Table of Contents generated with DocToc

Change Log

Change Log

Unreleased

Full Changelog

Closed issues:

issuer in discovery document contains trailing '/' #1482
jwk: Delete a JWK endpoint deletes a JWK set when dsn is memory #1473

v1.0.0 (2019-06-24)

Full Changelog

Implemented enhancements:

consent: Login and consent request challenge should be sent as query parameter #1307
Empty subject not validated during login/consent #1254
consent: Remember logic confuses developers #1165
Allow for insecure redirect URI for development #1021
consent: Share session state between login and consent #1003
Allow logging out and deleting a single session cookie #970
consent: expose a list of all clients authorized by a user #953
client: Improve and DRY validation in handler #909
Extend status page to check dependencies. #887
oauth2: Revoke previous and future access tokens when revoking a token #884
consent: Add endpoint to revoke authentication and consent sessions #856
oauth2: Consider implementing OIDC Session Management #834
oauth2: Allow multiple audience claims on ID token #790
cmd: Add cli helper for importing and exporting environments (clients, policies, keys) #699
oauth2: Revoke access and refresh tokens when authorization code is used twice #693
OpenID Connect Certification #689
oauth2: Reintroduce audience claim #687
cli/clients: allow to import multiple clients with one file #388
Importing a client should fail when an unrecognized field is found #357
oauth2: allow token revocation without knowing the token (i.e. per user) #304
consent: Move to query parameters #1375 (aeneasr)
cmd: Add resilience to CLI REST commands #1359 (aeneasr)
client: Improve handling of legacy id field #927 (aeneasr)
ci: Automatically pushes docs to website #784 (aeneasr)

Fixed bugs:

cmd: hydra token client no longer seems to be using basic auth #1439
consent: Regression causes login to skip remember on consecutive calls #1409
jwk: Remove duplicates from jwks list #1408
nil pointer panic on /oauth2/sessions/logout without id token hint #1403
Missing /.well-known/jwks.json endpoint #1349
Call to consent accept/reject for a second time gives error #1256
Scope value double-escaping? #1201
client: Improve error messages from managers #976
500 error returned on GET /clients/{id} when client doesn't exist #903
oidc_context empty #900
consent: Duplicate row error should return a better error message #880
metrics: Properly handle metrics log messages #833
id_token not returned after request at the /oauth2/token endpoint using the refresh_token #794
oauth2: Fix swagger documentation for oauth2/token #1284 (aeneasr)
jwk: Auto-remove old keys when upgrading from < beta.7 #925 (aeneasr)
consent: Propagates oidc_context to consent request #901 (aeneasr)

Closed issues:

Why is my BCrypt benchmark slower than CircleCI's? #1478
Low RPS on BCrypt-secured enpoints #1477
Support different read/write database URLs #1475
id\_token\_hint should be optional on end\_session\_endpoint #1472
The Hydra can't recovery the readiness status in k8s #1471
oauth2: BCrypt hashs inputs (passwords) of maximum of 72 bytes, limiting OAuth 2.0 Client Secret length #1438
health: Check if and why the health endpoint returns a HTTPS response #879
consent: Investigate if failure during consent should cause session to be revoked #854
cmd: Deprecate hydra connect and replace with per-command flags and environment variables #840
docs: Add limitations section #839
Does warden groups work with internal Hydra APIs? #823

Merged pull requests:

jwk: Fix memory mamager of JWK deletion #1474 (sawadashota)
cmd: Add missing html closing tag to token user #1479 (aeneasr)
sdk: Fix missing and broken swagger annotations #1440 (aeneasr)
fix fallback routes and templates #1402 (MDrollette)
oauth2: Allow whitelisting insecure redirect URLs #1354 (aeneasr)
consent: Use query parameters for challenges #1351 (aeneasr)
Resolve sql testing race issues #1332 (aeneasr)
Remove opencollective from package.json #1324 (DASPRiD)
docker: update docker-compose to v3 + docker-compose files refactor #1323 (lopezator)
cmd: Add client secret encryption option #1322 (sawadashota)
config: Improve configuration and service management #1314 (aeneasr)
oauth2: Resolves client secrets from potentially leaking to the database in cleartext #820 (aeneasr)

v1.0.0-rc.16 (2019-06-13)

Full Changelog

Closed issues:

Benchmark link is broken in README.md #1465
hydra fails to connect mysql server #1463
What's the deal with LICENSE.txt in the 64-bit linux tarball? is this open source or not? #1462
The hydra can't handle the DB username with "@" character #1460
pq: operator does not exist: character varying =? #1457
Slow MySQL query #1454
Support Jaeger Tracing with Istio and Kubernetes #1447
Incorrect namespace for PHP SDK #1443

Merged pull requests:

Remove binary license #1470 (aeneasr)
docker: Run as non-root user #1469 (aeneasr)
sdk: Update SDKs and fix PHP namespace #1468 (aeneasr)
mod: Update ory/x to 0.0.63 #1467 (aeneasr)
mod: Update to ory/x 0.0.61 #1466 (aeneasr)
docs: Add a link to Identity Provider "Werther" to community projects #1464 (nikolaas)
cmd: Add option to disable access log for health endpoints #1458 (hypnoglow)
tracing: Add support for B3 headers via the JAEGER_PROPAGATION env var #1456 (ptescher)

v1.0.0-rc.15 (2019-06-05)

Full Changelog

Closed issues:

level=fatal msg="Unable to instantiate service registry." error="no driver is capable of handling the given DSN" #1455
Display / as RegistrationEndpoint in spite of undefined #1448

Merged pull requests:

cli: Use go templates in token user #1461 (aeneasr)
docs: Fix link to system secret rotation #1459 (sawadashota)
Build(deps): Bump jackson-version from 2.8.9 to 2.9.9 in /sdk/java/hydra-client-resttemplate #1453 (dependabot[bot])
docs: Updates issue and pull request templates #1452 (aeneasr)
docs: Updates issue and pull request templates #1451 (aeneasr)
docs: Updates issue and pull request templates #1450 (aeneasr)
oauth2: Don't show registration_endpoint if config is undefined #1449 (sawadashota)
feat: support default jaeger environment variables #1442 (shaxbee)

v1.0.0-rc.14 (2019-05-18)

Full Changelog

Closed issues:

Logout REST API and documentation mismatch #1435
client, consent: rethink pagination #1434
Unix socket ignores first part of the uri #1433
.well-known/openid-configuration endpoint swapped values #1420
Feature request: CockroachDB support #990

Merged pull requests:

ci: Resolve goreleaser issues #1445 (aeneasr)
ci: Update release pipeline #1444 (aeneasr)
mod: Update module definitions #1441 (aeneasr)
docs: Updates issue and pull request templates #1432 (aeneasr)

v1.0.0-rc.12 (2019-05-10)

Full Changelog

Implemented enhancements:

cmd: add the post logout redirect uris flag to the clients create command #1426
all: add cockroachdb support #1348 (lopezator)

Closed issues:

Invalid namespace on composer.json #1429
CORS No 'Access-Control-Allow-Origin' header is present #1421
client_secret_basic fails when client_secret is auto-generated #1419

Merged pull requests:

Fixed composer namespace #1431 (MASNathan)
sdk: Remove go sdk submodule #1430 (aeneasr)
Swapped handlers to match correct values #1428 (MASNathan)
cmd: allow to set the client's post-logout URIs #1427 (aberasarte)
sdk/go: Add go.mod definition in sdk directory #1425 (aeneasr)
driver: Fix broken cors option test #1423 (aeneasr)

v1.0.0-rc.11 (2019-05-02)

Full Changelog

Closed issues:

jwk: Remove duplicates from jwks list #1413
Help message for migrate sql is unclear regarding source of database URL. #1411
Documentation is incorrect for some admin URLs #1410
Accept login request 404s #1406
Audience is not set on access tokens #1405
cors: Apply sane defaults for cors #1400
sql: insert/update statements are slow on MySQL 8.0.x #1397

Merged pull requests:

consent: Resolve nil pointer panic in logout flow #1418 (aeneasr)
cors: Use sane default settings for CORS options #1417 (aeneasr)
config: Remove duplicates JWKS IDs from wellknown config #1416 (aeneasr)
consent: Do not confirmLoginSession when skip is true (#1414) #1415 (aeneasr)
Do not confirmLoginSession when skip is true to prevent remember reset to false #1414 (saadtazi)
Fix migrate SQL command message regarding config file. #1412 (dkushner)
ttl is a top-level config value #1407 (MDrollette)
docs: Add OIDC FC/BC changes to upgrade guide #1401 (aeneasr)

v1.0.0-rc.10 (2019-04-29)

Full Changelog

Implemented enhancements:

cmd: Add plans to migrations #1139
docker: Investigate adding entrypoint.sh #1108
client: Whitelist logout redirect URL per client #1004
cmd: Remove notice about BETA in OAUTH2_ACCESS_TOKEN_STRATEGY #946

Closed issues:

[Question] What is the correct way to run hydra token client CLI command ? #1396
/.well-known/jwks.json output wrong keys #1395
test: Add consent revokation to e2e testing #1389
go sdk is broken in rc9 #1388
CORS for public is disabled? #1387
Class naming inconsistent in swagger comment to cause swagger generated sdk could not be built on case sensitive os. #1384
Outdated hydra PHP composer package #1382
Add support for ACME TLS Certificates #1378
SDK documentation dissapeared #1377
Access Tokens JWT signed with ID Token key when AcessTokenStrategy is JWT #1371
/.well-known/jwks.json only returns OpenIDConnect keys when strategy is JWT #1369
Introduce e2e testing using cypress #1368
how to get userinfo #1367
Unable to test silent refresh in local development #1364
Memory leak with jaeger tracing enabled #1363
docs: Are refresh tokens introspectable or not? #1250

Merged pull requests:

docker: Remove full tag from build pipeline #1399 (aeneasr)
docker: Update jaeger tracing docker compose file #1398 (aeneasr)
sdk: Ignore sdk directory when generating OA spec #1394 (aeneasr)
Resolve several minor issues #1393 (aeneasr)
Improve e2e test performance #1392 (aeneasr)
consent: Allow prompt=none for public clients #1391 (aeneasr)
sdk: Make clear that refresh tokens are introspectable #1390 (aeneasr)
README.md: Fix contributors link #1385 (mkontani)
Implement OpenID Connect Front-/Backchannel logout #1376 (aeneasr)
oauth2: Resolve memory leak in gorilla/sessions #1374 (aeneasr)
driver: Use proper key name when JWT is enabled #1373 (aeneasr)
cmd: fix help text on migrate cmd #1372 (MDrollette)

v1.0.0-rc.9+oryOS.10 (2019-04-18)

Full Changelog

Implemented enhancements:

oauth2: Support OAuth2 discovery #1127
pagination: Add paging to output #1047
cli: Add retry for broken network #846

Closed issues:

Misuse of http.Header{}.Write\(...\) #1361
Hydra (Linux Container) on Windows docker cannot reach PostgreSQL #1360
Migrations have stopped working on tests locally #1357
Reenable Config Option #1344
OpenID Connect Discovery endpoint is missing revocation_endpoint #1268
Error: "Command failed because error occurred: invalid character 'p' after top-level value" on running hydra client create #1244
Problem with import path for go-resty and go1.11 modules #1063

Merged pull requests:

Fix pagination headers #1362 (kminehart)
Pagination headers #1358 (kminehart)
oauth2: Expose revocation endpoint at OIDC Discover #1356 (aeneasr)
oauth2: Expose revocation endpoint at OIDC Discovery #1355 (aeneasr)
consent: Add ability to share data from login to consent request #1353 (aeneasr)
Add package-lock.json #1352 (aeneasr)
driver: Initialize everything on start up #1350 (aeneasr)
sdk: Move to go-swagger code generator #1347 (aeneasr)
make: Introduce install-stable and install tasks #1346 (aeneasr)
cmd: Reenable -c cli flag #1345 (aeneasr)
docs: Fix environment variable DATABASE_URL to DSN #1343 (sawadashota)

v1.0.0-rc.8+oryOS.10 (2019-04-03)

