Add kid to verifiable credential header (#3606) (9f1c8d1)
  • Deflake ttl test (6741a49)
  • Docker build (#3609) (01ff9da)
  • Enable CORS with hot-reloaded origins (#3601) (6f592fc)
  • Only query access tokens by hashed signature (a21e945)
  • Racy random string generation (#3555) (1b26c4c)
  • Reject invalid JWKS in client configuration / dependency cleanup and bump (#3603) (1d73d83)
  • Restore ability to override auth and token urls for exemplary app (#3590) (dfb129a)
  • Return proper error when the grant request cannot be parsed (#3558) (26f2d34)
  • Use correct tracer in middleware (#3567) (807cbd2)

Code Generation

  • Pin v2.2.0-rc.3 release commit (ad8a4ba)

Features

  • Add hydra migrate status subcommand (#3579) (749eb8d)

  • Add more resolution to events and collect client metrics (#3568) (466e66b)

  • Add state override (b8b9154)

  • Add support for OIDC VC (#3575) (219a7c0):

    This adds initial support for issuing verifiable credentials
    as specified in https://openid.net/specs/openid-connect-userinfo-vc-1_0.html.

    Because the spec is still in draft, public identifiers are
    suffixed with draft_00.

  • Allow additional SQL migrations (#3587) (8900cbb)

  • Allow Go migrations (#3602) (8eed306)

  • Allow to disable claim mirroring (#3563) (c72a316):

    This PR introduces another config option called oauth2:mirror_top_level_claims which may be used to disable the mirroring of custom claims into the ext claim of the jwt.
    This new config option is an opt-in. If unused the behavior remains as-is to ensure backwards compatibility.

    Example:

    oauth2:
      allowed_top_level_claims:
        - test_claim
      mirror_top_level_claims: false # -> this will prevent test_claim to be mirrored within ext

    Closes #3348

  • Bump fosite and add some more tracing (0b56f53)

  • cmd: Add route that redirects to the auth code url (4db6416)

  • Parallel generation of JSON web key set (#3561) (5bd9002)

  • Propagate logout to identity provider (#3596) (c004fee):

    • feat: propagate logout to identity provider

    This commit improves the integration between Hydra and Kratos when logging
    out the user.

    This adds a new configuration key for configuring a Kratos admin URL.
    Additionally, Kratos can send a session ID when accepting a login request.
    If a session ID was specified and a Kratos admin URL was configured,
    Hydra will disable the corresponding Kratos session through the admin API
    if a frontchannel or backchannel logout was triggered.

    • fix: add special case for MySQL
    • chore: update sdk
    • chore: consistent naming
    • fix: cleanup persister
  • Support different jwt scope claim strategies (#3531) (45da11e)

Changelog

  • 2c452ef autogen(docs): regenerate and update changelog
  • 551c359 autogen(docs): regenerate and update changelog
  • 93ebaee autogen(docs): regenerate and update changelog
  • 7cfba84 autogen(docs): regenerate and update changelog
  • cb64770 autogen(docs): regenerate and update changelog
  • 938d4bb autogen(docs): regenerate and update changelog
  • 0072ddf autogen(docs): regenerate and update changelog
  • c30de7f autogen(docs): regenerate and update changelog
  • 6c298b2 autogen(docs): regenerate and update changelog
  • a547a74 autogen(docs): regenerate and update changelog
  • 5704640 autogen(docs): regenerate and update changelog
  • e586cc2 autogen(docs): regenerate and update changelog
  • 2bdad2c autogen(docs): regenerate and update changelog
  • dc878b8 autogen(docs): regenerate and update changelog
  • 425c977 autogen(docs): regenerate and update changelog
  • 339bf40 autogen(docs): regenerate and update changelog
  • ea40d44 autogen(docs): regenerate and update changelog
  • 71d1853 autogen(docs): regenerate and update changelog
  • be85c29 autogen(docs): regenerate and update changelog
  • 598c21d autogen(docs): regenerate and update changelog
  • 42a9615 autogen(docs): regenerate and update changelog
  • 330530d autogen(openapi): regenerate swagger spec and internal client
  • 254a21b autogen(openapi): regenerate swagger spec and internal client
  • ad8a4ba autogen: pin v2.2.0-rc.3 release commit
  • 6631c21 autogen: render config schema
  • 59ec76b chore(deps): bump semver from 5.7.0 to 5.7.2 (#3569)
  • 9fd59e2 chore(deps): bump semver from 5.7.0 to 5.7.2 in /test/e2e/oauth2-client (#3570)
  • 3c5c126 chore(deps): bump tough-cookie, @cypress/request and wait-on (#3592)
  • 48d5df4 chore: add hperl as codeowner (#3607)
  • efd9ca7 chore: bump deps (#3560)
  • d5099cb chore: remove fosite branch override (#3599)
  • 3914585 chore: replace fosite rewrite (#3564)
  • 8ed2a2d chore: support in README (#3565)
  • 1a1f504 chore: update repository templates to ory/meta@ac80097
  • eb89af7 chore: update repository templates to ory/meta@af28aff
  • 4db6416 feat(cmd): add route that redirects to the auth code url
  • 749eb8d feat: add hydra migrate status subcommand (#3579)
  • 466e66b feat: add more resolution to events and collect client metrics (#3568)
  • b8b9154 feat: add state override
  • 219a7c0 feat: add support for OIDC VC (#3575)
  • 8eed306 feat: allow Go migrations (#3602)
  • 8900cbb feat: allow additional SQL migrations (#3587)
  • c72a316 feat: allow to disable claim mirroring (#3563)
  • 0b56f53 feat: bump fosite and add some more tracing
  • 5bd9002 feat: parallel generation of JSON web key set (#3561)
  • c004fee feat: propagate logout to identity provider (#3596)
  • 45da11e feat: support different jwt scope claim strategies (#3531)
  • 1f1121c fix: add exceptions for internal IP addresses (#3608)
  • 9f1c8d1 fix: add kid to verifiable credential header (#3606)
  • 6741a49 fix: deflake ttl test
  • 01ff9da fix: docker build (#3609)
  • 6f592fc fix: enable CORS with hot-reloaded origins (#3601)
  • a21e945 fix: only query access tokens by hashed signature
  • 1b26c4c fix: racy random string generation (#3555)
  • 1d73d83 fix: reject invalid JWKS in client configuration / dependency cleanup and bump (#3603)
  • dfb129a fix: restore ability to override auth and token urls for exemplary app (#3590)
  • 26f2d34 fix: return proper error when the grant request cannot be parsed (#3558)
  • 807cbd2 fix: use correct tracer in middleware (#3567)

Artifacts can be verified with cosign using this public key.