Full Changelog

Merged pull requests:

ci: Fix broken version info in build #1342 (aeneasr)

v1.0.0-rc.7+oryOS.10 (2019-04-02)

Full Changelog

Implemented enhancements:

cmd: Clients list command #1310

Fixed bugs:

Profiling doesn't log any data #1061

Closed issues:

Rest API Logs user out by deleting the session cookie is not working #1329
max_conns and max_idle_conns are not removed from DSN #1327
Update docker-compose to v3 #1321
Token user container exit after getting the access token for a single login. #1320
cmd: Support client secret encryption at stdout #1317
jwk: Improve key rotation #1316
docker-compose restart value is wrong #1312
docs: Improve Quickstart guide #1309
Terraform Provider #1304
ERROR: Service 'hydra-migrate' failed to build: The command '/bin/sh -c go mod download' returned a non-zero code: 1 #1298
Invalid expiration time during introspection the token refresh #1296
504 Timeout when refreshing token #1295
Website displays 0 github stars #1292
Ambiguous Dockerfile versions #1289
flush endpoint throw error #1288
Redirect url is not getting the access token and refresh token when changed. #1287
How to store my access token in the browser storage? #1286
Consent /reject without error data will always return an invalid_request error #1285
Support multi proxies between TLS termination proxy and hydra #1282
Is the hydra security console open source? #1281
CSRF value not present in session cookie in ory hydra login flow #1280
Log readiness and liveness routes in debug log level #1278
oAuth calls failing with 404 not found #1276
Not Generating other token #1275
Help needed for API endpoints #1274
CI: cannot install gometalinter at CircleCI #1272
CVE-2019-6486 - DoS vulnerability in the crypto/elliptic implementations #1270
Website caveat #1269
sql: Unable to connect to database URL with special chars in username/password #1266
localhost https bug x-forward-proto is back #1265
Granted audience not set in OIDC token #1264
CI: can't load package github.com/stretchr/testify v1.3.0 #1261
Revoking consent session breaks database #1255
Deployment on Heroku #1253
oauth2: token introspection does not work #1252
Support fosite delegated transactions in SQL storage #1247
Refresh token not works properly #1246
Error : The "redirect_uri" parameter does not match any of the OAuth 2.0 Client's pre-registered redirect urls #1245
Feature request: Service account #1221
DX: Easily support different workflows by sharing compose configurations #1196
cmd: Replace checkDependency with privates & getter/setter #1121
Replace gox and ghr with goreleaser #1107

Merged pull requests:

Improve release pipeline and update changelog #1341 (aeneasr)
ci: Improve release build pipeline #1340 (aeneasr)
ci: Resolve dirty release issue #1339 (aeneasr)
ci: Move scoop and homebrew to new repos #1338 (aeneasr)
ci: Execute e2e tests immediately #1337 (aeneasr)
ci: Improve cci workflow #1336 (aeneasr)
ci: Remove pure git tag from docker release #1335 (aeneasr)
ci: Use oryOS naming topology for docker release #1334 (aeneasr)
consent: Login revokation is exposed at public not admin #1333 (aeneasr)
ci: Fix broken configuration docs task #1331 (aeneasr)
Add shell installer to repo for curl | bash #1330 (aeneasr)
Default Remember to false in payloads with skip #1325 (kminehart)
Prevent errors when calling HandleConsentRequest a second time #1318 (kminehart)
docker: Bump Golang to 1.12.1 #1315 (sawadashota)
5min-tutorial: fix docker-compose wrong restart values #1313 (lopezator)
cmd: Add clients list command #1311 (sawadashota)
Add check for empty subject in AcceptLoginRequest #1308 (kminehart)
cmd: Fix no-open inverted flag check #1306 (RomanMinkin)
cmd: Fix description of clients create --subject-type option #1305 (sawadashota)
circleci: disable modules support temporarily when fetching a tool #1302 (aaslamin)
Return the expiration time of the token, depending on its type, on the endpoint of introspection. #1300 (pr0head)
Fix 1285 #1297 (kminehart)
docker: Bump golang to 1.12.0 #1293 (sawadashota)
docker: Bump alpine version #1291 (sawadashota)
cmd: Add --allowed-cors-origins to client create. #1290 (jgiles)
config: Support multi proxies between TLS termination proxy and hydra #1283 (sawadashota)
docs: Update docs how to serve with in memory database #1279 (sawadashota)
addresses #1247 #1277 (michaelwagler)
docker: Bump base docker image versions #1271 (sawadashota)
vendor: Bump ory/x to 0.0.35 #1267 (aeneasr)
Bump testify v1.3.0 #1262 (sawadashota)
Disable RejectInsecureRequest middleware on unix sockets #1259 (jayme-github)
Fix disable-telemetry check #1258 (jtescher)
fix token flush CLI description #1251 (sawadashota)
Enable to validate by old system secret #1249 (sawadashota)
fix error message of too short NEW_SYSTEM_SECRET #1248 (sawadashota)

v1.0.0-rc.6+oryOS.10 (2018-12-18)

Full Changelog

Closed issues:

sql: Scan error on column index 13, name "login_challenge": unsupported Scan, storing driver.Value type <nil> into type *string #1240
Security: bump Golang version to 1.11.3 (CVE-2018-16875) #1238
Why is the Ory Hydra Docker image nearly 1GB in size? #1237
Feature request: Database migrations without downtime #1236
typo in "building from source" #1235

Merged pull requests:

docker: Bump base docker image versions #1243 (aeneasr)
docs: Fix install guide typo GO111MOUDULE #1242 (aeneasr)
consent: Properly declare SQL NullStrings #1241 (aeneasr)

v1.0.0-rc.5+oryOS.10 (2018-12-13)

Full Changelog

Implemented enhancements:

Keep tests exportable #1204

Closed issues:

Running the migrate database does not work properly #1227

Merged pull requests:

ci: Resolve flaky test issues #1234 (aeneasr)
README.md: Oktober typo #1233 (hisamura333)
oauth2: Improve introspection debugability #1232 (aeneasr)
Support binding frontend/backend to unix sockets #1230 (jayme-github)
Fix help output of hydra serve #1229 (jayme-github)
ci: Fix flaky sql migration tests #1228 (aeneasr)

v1.0.0-rc.4+oryOS.9 (2018-12-12)

Full Changelog

Implemented enhancements:

client: Track when clients are created #1120
client: Add created/updated at fields #1207 (aeneasr)

Fixed bugs:

Unable to return consent sessions for a user #1203
consent: Show all granted consent requests #1206 (aeneasr)

Closed issues:

Unable to run migrate when comming from beta.7 (mysql) #1225
Migration from beta.9 fails on google cloudsql #1224
Service account #1220
service account #1219
Implement "on behalf of" flow / token exchange #1218
Bump github.com/ory/x to v0.0.33 #1213
OAuth2 Authorization Endpoint Doesn't Use CORS #1211
hydra migrate sql requires superuser privileges #1209
Accept consent flow cause bug with id_token have field in utf8 value for MySQL 5.7+ #1205
Key rotation CLI message is unclear how to use ROTATED_SYSTEM_SECRET #1187

Merged pull requests:

sql: Remove superuser requirements from postgres migrations #1226 (aeneasr)
docker: Remove dep from build chain #1217 (aeneasr)
docs: Fix broken links #1216 (aeneasr)
ci: Use new document id in appendix #1215 (aeneasr)
addresses #1213 by bumping github.com/ory/x to v0.0.33 #1214 (aaslamin)
[oauth2] export tests again #1212 (someone1)
docs: Adapt new docs id structure #1208 (aeneasr)
Set ROTATED_SYSTEM_SECRET to old secret as speficied in docs. #1195 (prateek1192)

v1.0.0-rc.3+oryOS.9 (2018-12-06)

Full Changelog

Closed issues:

PHP-SDK: Composer autoloading broken #1199
sql: Unable to run migrations when coming from beta.9 #1185

Merged pull requests:

oauth2: Use html templates in fallback endpoints #1202 (aeneasr)
Fix #1199: Generated composer autoloader non-functional #1200 (Takuto88)
Migrate links from old docs to new docs #1197 (techthumb)
Fixed tutorial link in README.md #1193 (jimmystridh)
setup: add instructions for updating the hydra-migrate service to use mysql instead of postgres #1192 (aaslamin)
client: rename grant type authorize_code to authorization_code #1191 (sjkaliski)
refactoring #1190 (RikiyaFujii)
Remove duplicated refresh token section #1188 (condemil)

v1.0.0-rc.2+oryOS.9 (2018-11-21)

Full Changelog

Merged pull requests:

sql: Resolve beta.9 -> rc.1 migration issue #1186 (aeneasr)

v1.0.0-rc.1+oryOS.9 (2018-11-21)

Full Changelog

Implemented enhancements:

cmd: token user should be able to set up ssl #1147
client: Deleting a client should delete all associated data too #1131
Use -mod=vendor when building binaries / docker #1112
Switch to go mod #1074
CORS_ALLOWED_ORIGINS doesn't respect wildcards #1073
consent: Add authorize code URL to consent and login response payloads #1046
[Feature Request] Update consent tests to match oauth2/client tests #1043
cmd/server: Export useful bootstrap function #973
sdk: C# language SDK #958
Opentracing tracing integration #931
consent: Add ability to specify Access Token Audience #883
Prepare v1.0.0-rc.1 release #1175 (aeneasr)
vendor: Update fosite to 0.27.3 #1164 (aeneasr)
sdk: Document userinfo as GET instead of POST #1161 (aeneasr)
oauth2: Add audience and improve refresh flow #1156 (aeneasr)
cmd: Improve issuer error message #1152 (aeneasr)
oauth2: Add OAuth2 audience claim and improve migrations #1145 (aeneasr)
Switch to go modules #1077 (aeneasr)
cmd: Fix flaky port finder #1076 (aeneasr)
rand: Fix flaky random test #1075 (aeneasr)

Fixed bugs:

tracing: sql args are added as tags when they should be omitted #1181
consent: Require proof of authentication before ending user session #1154
oauth2: Audience is potentially not being refreshed #1153
Hydra shut down after a race condition #1141
oauth2: Tables oidc, code, openid, refresh are missing indices #1140
consent: SQL field subject\_obfuscated does not have an index #1138
Setting up a fresh hydra installation results in panic #1137
Copy-paste error in manager_0_sql_migrations_test.go #1135
cmd: Error message regarding IssuerURL should contain environment variable name #1133
client: Deleting a client should delete all associated data too #1131
CORS\_ALLOWED\_ORIGINS doesn't respect wildcards #1073
OpenID configuration endpoint returns wrong registration endpoint #1072
OAuth2 Token Revoke call results in 404 Not Found #1070
Missing database indices #1067
Use PKCE with hybrid flow #1060
cmd: Consent timeout is currently hardcoded but environment variable exists #1057
ACR claim not being set on id token when requested by login accept request #1032
List all consent sessions returns 404 #1031
Introspect endpoint reports expiration time for refresh tokens #1025
sql: Resolve index/fk regression issues #1178 (aeneasr)
Prepare v1.0.0-rc.1 release #1175 (aeneasr)
consent: Ignore row count in revoke #1173 (aeneasr)
vendor: Upgrade to fosite 0.27.4 #1171 (aeneasr)
vendor: Update fosite to 0.27.3 #1164 (aeneasr)
consent: Properly propagate acr value #1160 (aeneasr)
cmd: Resolve broken wildcard cors #1159 (aeneasr)
cmd: Resolve panic in migration handler #1151 (aeneasr)
consent: Only fetch latest consent state #1124 (aeneasr)
server: Instantiate PKCE after oidc #1123 (aeneasr)
cli: Improve migrate error messages #1080 (aeneasr)
cmd: Fix flaky port finder #1076 (aeneasr)

Closed issues:

Resolve regression issues related to foreign keys #1177
DELETE /oauth2/auth/sessions/login/{user} returns 404 #1168
How to authenticate with POST /clients endpoint #1148
Implementation of user idel time sout #1146
Move SQL migrations to files and improve test pipeline #1144
cmd: Show error hint in oauth2 error view #1143
Login time deteriorates over time #1119
why hydra-login-consent-go didn't work, is there will have login provider and consent provider with golang? #1117
Intro Blog source code is unreadable #1111
consent: ignores extra claims for id and access token #1106
Invalid_request while generate the Access token in own OAuth 2.0 server #1104
Invalid_request while generate the Access token in own OAuth 2.0 server #1103
Document query parameters for /oauth2/auth #1100
PHP SDK is not PSR-4 compliant #1099
CHALLENGE_TOKEN_LIFESPAN unused #1097
Improve follow-up on numerous ORY repos #1093
Run your own OAuth 2.0 Server : " Client authentication failed " #1091
govet cmd/tooken_user.go: the cancel function returned by context.WithTimeout should be called #1090
Enhancement: specify lifespan for refresh_token #1088
Add at_hash claim to id_token in code flow. #1085
Disable https://api.segment.io POST request #1083
Move internal dependencies to ory/x #1081
Support Kubernetes Secrets #1079
Silent token refresh fails with "The Authorization Server requires End-User consent" #1068
Invalid login_challenge #1065
sql: Add auto-increment PKs #1059
Feature: admin endpoint for deleting expired tokens #1058
consent: Send error response if consent or login challenge is expired or invalid #1056
consent: Add original request URL to login and consent request payloads #1055
Fix flaky random-port generator #1054
Fix flaky pseudo-random test #1053
API doc: GET /userinfo works but not documented #1049
go SDK userInfo response does not support extra claims #1048
Issuer url is allways fallowed by / even when defined without #1041
missing end_session_endpoint from .well-known doc #1040
oryd/hydra:v1.0.0-beta.9 clients api return 404 #1036
DELETE login/{user} and DELETE consent/{user} can not redirect to Login page #1035
remember in requests/login/{challenge}/accept api cause get same subject always #1034
Out of Band OAuth2 Authorization #1033
[Cleanup] CORS Settings #1028
Key rotation leads to "Could not fetch private signing key for OpenID Connect" #1026

Merged pull requests:

More e2e tests #1184 (aeneasr)
fix migrate sql command at upgrading guide #1183 (sawadashota)
rc.1 release preparations #1182 (aeneasr)
e2e: Improve e2e test pipeline #1180 (aeneasr)
docs: Auto-generate appendix #1174 (aeneasr)
vendor: Upgrade to fosite 0.28.0 #1172 (aeneasr)
ci: Generate benchmarks in docus format #1170 (aeneasr)
ci: Update release pipeline for new versioning #1169 (aeneasr)
oauth2: Make client registration endpoint configurable #1167 (aeneasr)
sdk: Update swagger endpoint definition #1166 (aeneasr)
sql: Add missing indices #1157 (aeneasr)
cmd: Add ability to specify consent and login lifespan #1155 (aeneasr)
cmd: Add https option to token user command #1150 (aeneasr)
cmd: Improve token user error handling #1149 (aeneasr)
Minor bug fix in JWK sql migrations test case #1136 (jacor84)
tracing: remove bad tracing config from docker-compose.yml #1132 (aaslamin)
cmd: Resolve issues with secret migration #1129 (aeneasr)
health: Register healthx.AliveCheckPath route for frontend #1128 (jayme-github)
consent: Set fetch order to descending #1126 (aeneasr)
cors: add options cors middleware handler #1125 (JiaLiPassion)
ci: Check vet and fix vet errors #1122 (aeneasr)
jwks: cors for wellknown endpoints #1118 (JiaLiPassion)
oauth2: wellknown should use corsMiddleware #1116 (JiaLiPassion)
tracing: add support for tracing db interactions #1115 (aaslamin)
build: Improve build pipeline #1114 (aeneasr)
e2e: Check for access/id token claims #1113 (aeneasr)
sdk/js: Declare opencollective as devdep #1109 (aeneasr)
Fix missing LoginChallenge and LoginSessionID from GetConsentRequest #1105 (jcxplorer)
Update README - Benchmarks section #1102 (kishaningithub)
docs: Updates issue and pull request templates #1101 (aeneasr)
Add error response if consent or login challenge is expired #1098 (k-lepa)
docs: Updates issue and pull request templates #1096 (aeneasr)
Move dependencies to ory/x #1095 (aeneasr)
docs: Updates issue and pull request templates #1094 (aeneasr)
Add schema changes introduced to UPGRADE.md #1082 (aaslamin)
sql: Add auto-increment PKs #1078 (aeneasr)
tracing: use context aware database methods #1071 (aaslamin)
Add missing indices to resolve #1067 #1069 (aaslamin)
change go-resty import path for gopkg.in/resty.v1 #1064 (pierredavidbelanger)
fosite: bump to version 0.24.0 with associated code changes #1062 (someone1)
Bump fosite version to 0.23.0 + New tracing instrumented Hasher #1052 (aaslamin)
consent: migrate to test helpers [closes #1043] #1051 (someone1)
Fix swagger #1045 (pierredavidbelanger)
client: fix test to pass non-nil context #1044 (someone1)
Bump fosite version and integrate breaking changes #1042 (aaslamin)
two littles things that bugs me when I compile or run tests #1039 (pierredavidbelanger)
cmd: Do not echo secrets if explicitly set #1038 (aeneasr)
propagate context through to the sql store #1030 (aaslamin)
consent: Add SessionsPath const #1027 (someone1)
Use latest version of sqlcon #1024 (davidjwilkins)
cmd/server: Export Handler bootstrap functions (#973) #1023 (someone1)
Add support for distributed tracing #1019 (aaslamin)

v1.0.0-beta.9 (2018-09-01)

Full Changelog

Implemented enhancements:

Duplicate entry error for second consent request #1007
cmd: Print version when booting up #987
client: client specific CORS settings #957
sql: jsonb support for postgres #516
client: filter oauth2 clients by field through REST API #505
cmd: Allow SYSTEM_SECRET key rotation #73
consent: Forward session and login information #1013 (aeneasr)
jwk: Add ability to rotate SYSTEM_SECRET #1012 (aeneasr)
vendor: Upgrade sqlcon to 0.0.6 #1008 (aeneasr)
cmd: Use viper for cors detection #998 (aeneasr)
cmd: Disable CORS by default #997 (aeneasr)
cmd: Add version to banner #995 (aeneasr)
sdk: Add new methods to SDK interface #994 (aeneasr)

Fixed bugs:

Client creation gives incorrect error message #1016
oauth2: id_token_hint should work with expired ID tokens #1014
cors: Don't automatically auto-allow CORS #996
Use ID_TOKEN_LIFESPAN when doing refresh #985
MySQL/MariDB broken on default Debian installations #377
cmd: Clarify HYDRA_ADMIN_URL in missing endpoint message #1018 (aeneasr)
oauth2: Accept expired JWTs as id_token_hint #1017 (aeneasr)
cmd: Disable CORS by default #997 (aeneasr)
consent: Populate consent session with default values #989 (aeneasr)

Closed issues:

cmd: Replace cors fork with upstream #1010
Auth State mismatch. URL Double Encoding #1005
Can not remember consent because no user interaction was required with resp['skip'] false #999
invalid if condition about SubjectTypesSupport #992
sdk: add oauthapi functions to golang interface #991
After redirecting from consent -- runtime error: invalid memory address or nil pointer dereference #988

Merged pull requests:

docker: Update compose definitions #1020 (aeneasr)
config: Fix use of uninitialized logger #1015 (vHanda)
cmd: Replace aeneasr/cors with rs/cors #1011 (aeneasr)
oauth2: Enable client specific CORS settings #1009 (aeneasr)
oauth2: Resolve broken expiry when refreshing id token #1002 (aeneasr)
Delete Procfile #1001 (MOZGIII)
Fix serve all cmd in docker files #1000 (condemil)
cmd: Public subject type should cause public id alg #993 (aeneasr)
config: disable plugin backend through 'noplugin' tag #986 (glerchundi)

v1.0.0-beta.8 (2018-08-10)

Full Changelog

Implemented enhancements:

vendor: Upgrade to MySQL 1.4 driver #965
oauth2: abstract oauth2/handler JWT Strategies #960
oauth2: Support for Pairwise Subject Identifier Type #950
[Enhancement/Proposal] Update Plugin System #949
The JWK api should be able to export .pem #175
cmd: Add flags for new client fields in create #939
client: Deprecate the public flag #938
client: Clarify error message regarding client auth method #936
cmd: Add option to specify new oidc parameters in client #935
consent: Obtain previously selected scopes #902
oauth2: allow issuing of JWT access tokens #248
oauth2: Add scope to introspection test suite #941 (aeneasr)
consent: Add logout api endpoint #984 (aeneasr)
sdk: Upgrade superagent to 3.7.0 #983 (aeneasr)
vendor: Upgrade to latest sqlcon #975 (aeneasr)
oauth2: Refactor JWT strategy #972 (someone1)
oauth2: Removes authorization from introspection #969 (aeneasr)
oauth2: Support for Pairwise Subject Identifier Type #966 (aeneasr)
cmd: Introduce public and administrative ports #963 (aeneasr)
oauth2: Adds JWT Access Token strategy #947 (aeneasr)
oauth2: Improve token endpoint authentication error message #942 (aeneasr)

Fixed bugs:

oauth2: error_hint, error_debug are not shared when redirect fails #974
oauth2: Introspect response is empty when active is false. #964
consent: MemoryManager should return errNoPreviousConsentFound when no previous consent was found #959
consent: Auth session should check for pkg.ErrNotFound, not sql.ErrNoRows #944
sdk: Add AdminURL and PublicURL to configuration #968 (aeneasr)
cmd: Introduce public and administrative ports #963 (aeneasr)
consent: Properly identify revoked login sessions #945 (aeneasr)

Closed issues:

Refresh token and access token share same lifetime #955
Id_token_hint doesn't work as expected #951
consent: Check if helper rejects unknown JSON fields #940
Unable to specify a custom claim to hydra #937
[HTTP API] get /version returns empty #934
Expose administrative APIs at a different port (e.g. 4445) #904

Merged pull requests:

client: Improve memory manager error messages #978 (aeneasr)
consent: Add ListUserConsentSessions to OAuth2API interface #977 (clausdenk)
docker: Update .dockerignore #967 (aeneasr)
cli: fix reporting of epected vs. received status codes #961 (rjw57)
all: Introduce database backend interface and update plugin system an… #956 (someone1)
Add api endpoint to list all authorized clients by user #954 (kingjan1999)
Use spdx expression for license in package.json #952 (kingjan1999)
Improve client API compatibility with oidc dynamic discovery #943 (aeneasr)
oauth2: Share error details with redirect fallback #982 (aeneasr)
cli: Print "active:false" when token is inactive #981 (aeneasr)
consent: Return proper error when no consent was found #980 (aeneasr)
vendor: Upgrade sqlcon to 0.0.5 #979 (aeneasr)

v1.0.0-beta.7 (2018-07-16)

Full Changelog

Implemented enhancements:

Panic when calling oauth2/auth/sessions/consent/{user} or oauth2/auth/sessions/consent/{user}/{client} #928

Fixed bugs:

Panic when calling oauth2/auth/sessions/consent/{user} or oauth2/auth/sessions/consent/{user}/{client} #928

Closed issues:

migration 0.11.10 > 1.0 : did you forget to run hydra migrate sql" or forget to set the SYSTEM_SECRET #926
ClientID property is ignored when creating a new OAuth2 Client #924
The CSRF value from the token does not match the CSRF value from the data store #923
Which version is stable? #922
JSON Web Key Store default keys broken after upgrading to beta.6 #921

Merged pull requests:

Document that ORY Hydra is OpenID Certified #933 (aeneasr)
cmd: Show error when loading x509 cert fails #932 (aeneasr)
Allow cookie without max age #930 (BastianHofmann)
cmd: Check dependencies are defined before instantiation #929 (aeneasr)
README: fix docker linux link #920 (philips)

v1.0.0-beta.6 (2018-07-11)

Full Changelog

Implemented enhancements:

jwk: improve JWK tests #588
cmd: CLI should be able to import PEM keys to JWK store #98

Fixed bugs:

migration 0.9.x -> 1.0: sector_identifier_uri contains null values #918

Closed issues:

Hydra version 0.11.13-alpine break cli #917
docs: disallow secrets from docs/tutorials in production mode #573

Merged pull requests:

client: Fix sql migration step for oidc #919 (aeneasr)
cmd: Allows import of PEM/DER/JSON encoded keys #916 (aeneasr)

v1.0.0-beta.5 (2018-07-07)

Full Changelog

Implemented enhancements:

cmd/server: Die when system secret is in wrong format #817

Fixed bugs:

Public and private key pair fetched from store does not match #912

Closed issues:

go get return error #913
Can't create clients using the CLI #911
is hydra can build on window ? #910
Let's improve the docs! #385
Add benchmarks to documentation #161

Merged pull requests:

consent: Adds ability to revoke consent and login sessions #915 (aeneasr)
jwk: Tests for simple equality in JWT strategy #914 (aeneasr)
Adds OpenID Connect Dynamic Client Registration #908 (aeneasr)
docs: Adds link to examples repository #907 (aeneasr)
docs: Removes obsolete issue template #906 (aeneasr)

v0.11.14 (2018-06-15)

Full Changelog

Fixed bugs:

Missing commits between v0.11.10 and v0.11.12 #894

v1.0.0-beta.4 (2018-06-13)

Full Changelog

v1.0.0-beta.3 (2018-06-13)

Full Changelog

Implemented enhancements:

cmd: Allows reading database from env in migrate sql #898 (aeneasr)

Closed issues:

cmd: Add flag to allow reading database url in migration command from env #896

Merged pull requests:

ci: Stops benchmark result commit & pushes #905 (aeneasr)
docs: Adds CI benchmarks #897 (aeneasr)
all: Moves to metrics-middleware #895 (aeneasr)

v1.0.0-beta.2 (2018-05-29)

Full Changelog

Closed issues:

1.0.0-alpha.1 Release Notes #885

Merged pull requests:

ci: Improves build toolchain #893 (aeneasr)

v1.0.0-beta.1 (2018-05-29)

Full Changelog

Implemented enhancements:

oauth2: Revoke tokens when performing refreshing grant #889
docs: Explicitly document in upgrade guide that hydra is no longer protected by default #888
consent: Investigate if prompt=none should be allowed with implicit flows #866
consent: Implement login_hint capabilities #860
consent: Always remove session if rememberLogin=false #859
consent: Resolve broken time out #852
oauth2: Support max_age #851
consent: Include id_token_hint in oidc context #850
health: Document prometheus endpoint #844
config: Deprecate ClusterURL, ClientID, ClientSecret #841
oauth2: Return token type on token introspection #831
oauth2: Support id_token_hint at authorization endpoint #826
consent app: Restart consent flow #809
client: Add field client\_secret\_expires\_at to create #778
all: All JSON output/input should be using \_ instead of camelCase #777
oauth2: Reject authorization requests for invalid scopes before redirecting to consent endpoint #776
oauth2: Improving the consent flow design #772
oauth2: Expire consent request on successful consent interaction #771
health: Add ability to retrieve version (protected endpoint) #743
Deprecate hydra policies create -f #708
Disallow unknown JSON fields #707
oauth2: Remember authentication and application authorization #697
oauth2: Require consent for OAuth 2.0 public clients #692
policy: evaluate wildcard matching strategy #580
installer: homebrew recipe for macOS users #572
Warden group metadata #387
policy: search policies by subject and resource #362
warden: check against multiple policies #264
core: add warden context everywhere #238
better and more e2e tests #192
Health and test improvements #891 (aeneasr)
Resolves various issues related to OAuth2 #890 (aeneasr)
Improve oidc conformity #876 (aeneasr)
Improves compatibility with OIDC Conformity Tests #873 (aeneasr)
sdk: Remove the need for OAuth2 credentials #869 (aeneasr)
Minor improvements #868 (aeneasr)
consent: Always bust auth session if remember is false #864 (aeneasr)
oauth2: Returns token type on introspection #832 (aeneasr)

Fixed bugs:

Incorrect CORS-related env vars parsing #886
consent: Remove the client secret from consent/login response #878
oauth2: ID Token must be returned in both authorize and token response in hybrid flows with response type code #875
consent: On first prompt=none after authentication, times mismatch #874
oauth2: Reject requests without nonce unless using the code flow #867
oauth2: max_age fails if max_age=1 #862
oauth2: Figure out why MySQL tests are flaky on CI #861
oauth2: Resolve broken prompt parameter #843
oauth2: Duplicate requests to /oauth2/token cause 500 #828
consent app: Restart consent flow #809
Hydra connect fails when the client secret contains "%" #631
Health and test improvements #891 (aeneasr)
Resolves various issues related to OAuth2 #890 (aeneasr)
Improves OpenID Connect Conformity #882 (aeneasr)
Improve oidc conformity #876 (aeneasr)
cmd: Adds jwt strategy and fixes nil pointer exception #865 (aeneasr)

Closed issues:

consent: Authentication session cookie invalidation scenarios #855
Please support Type Definition (d.ts) for typescript. #848
security: add HttpOnly cookie flag #847
REST API /clients limit & offset bug #838
Allow configuring consent URL per client #837
Duplicate client creation results in 500 #835
Error 1406: Data too long for column 'subject' at row 1 #829
Hydra sdk error hydra.introspectOauth2Token is not a function #822
Improve the lint percentage #818
docs: Refactor examples / tutorials #810
Moving the access control engine to Oathkeeper #807
Can you build an identity provider with hydra or not? #789
docker: Add image capable of loading policies/clients/jwks from an init.d directory #760
Add PUT method for /warden/groups/:id #745
Document that the install guide is different from the 5 minute guide #718
Prometheus metrics #669
docs: Port numbers from docker compose and the lengthy tutorial do not match #653
docs: add subject + id mocks in the policy section of the swagger specs for each endpoint #614
docs: /warden/allowed do not fully specify security parameters #565
docs: explain oauth2 better #356
docs: have a "running hydra in production" section #354
docs: clarify that the consent app is responsible for implementing full OIDC #353
docs: add auth0 seminar to docs #347
docs: add bug bounty section to readme #84
docs: add passport.js real-world example #83

Merged pull requests:

vendor: Upgrades fosite dependency #892 (aeneasr)
Minor consent improvements #881 (aeneasr)
oauth2: Ignores JTI in userinfo #877 (aeneasr)
oauth2: Rejects requests without nonce in implicit/hybrid #872 (aeneasr)
Improves health endpoints and cleans up code #871 (aeneasr)
Client secret expires #870 (zepatrik)
Fix mysql timing bug #863 (aeneasr)
consent: Removes stray fmt.Print #858 (aeneasr)
Improves consent flow #857 (aeneasr)
Resolves issues with auth_time #853 (aeneasr)
add /health/version endpoint #845 (zepatrik)
Deprecate connect #842 (aeneasr)
Move policy merged #830 (aeneasr)
[Prometheus] Add new prometheus metrics and metrics endpoint #827 (dolbik)
1.0.x #825 (aeneasr)
Merge from 0.11.x #824 (aeneasr)

v0.11.12 (2018-04-08)

Full Changelog

Fixed bugs:

sdk: PHP sdk missing from releases #781

Closed issues:

Special characters in redirect url #819
"Could not fetch signing key for OpenID Connect" #816

Merged pull requests:

Resolves dep and tests issues #821 (aeneasr)
Activating Open Collective #805 (monkeywithacupcake)
metrics: Improves naming of traits #804 (aeneasr)
0.11 #796 (aeneasr)

v0.11.10 (2018-03-19)

Full Changelog

Closed issues:

docs: Link to php sdk README is wrong #811

Merged pull requests:

Minor code cleanup #815 (euank)
docs: Resolves broken swagger definitions #812 (aeneasr)
docs: Updates banner in readme #808 (aeneasr)
Update links to discord and readme #806 (aeneasr)

v0.11.9 (2018-03-10)

Full Changelog

Implemented enhancements:

telemetry: Add version and build info as custom dimensions #802
docs: Adds redirects for broken guide links #798 (aeneasr)

Fixed bugs:

docker: Build time always return time.Now() #792
cmd: Resolves an issue with broken build time display #799 (aeneasr)
cmd: Adds OpenID Connect refresh handler #797 (aeneasr)

Closed issues:

docs: document difference between scopes and policies #590

Merged pull requests:

metrics: Improves naming of traits #803 (aeneasr)
docs: Resolves broken images and build #801 (aeneasr)
docs: Moves documentation to new repository. #800 (aeneasr)
all: Updates license headers #793 (aeneasr)

v0.11.7 (2018-03-03)

Full Changelog

Implemented enhancements:

make --skip-newsletter the default #779
group: Add pagination to group management #741
jwk: Add pagination to jwk lists #740
client: Add pagination to client list #739
ConsentRequest should use time.Now().UTC() for ExpiresAt. #679
sdk: add python sdk #639
oauth2: Forces UTC in consent strategy #775 (aeneasr)
client: Introduces pagination to client management #774 (aeneasr)

Fixed bugs:

oauth2: Remove exp and iat from ID token header #787
Don't push to coveralls in CI when PR comes from fork #782
policy: List tests do not care about offset/limit - fix that #746

Closed issues:

A way to skip the consent screen for certain clients (first party) #791
Where's the tutorial? #788
Feature Request: oauth2/token endpoint json payload option #786
docs: Deprecate recovering root access section #756
oauth2: Document how to make the well known endpoint public #688
oauth2: replace redirect uri exact match with protocol/host/path match #257

Merged pull requests:

docs: Adds automatic summary and toc generation #785 (aeneasr)
Remove coveralls token from circleci config #783 (zepatrik)
Update newsletter text #780 (zepatrik)
Minor improvements to the gitbook guide #773 (aeneasr)

v0.11.6 (2018-02-07)

Full Changelog

Implemented enhancements:

server: Add default policy for well-known/jwks.json #761
cmd: Add newsletter info and sign up #755
metrics: Improve metrics endpoint #742
oauth2: Add ability to purge old access tokens #738
jwk: refactor jwk id generation #589
oauth2: Adds support for PKCE (IETF RFC7636) #769 (aeneasr)
Forces unique JWK IDs and allows anonymous access to ./well-known/jwks.json #762 (aeneasr)

Fixed bugs:

Do not show client secret when client is public in CLI #737
oauth2: Client secret error message should be shown on creation #725
sdk: Resolves composer license complaint #763 (aeneasr)

Closed issues:

docker-compose encountered errors #758
AWS Lambda Support? #749
cmd/client: Ask for security newsletter sign up when using client side CLI #747
oauth2: Add PKCE support #744

Merged pull requests:

Gen php sdk #814 (pnicolcev-tulipretail)
oauth2: Resolves possible session fixation attack #770 (aeneasr)
docs: Fix dead link to example policy #767 (gr-eg)
Purge tokens #766 (aeneasr)
client: do not show/send secret when client is public #765 (zepatrik)
fix #725 #764 (zepatrik)
Cmd newsletter signup #759 (aeneasr)
sdk: Generate php sdk and point php autoloader to lib folder #736 (pnicolcev-tulipretail)

v0.11.4 (2018-01-23)

Full Changelog

v0.11.3 (2018-01-23)

Full Changelog

Implemented enhancements:

Improve telemetry module #752 (aeneasr)

Closed issues:

possible consent session id attack? #753

v0.11.2 (2018-01-22)

Full Changelog

Fixed bugs:

client: Returns 404 only when policy allows getting a client #751 (aeneasr)

Merged pull requests:

oauth2: Protects consent flow against session fixation #754 (aeneasr)

v0.11.1 (2018-01-18)

Full Changelog

Implemented enhancements:

groups: Add ability to list all groups, not just by member #729

Fixed bugs:

Resolves issues with pagination #750 (aeneasr)

Closed issues:

Timezone Issue with new consent flow in 0.10? #735
policies: change effect type from string to boolean #666
cmd: hydra connect --url should work with and without trailing slash #650

Merged pull requests:

add a save way to get the ClusterURL and append to it #748 (zepatrik)

v0.11.0 (2018-01-08)

Full Changelog

Implemented enhancements:

group: List groups without owner #732
Add an alias for offline scope called offline_access #722
oauth2: Print debug message to logs and evaluate transmitting it to clients too #715
groups: Add ability to list all groups, not just by member #734 (aeneasr)
sdk: Adds php registry dummy #733 (aeneasr)
oauth2: Prints debug message to logs and evaluate transmitting it to clients too #727 (aeneasr)
vendor: Adds offline_access scope alias #724 (aeneasr)

Fixed bugs:

health: Should not require x-forwarded-proto #726
health: Stop requiring x-forwarded-proto #731 (aeneasr)

Closed issues:

variable part in the subject and resource in ladon policy to be filled by request #730
Trailing slash redirect strips directories from path #723
Resolve broken docker-compose tutorial guide #717
Document external dependencies #716

Merged pull requests:

docs: Adds documentation on third-party deps #728 (aeneasr)

v0.10.10 (2017-12-16)

Full Changelog

Implemented enhancements:

Make scopes in hydra token client command configurable #711
cmd: Makes scopes in token command configurable #712 (aeneasr)
cmd: Adds a dedicated command for importing policies #709 (aeneasr)

Fixed bugs:

Misleading error message when using the SDK #686
sdk/go: Resolves incorrect error message #713 (aeneasr)

Closed issues:

Docker readme, in case it is lost #719
Keep track of version and build hash #706
Scope is documented as hydra.groups but should by hydra.warden.groups #702
Rename hydra policies create -f to hydra policies import #701

Merged pull requests:

docs: Resolves issue with broken 5-minute tutorial #721 (aeneasr)
Improves userinfo endpoint #714 (aeneasr)
groups: Corrects group scope documentation #710 (aeneasr)

v0.10.9 (2017-12-13)

Full Changelog

Implemented enhancements:

Reintroduce alpine based image with shell #703

Merged pull requests:

pkg: Fixes returning nil instead of empty array in split #705 (aeneasr)

v0.10.8 (2017-12-12)

Full Changelog

Implemented enhancements:

oauth2: Add token_endpoint_auth_methods_supported to openid-configuration #695

Closed issues:

docs: Add introspect bc to upgrade #698

Merged pull requests:

Reintroduces alpine based docker image #704 (aeneasr)

v0.10.7 (2017-12-09)

Full Changelog

v0.10.6 (2017-12-09)

Full Changelog

Closed issues:

oauth2: Write test for userinfo endpoint without token and test for 401 #691

Merged pull requests:

Improves OpenID Connect conformity #694 (aeneasr)

v0.10.5 (2017-12-09)

Full Changelog

Closed issues:

oauth2: Support userinfo endpoint #652

v0.10.4 (2017-12-09)

Full Changelog

Merged pull requests:

oauth2: Adds basic userinfo endpoint #690 (aeneasr)

v0.10.3 (2017-12-08)

Full Changelog

v0.10.2 (2017-12-08)

Full Changelog

v0.10.1 (2017-12-08)

Full Changelog

Implemented enhancements:

Open source policy naming guidelines #680

Closed issues:

docs: docker --link should be replaced by networks #555

v0.10.0 (2017-12-08)

Full Changelog

Implemented enhancements:

docs: Improve release and breaking changes management #675
oauth2: Make sub explicit in the database #658
oauth2: Add access control to token introspection endpoint #655
all: make policy resource and action names configurable #640
Subject field #674 (aeneasr)
Add changelog #673 (aeneasr)

Fixed bugs:

oauth2: Token revokation should check client id before revoking tokens #676
cli/policies: removing a policy subject adds the subject Instead #662
jwk: Rename ES521 key generation algorithm to ES512 #651
oauth2: Fixes clients being able to revoke any token #677 (aeneasr)

Closed issues:

Json logging #670
swagger: scope pattern requires a space #661
docs: Add list of undisclosed adopters with requests ranges to readme #659

Merged pull requests:

Update release notes and prepare 0.10.0 #685 (aeneasr)
docs: Adds multi-tenant best practices #684 (aeneasr)
ci: Resolves code climate issues #683 (aeneasr)
pkg: Adds test for LogError #682 (aeneasr)
docs: Adds ACP best practices #681 (aeneasr)
oauth2: Requires firewall check for introspecting access tokens #678 (aeneasr)
Makes policy resource names prefixes configurable #672 (aeneasr)
docs: Adds consent state machine #671 (aeneasr)
docs: Make space optional in scope regex (#661) #668 (pnicolcev-tulipretail)
Various minor fixes #667 (aeneasr)
telemetry: Update telemetry identification #654 (aeneasr)

v0.10.0-alpha.21 (2017-11-27)

Full Changelog

Closed issues:

Add support for CORS #506

Merged pull requests:

cli: Fix hydra cli adding policy subjects on subject remove #665 (jamesnicolas)

v0.10.0-alpha.20 (2017-11-26)

Full Changelog

Merged pull requests:

cmd: Added cors support to host process #664 (aeneasr)

v0.10.0-alpha.19 (2017-11-26)

Full Changelog

Closed issues:

Working with flask-oidc #660
Multi stage build process removes the ability to shell into hydra container #657
Support ES256 JWK Algo #627
oauth2/introspect: skip omitempty in active flag #607
oauth2: provide CWT token generation #577

Merged pull requests:

vendor: Upgraded ladon and dockertest versions #663 (aeneasr)
pkg: Make low entropy RSA key generation explicit in function name #656 (aeneasr)
docs: Update hydra versions #649 (aeneasr)

v0.10.0-alpha.18 (2017-11-06)

Full Changelog

v0.10.0-alpha.17 (2017-11-06)

Full Changelog

v0.10.0-alpha.16 (2017-11-06)

Full Changelog

Merged pull requests:

Fix static build #648 (aeneasr)

v0.10.0-alpha.15 (2017-11-06)

Full Changelog

Merged pull requests:

docker: Make hydra executable #647 (aeneasr)

v0.10.0-alpha.14 (2017-11-06)

Full Changelog

Fixed bugs:

sql/postgres: wherever limit/offset is used, include ORDER BY clause #619
oauth2: fix racy memory consent manager with RW mutex #600

Merged pull requests:

Fix racy behaviour in oauth2 memory managers #646 (aeneasr)

v0.10.0-alpha.13 (2017-11-06)

Full Changelog

Implemented enhancements:

Would it make sense to build hydra statically #374

Merged pull requests:

docker: Stop building from source in docker image #645 (aeneasr)

v0.10.0-alpha.11 (2017-11-06)

Full Changelog

v0.10.0-alpha.12 (2017-11-06)

Full Changelog

Closed issues:

Add license header to all source files #643
warden: remove obsolete http manager #616

Merged pull requests:

Add license header to all source files #644 (aeneasr)
cmd: require url-encoding of root client id and secret #641 (aeneasr)
fix health link in docs #637 (DallanQ)

v0.10.0-alpha.10 (2017-10-26)

Full Changelog

Implemented enhancements:

jwk: use cryptopasta library #629
Feature Request: ability to list all groups #594

Closed issues:

jwk: add es256 generator to jwk handler in master #634
groups: add ability to list all groups to master branch #633
travis: run genswag and gensdk before npm publish #610

v0.10.0-alpha.9 (2017-10-25)

Full Changelog

Closed issues:

docs: followed the installation guide and was unable to get a successful consent #623
tests: run manager tests in parallel #617

Merged pull requests:

Changes from zvelo #636 (aeneasr)
Dep, JWK and groups #635 (aeneasr)
tests: run database tests in parallel #632 (aeneasr)
Use recommendations made from cryptopasta repository #630 (aeneasr)
Support ES256 JWK Algo #628 (joshuarubin)

v0.9.16 (2017-10-23)

Full Changelog

Closed issues:

docs: adding policy to consent app doesn't work as resource using <.*> #621
documentation vague regarding returned client_secret #620

Merged pull requests:

updated links to apiary as the old ones didn't work #626 (abusaidm)
docs: updated hydra version in the tutorial to v0.10.0-alpha.8 and consent app to v0.10.0-alpha.9 #625 (abusaidm)
docs: fixed spelling and wording #624 (abusaidm)
docs: fix bash command and version used in tutorial #622 (abusaidm)
add ability to list all groups #612 (joshuarubin)

v0.10.0-alpha.8 (2017-10-18)

Full Changelog

Closed issues:

docs: SDK for Go is actually for Node, fix this typo #615
server.injectConsentManager doesn't use ConsentRequestSQLManager even if *config.SQLConnection exists #613

Merged pull requests:

cmd/server: SQLConnection should load SQLRequestManager #618 (aeneasr)
Clean up helpers and increase test coverage #611 (aeneasr)
sdk: format js sdk and remove mock tests #609 (aeneasr)

v0.9.15 (2017-10-11)

Full Changelog

Merged pull requests:

Support dep #606 (joshuarubin)

v0.9.14 (2017-10-06)

Full Changelog

v0.10.0-alpha.7 (2017-10-06)

Full Changelog

v0.10.0-alpha.6 (2017-10-05)

Full Changelog

v0.10.0-alpha.5 (2017-10-05)

Full Changelog

v0.10.0-alpha.4 (2017-10-05)

Full Changelog

Merged pull requests:

travis: move deploy scripts to its own file #604 (aeneasr)
tests: skip cpu intense jwk generation in short mode #603 (aeneasr)

v0.10.0-alpha.3 (2017-10-05)

Full Changelog

v0.10.0-alpha.2 (2017-10-05)

Full Changelog

Implemented enhancements:

all: refactor http client endpoint logic #584
oauth2: refresh openid connect id token via refresh_token grant #556
oauth2: change scope semantics to wildcard #550
warden: need endpoint that just introspects tokens #539
sdk: client libraries for all languages #249
core: enable usage statistics reporting #230
core: introduce a way to test for bc breaks in datastore #193

Merged pull requests:

travis: resolve deployment issues #602 (aeneasr)
warden: remove deprecated http manager #601 (aeneasr)
docs: fix sdk links #599 (aeneasr)
travis: re-add goveralls #598 (aeneasr)

v0.10.0-alpha.1 (2017-10-05)

Full Changelog

Implemented enhancements:

oauth2: write test for handling consent deny #597
group: add warden tests #591
health: remove TLS restriction on health endpoint when termination is set #586

Fixed bugs:

cmd: policies delete says Connection \<id\> deleted instead of Policy \<id\> deleted #583

Closed issues:

oauth2: change meaning of audience claim #595
sdk/go: write interfaces for APIs & responses #593

Merged pull requests:

travis: fix binary building #596 (aeneasr)
cmd/cli: typo Connection -> Policy #592 (ljagiello)
sdk: switch to swagger codegen sdk #585 (aeneasr)
0.10.0 #557 (aeneasr)

v0.9.13 (2017-09-26)

Full Changelog

Implemented enhancements:

RFC: Refactor consent flow #578
oauth2: remove scope parameter from introspection request #551
"Subject claim can not be empty" error when trying to retrieve ID Token #460

Fixed bugs:

cmd: token user no longer uses cluster url #581
warden: do not use refresh tokens as proof of authorization #549
Fix import path for logrus #477

Closed issues:

Support for RFC 7636 #576
authorization header in /oauth2/token endpoint is case sensitive #575
DATABASE_URL=memory go run main.go host Error #571
error on mismatch uris #569
Relation "hydra_jwk" does not exist #568
Freemium Crap #567
Warden API docs do not talk about access_token #564
When the client is run through a container, it should pick up configuration from environment #563
Docker hub documentation showing up as HTML #562
Allow people to configure the Hydra service using a config file. #561
Error on go get the project #560
Open a Patreon account #558
GET /client/:id broken on master #538

Merged pull requests:

health: disable TLS restriction for health check #587 (aeneasr)
cmd: token user should use clusterurl instead of empty string #582 (aeneasr)
vendor: update various dependencies #579 (aeneasr)
Update to ladon 0.8.2 #570 (olivierdeckers)
install.md: port typo #566 (rnback)
oauth2: give meaningful hint when subject claim is empty #554 (aeneasr)

v0.9.12 (2017-07-06)

Full Changelog

Implemented enhancements:

oauth2: use wildcards for scope strategy #552

Merged pull requests:

warden: refresh tokens are no longer proof of authZ #553 (aeneasr)
README.md: hydra container doesn't include bash #548 (srenatus)
docs: fix typo in tutorial #547 (aeneasr)
cmd/token/user: fix auth and token-url mixup #546 (aeneasr)
docs: update docs #545 (aeneasr)

v0.9.11 (2017-06-30)

Full Changelog

Merged pull requests:

docs: add step-by-step installation guide #544 (aeneasr)
docs: add product teasers #543 (aeneasr)

v0.9.10 (2017-06-29)

Full Changelog

Implemented enhancements:

cmd/host: move status info from health endpoint to another one and protect it #532

Fixed bugs:

Decode Basic Auth Credentials #536

Closed issues:

Cannot try tutorial install, not existing dependencies #541
[docker-compose] ERROR: for postgresd expected string or buffer #540

Merged pull requests:

vendor: update fosite to remove forced nonce #542 (aeneasr)
oauth2: form-urldecode authorization basic header #537 (aeneasr)
[DOC] Update "Build from source" section to actual state #534 (dolbik)
cmd/host: move status info to dedicated endpoint #533 (aeneasr)

v0.9.9 (2017-06-17)

Full Changelog

Fixed bugs:

cmd/policy/create: not exiting on error #527

Merged pull requests:

cmd: add test for get handler #531 (aeneasr)
cmd/policy/create: exit on error - closes #527 #530 (aeneasr)

v0.9.8 (2017-06-17)

Full Changelog

Fixed bugs:

Updating policies may cause loss of policy data #503

Closed issues:

oauth2: investigate panic #512

Merged pull requests:

oauth2: resolve panic with nested at_ext and id_ext #529 (aeneasr)
vendor: update to ladon 0.8.0 - closes #503 #528 (aeneasr)

v0.9.7 (2017-06-16)

Full Changelog

Closed issues:

Fatal error when running docker container #525

Merged pull requests:

cmd/server: supply admin client policy with id #526 (aeneasr)

v0.9.6 (2017-06-15)

Full Changelog

Merged pull requests:

Db plugin connector #524 (aeneasr)

v0.9.5 (2017-06-15)

Full Changelog

Merged pull requests:

vendor: upgrade ladon to 0.7.7 #523 (aeneasr)

v0.9.4 (2017-06-14)

Full Changelog

Merged pull requests:

cmd: resolve issuer test issue #522 (aeneasr)
all: improve test exports #521 (aeneasr)
docs: start writing faq from gitter #504 (aeneasr)

v0.9.3 (2017-06-14)

Full Changelog

Closed issues:

Generating Client ID/Secret in >= 0.8.0 #517
Could not gracefully run server #513
authorize_code without password #511

Merged pull requests:

metrics: resolve potential data race #520 (aeneasr)
Fix warden docs #519 (aeneasr)
all: export test helpers #518 (aeneasr)
oauth2: add tests for refresh token grant #515 (aeneasr)
oauth2: use issuer-prefixed auth URL in challenge redirect #509 (wyattanderson)
cmd: resolve failing test #501 (aeneasr)

v0.9.2 (2017-06-13)

Full Changelog

Merged pull requests:

cmd/server: print full error message on http startup #514 (aeneasr)

v0.9.1 (2017-06-12)

Full Changelog

Merged pull requests:

client: export tests #510 (aeneasr)
metrics: improve metrics #508 (aeneasr)
cmd: add auto migration image #502 (aeneasr)

v0.9.0 (2017-06-07)

Full Changelog

Implemented enhancements:

cmd/cli: add flag for X-Forwarded-Proto for faking https termination #349
metrics: add metrics and telemetry package #500 (aeneasr)

Fixed bugs:

warden/group: investigate missing transaction rollback in group manager #462
policies: validate conditions and return error instead of silently dropping them #350

Closed issues:

Headers should be case-insensitive #496
docs: add FAQ on missing migrate in docker image #484
docs: include oauth2 example #358
warden: allow scopes in policies #330

Merged pull requests:

sdk: add simple example of hydra sdk #499 (aeneasr)
docs: add FAQ on missing migrate in docker image #498 (aeneasr)
vendor: upgrade to ladon 0.7.4 - closes #350 #497 (aeneasr)
docs: add scopes to oauth2 #495 (aeneasr)
warden/group: add rollback to transactions #494 (aeneasr)

v0.8.7 (2017-06-05)

Full Changelog

Implemented enhancements:

oauth2: add possibility for denying consent requests #400
oauth2: allow redirection to client if consent was denied #371

Fixed bugs:

Introspection endpoint responds with 401 on invalid payload token #457

Closed issues:

Allow configuration of DB\_HOST, DB\_PASS, DB\_USER, DB\_NAME separately. #480

Merged pull requests:

all: implement --fake-tls-termination flag #493 (aeneasr)
oauth2/introspect>: resolve 401 on invalid token #492 (aeneasr)
client/manager_sql: return an empty slice if string is empty #491 (faxal)

v0.8.6 (2017-06-05)

Full Changelog

Implemented enhancements:

Assign clients different consent urls #378

Fixed bugs:

Creating policies via the CLI does not populate the 'description' field #472
Missing "iss" field from /oauth2/introspect response #399
client: getting a non-existing client raises 500 instead of 404 #348

Closed issues:

Libraries version problem, build break. #481
oauth2: update to latest fosite which removed implicit storage #468
Unable to set Public flag to false #463
oauth2: allow client specific token TTLs #428
docs: hint at health check #355
Hydra URLs mounted to a subpath #352
oidc: hydra as federated user auth for AWS Console/API #315
jwk: when retrieving a key, stray request missing a subject 403 #271

Merged pull requests:

oauth2/introspect: send issuer in introspection #490 (aeneasr)
oauth2: allow redirection to client if consent was denied #489 (aeneasr)
docs: add health check to swagger and resolve swagger issues #488 (aeneasr)
jwk/handler: nest ac check and resolve stray log message #487 (aeneasr)
pkg/errors: make ErrNotFound return a status code #486 (aeneasr)
cmd/policies: description is a string field, not slice #485 (aeneasr)
Vendor update #483 (aeneasr)
vendor: update to latest versions #482 (aeneasr)
client/manager: remove merging of stored and updated client #478 (faxal)
Fix Swagger for Warden Groups #476 (pbarker)

v0.8.5 (2017-06-01)

Full Changelog

Fixed bugs:

max_conns and max_conn_lifetime breaks db.Ping #464
cmd/server: resolve gorilla session mem leak - closes #461 #475 (aeneasr)

Closed issues:

Container is not Running #474
Random periodic crashes #461

Merged pull requests:

fix spelling of challenge #471 (sstarcher)
oauth2: remove unused implicit grant storage #469 (aeneasr)

v0.8.4 (2017-05-24)

Full Changelog

Closed issues:

Kubernetes Helm chart #430

Merged pull requests:

config: connect to cleaned DSN #470 (aeneasr)
docs: hint to kubernetes helm chart - see #430 #467 (aeneasr)
Improve documentation #466 (aeneasr)

v0.8.3 (2017-05-23)

Full Changelog

Implemented enhancements:

http: harden http server for public net #334

Fixed bugs:

config: remove sql control parameters from dsn before connecting #465 (aeneasr)

Closed issues:

Listing policies not working with database #458
go install github.com/ory/hydra Fails to compile #456
Challenge claims redirect http instead of https #455
core/store: document aes gcm nonce limitation #76

Merged pull requests:

Policy Fix #459 (pbarker)

v0.8.2 (2017-05-10)

Full Changelog

Implemented enhancements:

Missing kid parameter in ID token header #433
no /.well-known/openid-configuration endpoint implementation #379

Merged pull requests:

Add Key Id to Header #454 (pbarker)
cmd: improve error message for when database tables are missing #453 (aeneasr)
Wellknown #427 (pbarker)

v0.8.1 (2017-05-08)

Full Changelog

Implemented enhancements:

cmd: database migrations should not be run automatically but have a cmd instead #444
all: move herodot to ory/herodot #436

Fixed bugs:

cmd: token client fails in ci sometimes #443

Closed issues:

all: deprecating rethinkdb and redis support #425
oauth2: consent anti-csrf token should be forcefully removed #367

v0.8.0 (2017-05-07)

Full Changelog

Closed issues:

Refresh token doesn't work #449

Merged pull requests:

✏️ minor grammar typo #452 (therebelrobot)
Add example about securing the consent app #450 (matteosuppo)
Allow setting SkipTLSVerify Option value #448 (faxal)
0.8.0: Towards production friendliness #445 (aeneasr)

v0.7.13 (2017-05-03)

Full Changelog

Implemented enhancements:

ui: implement a basic management interface with react for oauth2 client, jwk, social connections and others #215

Fixed bugs:

herodot: resolve issue with infinite loop caused by certain error chain #441
"Could not fetch signing key for OpenID Connect" #439
vendor: upgrade fosite to resolve regression issue #446 (aeneasr)

Closed issues:

Peculiar EOF instead of response from the introspect endpoint. #368

Merged pull requests:

Add Auth0 to sponsor section #435 (aeneasr)

v0.7.12 (2017-04-30)

Full Changelog

Fixed bugs:

herodot: resolve issue with infinite loop caused by certain error chain #442 (aeneasr)

Closed issues:

Freeze dependencies #437

v0.7.11 (2017-04-28)

Full Changelog

Closed issues:

Mismatch between library versions #434
Data Passthrough to IDP #431
Api protection #429
Gitter.im or irc channel #426
Outdated fosite #424
oauth2: resource owner password credentials proposal #214

Merged pull requests:

vendor: resolve issues with glide lock file #438 (aeneasr)

v0.7.10 (2017-04-14)

Full Changelog

Closed issues:

Build instructions from Readme fail #420
API error (500) during tests #419
Uname in session #418
Resource owner password credentials grant #417
ory vs ory-am #414
Cockroachdb support #413
Small doc error #411
Rest API documentation not working #410

Merged pull requests:

Remove uname references from docs #423 (matteosuppo)
vendor: update common and ladon dependencies #422 (aeneasr)
docs: resolve broken build instructions in readme - closes #420 #421 (aeneasr)
Dropping brackets in Create Client example #415 (pbarker)
Update bash command in tutorial #412 (pbarker)
Update README.md #409 (joelpickup)
docs: changes apiary url to current version #407 (aeneasr)

v0.7.9 (2017-04-02)

Full Changelog

Closed issues:

Flow Using Curl help (token auth) #405
Add support to mongodb #401

Merged pull requests:

Updated ladon version in glide.lock #404 (ericalandouglas)
oauth2: fix typo #403 (maximesong)

v0.7.8 (2017-03-24)

Full Changelog

Implemented enhancements:

sdk: add consent helper #397
Transition Dockerfile to Alpine Linux #393
redirect_uri domains are case-sensitive #380
Per-client consent URLs #351
sdk: add consent helper - closes #397 #398 (aeneasr)
docs: add example policy for consent app signing #389 (aeneasr)

Fixed bugs:

cli handler_groups type error? #383

Closed issues:

oauth2: token introspection fails on HTTP without dangerous-force-http #395
Create User based on access token provided by Social Provider #394
investigate why import from json fails #390
gitter link doesn't work #386
Possible security bug in warden/group package #382
relation "hydra_client" does not exist (postgres) #381
Native login support #375
Request denied by default #373

Merged pull requests:

docker: reduce docker image size #396 (aeneasr)
Added information about auth code exchange to oauth2 docs #392 (therebelrobot)
Small typo. #391 (darron)
all: resolve ci issues and improve readme #384 (aeneasr)

v0.7.7 (2017-02-11)

Full Changelog

v0.7.4 (2017-02-11)

Full Changelog

v0.7.5 (2017-02-11)

Full Changelog

v0.7.6 (2017-02-11)

Full Changelog

Implemented enhancements:

sql: limit maximum open connections, document timeout options through DSN #359

Fixed bugs:

oauth2: invalid consent response causes panic #369
oauth2: resolve issue with cookie store #376 (aeneasr)

Closed issues:

Can hydra be easily integrated (embedded) into any golang http application? #372

Merged pull requests:

oauth2: invalid consent response causes panic - closes #369 #370 (aeneasr)
Resolve issues with SQL maximum open connections #360 (aeneasr)

v0.7.3 (2017-01-22)

Full Changelog

Fixed bugs:

policy: investigate potential sql connection leak - closes #363 #365 (aeneasr)

Closed issues:

Have Hydra store usernames linked to tokens #364
policy: investigate potential sql connection leak #363
crypto/bcrypt: hashedPassword is not the hash of the given password #346

Merged pull requests:

Update fosite_store_redis.go #361 (itsjamie)

v0.7.2 (2017-01-02)

Full Changelog

Fixed bugs:

Problems with the authorization code flow #342
sql: deleting policies does not delete associated records with mysql driver #326
vendor: update to fosite 0.6.11 - closes #338 #343 (aeneasr)

Closed issues:

oidc: at_hash / c_hash mismatch #338
oidc: SCIM compliance #320

Merged pull requests:

vendor: update to fosite 0.6.12 #344 (aeneasr)

v0.7.1 (2016-12-30)

Full Changelog

v0.7.0 (2016-12-30)

Full Changelog

Implemented enhancements:

Implement RemoveSubjectFromPolicy and RemoveResourceFromPolicy #336
policy: provide rest endpoint for policy updates #305
0.7.0: SQL Migrate, Groups, Hardening #329 (aeneasr)

Fixed bugs:

0.7.0: SQL Migrate, Groups, Hardening #329 (aeneasr)

Closed issues:

Replace # with ? in authentication response #337

v0.6.10 (2016-12-26)

Full Changelog

Implemented enhancements:

oauth2/consent: force jti echo in consent response #322
include a migration routine for databases #194
warden: add group management and group based policy checks #68
Improve http-based warden/introspection error responses #335 (aeneasr)

v0.6.9 (2016-12-20)

Full Changelog

Implemented enhancements:

cmd: add configuration options for hydra token user #327
core: add api key flow #234

Fixed bugs:

openid: support response_type=code id_token - closes #332 #333 (aeneasr)

Closed issues:

openid: support response_type=code id_token #332
Apparent failure on load with ECDSA key #328
Why hydra github homepage crash when I visit ( while scrolling down) #323
JsonWebTokenError: jwt must be provided #321
write tests for cmd helpers #186

Merged pull requests:

cmd: replace newline in HTTP_TLS #331 (ewilde)
Log fixes #324 (johnwu96822)

v0.6.8 (2016-12-06)

Full Changelog

Implemented enhancements:

oauth2: http introspector should return well known error #319 (aeneasr)

v0.6.7 (2016-12-04)

Full Changelog

Merged pull requests:

all: improve cli and oauth2 error reporting #318 (aeneasr)

v0.6.6 (2016-12-04)

Full Changelog

Implemented enhancements:

core: Redis backend #306

Closed issues:

oauth2: aud parameter does not allow arrays #314

Merged pull requests:

add missing work in docs/oauth2.md #317 (bbigras)
docker: --name should be before the image's name #316 (bbigras)

v0.6.5 (2016-11-28)

Full Changelog

Implemented enhancements:

store/redis: redis backend for hydra #313 (115100)

v0.6.4 (2016-11-22)

Full Changelog

Implemented enhancements:

oauth2/revocation: token revocation fails silently with sql store #312 (aeneasr)

Fixed bugs:

oauth2/revocation: token revocation fails silently with sql store #311
oauth2/revocation: token revocation fails silently with sql store #312 (aeneasr)

Closed issues:

docs: clean up TokenValid leftovers #310

v0.6.3 (2016-11-17)

Full Changelog

Implemented enhancements:

Rejection reason code to /warden/token/allowed #308

Fixed bugs:

oauth2: resolve issues with token introspection on user tokens #309 (aeneasr)

v0.6.2 (2016-11-05)

Full Changelog

Implemented enhancements:

github: comply with Go license terms #300

Merged pull requests:

Fix client SQL manager missing client_name #303 (johnwu96822)

v0.6.1 (2016-10-26)

Full Changelog

Fixed bugs:

MySQL DB not creating on start – JSON column types only supported from MySQL 5.7 and onwards #299
0.6.1 #301 (aeneasr)

Merged pull requests:

Fix some minor typos and the broken tutorial links #298 (justinclift)

v0.6.0 (2016-10-25)

Full Changelog

Implemented enhancements:

Make it possible for travis-ci to build forked repos #295
core: add sql support #292
travis: execute gox build only when new commit is a new tag #285
cmd: prettify the hydra token user output #281
warden: make it clear that ladon.Request.Subject is not required or break bc and remove it #270
connections: remove connections API #265
consider signing up for Core Infrastructure Initiative badge #246
oauth2: token revocation endpoint #233
oauth2/rethinkdb: clear expired access tokens from memory #228
0.6.0 #293 (aeneasr)

Fixed bugs:

all: coverage report is missing covered lines of nested packages #296
oauth2/introspect: make endpoint rfc7662 compatible #289
rethink: figure out how to deal with unreliable changefeed #269
oauth2: requests waste a lot of time in fosite storer requestFromRDB\(\) routine #260
0.6.0 #293 (aeneasr)

Closed issues:

docs: fix typo in consent.md #294
docs/apiary: add at_ext note to warden endpoints #287
core/storage: with rethinkdb being closed, what is our path forward? #286
docs: warden resource names are wrong on apiary #268
Request for Comment: Fair Source License / Business Source License #227
core: (health) monitoring endpoint #216
add much simpler identity provider and oauth2 consumer example #172
2fa: add two factor authentication helper API #69

Merged pull requests:

cmd: fix typo in host command help text #291 (faxal)
travis: Only gox build on tags and go1.7 #288 (emilva)
docs: improve introduction #267 (aeneasr)

v0.5.8 (2016-10-06)

Full Changelog

Fixed bugs:

oauth2: refresh token does not migrate session object to new token #283
oauth2: refresh token does not migrate session object to new token #284 (aeneasr)

v0.5.7 (2016-10-04)

Full Changelog

Implemented enhancements:

jwk: add use parameter to generated JWKs #279
jwk: add use parameter to generated JWKs - closes #279 #280 (aeneasr)

v0.5.6 (2016-10-03)

Full Changelog

Implemented enhancements:

oauth2: scopes should be separated by %20 and not +, to ensure javascript compatibility #278 (aeneasr)

Fixed bugs:

cmd: hydra help host profiling typo #274
cmd: hydra help host typos #272

Closed issues:

Scopes should be separated by %20 and not +, to ensure javascript compatibility #277

Merged pull requests:

cmd: fix #272 typos in the host command controls #276 (cixtor)
Fix #274 - replace HYDRA_PROFILING with PROFILING #275 (otremblay)

v0.5.5 (2016-09-29)

Full Changelog

v0.5.4 (2016-09-29)

Full Changelog

v0.5.3 (2016-09-29)

Full Changelog

Implemented enhancements:

docker: add http-only dockerfile and upgrade to go 1.7 base image #273 (aeneasr)

Fixed bugs:

investigate if and why slow rethinkdb connection causes client root to be recreated #191

Closed issues:

Consider extract Go SDK package into separate repository #266
Showcase: How and where are you using Hydra? #115

v0.5.2 (2016-09-23)

Full Changelog

v0.5.0 (2016-09-22)

Full Changelog

v0.5.1 (2016-09-22)

Full Changelog

Implemented enhancements:

oauth2: include original request query parameters in the consent challenge #256
Need a better health check for a load balancer #251
client: add ability to update client #250
oauth2: allow access token validation for public clients #245
all: improve error messages regarding token validation #244
all: resolve naming inconsistencies in jwk set names used in hydra #239
sdk: resolve naming inconsistencies #226
oidc: support kid hint in header #222
0.5.0-errors #263 (aeneasr)
0.5.0 #243 (aeneasr)

Fixed bugs:

When invalid/expired token is used for /warden/allowed endpoint, status 500 is returned #262
docs: fix images in readme #261
Bad HTML encoding of the scope parameter #259
docs: images are broken #258
oauth2: id token hashes are not base64 url encoded #255
oauth2: state parameter is missing when response_type=id_token #254
jwk: anonymous request can't read public keys #253
travis: ld flags are wrong #242
cmd: hydra token user should show id token in browser #224
oidc: hybrid flow using token+code+id\_token returns multiple tokens of the same type #223
hydra clients import doesn't print client's secret #221
0.5.0-errors #263 (aeneasr)
0.5.0 #243 (aeneasr)

Closed issues:

core: document hard-wired JWK sets #247
managing client definitions #197

Merged pull requests:

docs: add notes on operational considerations #252 (boyvinall)

v0.4.2-alpha.4 (2016-09-03)

Full Changelog

v0.4.2 (2016-09-03)

Full Changelog

v0.4.3 (2016-09-03)

Full Changelog

v0.4.2-alpha.3 (2016-09-02)

Full Changelog

v0.4.2-alpha.2 (2016-09-01)

Full Changelog

v0.4.2-alpha.1 (2016-09-01)

Full Changelog

0.4.2-alpha (2016-09-01)

Full Changelog

Implemented enhancements:

Add version option to Hydra's CLI #218
autobuild #240 (aeneasr)
Update jwt-go and resolve warden regression issue #232 (aeneasr)

Fixed bugs:

warden: firewal.Audience overridden with requesting clients subject #236 (faxal)
Update jwt-go and resolve warden regression issue #232 (aeneasr)

Closed issues:

how to use hydra without "--dangerous-auto-logon"? #241
warden: firewal.Audience overridden with requesting clients subject #237
Vendor: Upgrade to jwt-go 3.0.0 #229
docs: warden sdk example is misleading #225
Typo in the apiary documentation #220
Importing clients with the CLI doesn't work #219
doc: add "what is hydra not?" section to readme #217
figure out a process to autobuild releases #210

Merged pull requests:

fix broken link for tutorial in README.md #213 (allan-simon)

v0.4.1 (2016-08-18)

Full Changelog

Fixed bugs:

error bad request when running tutorial #211
cmd: resolve issue with token user flow #212 (aeneasr)

v0.4.0 (2016-08-17)

Full Changelog

Implemented enhancements:

all: move docs from gitbook to github #204
0.4.0 #203 (aeneasr)

Fixed bugs:

0.4.0-prefix #209 (aeneasr)
0.4.0 #203 (aeneasr)

Closed issues:

docs/guide: warden docs are outdated #206
fix sdk examples in readme #196
add tests for clients import #163
remove go get -t ./... from travis #71

v0.3.1 (2016-08-17)

Full Changelog

Implemented enhancements:

oauth2: introspection should return custom session values #205
warden: move IntrospectToken from warden sdk to oauth2 #201
warden: rename InspectToken to IntrospectToken #200

Fixed bugs:

AccessTokens get overridden during startup of hydra #207
warden: IntrospectToken always throws an error on Hydra logs #199
resolve issue with at extra data #198
Fix 207 #208 (aeneasr)

v0.3.0 (2016-08-09)

Full Changelog

Implemented enhancements:

0.3.0 #195 (aeneasr)

Fixed bugs:

0.3.0 #195 (aeneasr)

v0.2.0 (2016-08-09)

Full Changelog

Implemented enhancements:

warden sdk should not make distinction between token and request #190
core scope should not be mandatory #189
id token claims should be set by consent challenge id\_token claim #188
provide default consent endpoint in hydra #185
make bcrypt cost configurable #184
make lifespans configurable #183
improve env to config #182
add memory profiling and cpu profiling #179
add basic http request logging #178
support edge tls termination #177
Make client HTTPManager not compatible with fosite.Storage #173
clean up stale branches #171
improve hydra connect dialogue #170
investigate if token creation can be speeded up #168
consent: allow proxying of id token claims #167
warden: rename authorized / allowed endpoints to something more meaningful #162
warden: rename assertion to token #158
Implement strict mode for warden #156
Implement token introspection endpoint #155
Don't log database credentials #147
OpenID Connect Session Management #143
[Feature request] Import clients on startup #140
Warden for anonymous users #139
oauth2/consent: id token expiry should be configurable #127
warden: endpoint should only require valid client, not policy based access control #121
Improve error message of wrong system secret #104
warden: rename authorized / allowed endpoints to something more meaningful #187 (aeneasr)
0.2.0 #165 (aeneasr)
all: add test cases for methods returning slices or maps of entities #152 (aeneasr)
Resolve rethinkdb connection when idle #148 (aeneasr)
all: resolve issues with the sdk and cli #142 (aeneasr)
cli: add token validation #134 (aeneasr)
Add wrapper library for HTTP Managers #130 (faxal)

Fixed bugs:

investigate runtime panic on warden allowed #181
oauth2 implicit flow should allow custom protocols #180
support edge tls termination #177
Token generation should be always consistent, not eventually consistent #176
consent: allow proxying of id token claims #167
config: do not store database config in hydra config #164
OAuth2 token endpoint does not allow GET method but reads query parameters #160
OAuth2 token endpoint should be able to handle simple form encoded requests #159
--dry option does not work correctly #157
client.GetClients() returns invalid information #150
RethinkDB connection dies after a certain amount of inactive time #146
Fails to startup when a SSO connection is added. #141
id_token: at_hash / c_hash is null #129
oauth2: some scopes are included twice #126
warden: iat / exp values are not being set #125
investigate missing scopes issue #124
rethinkdb: resolve an issue where missing refresh tokens cause duplicate key error #122
0.2.0 #165 (aeneasr)
ensure client endpoint is initialised for CLI "clients import" command #149 (boyvinall)
Resolve rethinkdb connection when idle #148 (aeneasr)
all: resolve issues with the sdk and cli #142 (aeneasr)
Resolve warden issues #128 (aeneasr)
Various bugfixes #123 (aeneasr)

Closed issues:

Error trying to create a token via curl #174
gorethink: could not decode type []uint8 into Go value of type string #169
document warden interface sdk #166
Document what OpenID Connect is and how to use it #154
Warden endpoints #137
Environment variables naming scheme #136
Implicit Flow redirect_uri does not match #133
hydra 2FA on cloud providers #132
Document HTTP client libraries for go #101
Document error redirect to identity provider #96
use dropbox example to explain oauth2 #95

Merged pull requests:

client: fix client.GetClients() for multiple clients #151 (boyvinall)
readme: Fix table of contents links #145 (smithrobs)
doc: Minor grammar/spelling fixes for README #144 (smithrobs)
Add some precisions to installation #131 (yageek)

0.1-beta.4 (2016-06-26)

Full Changelog

Implemented enhancements:

Connect to rethinkdb over SSL with self-signed certificate #114

Fixed bugs:

clients endpoint returns client secret base64 encoded #119
firewall 403s on warden endpoints #118
Client secrets should not be hashed when POSTing #113
Resolve issues with warden and client api #120 (aeneasr)
client: return client secret on POST and remove it from GET #117 (aeneasr)

Merged pull requests:

Connect to rethinkdb with a custom certificate #116 (matteosuppo)
dist: fix typos in exemplary policies #112 (aeneasr)

0.1-beta.3 (2016-06-20)

Full Changelog

Implemented enhancements:

docker: remove wait time on boot and use restart unless-stopped option #105 (aeneasr)

Fixed bugs:

Warden handlers are not mounted #109

Closed issues:

Installation fails #108
Exchange token from browser client #107
Temporary Client not working #106
Could not fetch initial state with docker-compose #103

Merged pull requests:

all: update jwt-go to versioned package and update dependencies #111 (aeneasr)
Mount warden handler #110 (faxal)

0.1-beta.2 (2016-06-14)

Full Changelog

Implemented enhancements:

CLI should have -dry option to show what the HTTP request looks like #99
Add offline scope for refresh tokens #97
extend jwk cert store #92
Creating clients with predefined credentials #91
Passing key and certificate to hydra #88
AES-GCM key should be sha256(secret)[:32] #86
Update GoRethink imports #78
link exemplary policies in the docs #75
support SAML in addition to OAuth2 #29
0.1-beta2 #90 (aeneasr)
vendor: switch to versioned gorethink api #81 (aeneasr)

Fixed bugs:

fix issue where tls certificate is regenerated on boot #93
typo: singing instead of signing #89
404 in the gitbook #85
Update GoRethink imports #78
client: resolved that secrets can not be set when using http or cli #102 (aeneasr)

Closed issues:

document security architecture #82
go install fails #77
Security audit based on rfc6819 #42

Merged pull requests:

Fix typo of weather #100 (smurfpandey)
readme: add security section #87 (aeneasr)
Fix idiom in README #79 (neuhaus)

0.1-beta1 (2016-05-29)

Implemented enhancements:

client rest endpoint: rename name to client\_name #72
allow using not self-signed TLS certificates #70
Implement OpenID Connect Dynamic Client Registration 1.0 #65
Implement default identity provider using postgres #63
Implement generic connectors #61
Replace osin with ory-am/fosite #46
Remove dockertest dependency from handlers #43
adding RethinkDB as a Store #39
Add more IdPs #33
Make JWT as access tokens optional and replace with a custom strategy #32
support for ldap for user storage #28
Migrate from mux to httprouter #14
Decompositioning, implement Fosite #62 (aeneasr)

Fixed bugs:

spec: /jwk/:set/:kid must return array #74
client rest endpoint: rename name to client\\_name #72
Too many open files probably caused by http client #47

Closed issues:

Add Dockerfile for autobuild #60
CLI refactor and initial account set up #59
ory-am ssl cert invalid #58
Granted Endpoint Proposal: Performant access decisions for resource providers using REST #48
Security "audit" pre-analysis (based on rfc6749) #41
wrong repo #40
Rename providers to connectors #38
Are there standards for connecting to third party providers #37
Add support for scopes #36
Readme: Accounts CLI Usage #31
Continue using JWT as access tokens? #22
remove refresh token claims #21
godeps should only be commited on release #19
refactor POST workflow #13
JWT assertions #5
Check JWT Algorithm #3

Merged pull requests:

Remove go get of govet in .travis.yml #67 (sbani)
Hydra is now using Go 1.6 vendoring and is deployable to heroku #56 (aeneasr)
Heroku #55 (aeneasr)
Update README.md #54 (leetal)
RethinkDB #53 (leetal)
handler.go:300: no formatting directive in Sprintf call #52 (QuentinPerez)
providers: added microsoft and improved existing providers #51 (aeneasr)
oauth: added google provider #50 (aeneasr)
handle multiple return values from gopass #49 (timothyknight)
doc: create MAINTAINERS #45 (aeneasr)
docs: create CONTRIBUTING.md #44 (aeneasr)
update accounts CLI Usage #34 (akhedrane)
Add a Gitter chat badge to README.md #30 (gitter-badger)
Extra arguments #27 (QuentinPerez)
all: oauth and guard endpoints now accept basic auth instead of token… #26 (aeneasr)
account: refactor, more endpoints and tests #25 (aeneasr)
all: username instead of email, token revocation, introspect spec ali… #24 (aeneasr)
Tutorial #23 (aeneasr)
Unstaged #20 (aeneasr)
client: now tries to refresh when token is invalid #18 (aeneasr)
client: added possibility to skip CA check #17 (aeneasr)
cli: fixed default TLS and JWT filepaths #16 (aeneasr)
Policy changes and more tests #15 (aeneasr)
unstaged #12 (aeneasr)
Ladon api update & policy http endpoint #11 (aeneasr)
Improved CLI client create and provider workflow. #10 (aeneasr)
cli #9 (aeneasr)
all: increased test coverage #8 (aeneasr)
Handlers and cleanup #7 (aeneasr)
Single Sign On #6 (aeneasr)
tests: increased coverage #4 (aeneasr)
Implemented jwt, middleware, test coverage and handlers. #2 (aeneasr)
Refactor #1 (aeneasr)

* This Change Log was automatically generated by github_changelog_generator

Files

CHANGELOG.md

Latest commit

History

CHANGELOG.md

File metadata and controls

Change Log

Unreleased

v1.0.0 (2019-06-24)

v1.0.0-rc.16 (2019-06-13)

v1.0.0-rc.15 (2019-06-05)

v1.0.0-rc.14 (2019-05-18)

v1.0.0-rc.12 (2019-05-10)

v1.0.0-rc.11 (2019-05-02)

v1.0.0-rc.10 (2019-04-29)

v1.0.0-rc.9+oryOS.10 (2019-04-18)

v1.0.0-rc.8+oryOS.10 (2019-04-03)

v1.0.0-rc.7+oryOS.10 (2019-04-02)

v1.0.0-rc.6+oryOS.10 (2018-12-18)

v1.0.0-rc.5+oryOS.10 (2018-12-13)

v1.0.0-rc.4+oryOS.9 (2018-12-12)

v1.0.0-rc.3+oryOS.9 (2018-12-06)

v1.0.0-rc.2+oryOS.9 (2018-11-21)

v1.0.0-rc.1+oryOS.9 (2018-11-21)

v1.0.0-beta.9 (2018-09-01)

v1.0.0-beta.8 (2018-08-10)

v1.0.0-beta.7 (2018-07-16)

v1.0.0-beta.6 (2018-07-11)

v1.0.0-beta.5 (2018-07-07)

v0.11.14 (2018-06-15)

v1.0.0-beta.4 (2018-06-13)

v1.0.0-beta.3 (2018-06-13)

v1.0.0-beta.2 (2018-05-29)

v1.0.0-beta.1 (2018-05-29)

v0.11.12 (2018-04-08)

v0.11.10 (2018-03-19)

v0.11.9 (2018-03-10)

v0.11.7 (2018-03-03)

v0.11.6 (2018-02-07)

v0.11.4 (2018-01-23)

v0.11.3 (2018-01-23)

v0.11.2 (2018-01-22)

v0.11.1 (2018-01-18)

v0.11.0 (2018-01-08)

v0.10.10 (2017-12-16)

v0.10.9 (2017-12-13)

v0.10.8 (2017-12-12)

v0.10.7 (2017-12-09)

v0.10.6 (2017-12-09)

v0.10.5 (2017-12-09)

v0.10.4 (2017-12-09)

v0.10.3 (2017-12-08)

v0.10.2 (2017-12-08)

v0.10.1 (2017-12-08)

v0.10.0 (2017-12-08)

v0.10.0-alpha.21 (2017-11-27)

v0.10.0-alpha.20 (2017-11-26)

v0.10.0-alpha.19 (2017-11-26)

v0.10.0-alpha.18 (2017-11-06)

v0.10.0-alpha.17 (2017-11-06)

v0.10.0-alpha.16 (2017-11-06)

v0.10.0-alpha.15 (2017-11-06)

v0.10.0-alpha.14 (2017-11-06)

v0.10.0-alpha.13 (2017-11-06)

v0.10.0-alpha.11 (2017-11-06)

v0.10.0-alpha.12 (2017-11-06)

v0.10.0-alpha.10 (2017-10-26)

v0.10.0-alpha.9 (2017-10-25)

v0.9.16 (2017-10-23)

v0.10.0-alpha.8 (2017-10-18)

v0.9.15 (2017-10-11)

v0.9.14 (2017-10-06)

v0.10.0-alpha.7 (2017-10-06)

v0.10.0-alpha.6 (2017-10-05)

v0.10.0-alpha.5 (2017-10-05)

v0.10.0-alpha.4 (2017-10-05)

v0.10.0-alpha.3 (2017-10-05)

v0.10.0-alpha.2 (2017-10-05)

v0.10.0-alpha.1 (2017-10-05)

v0.9.13 (2017-09-26)