v0.6.0-alpha.1

版本发布时间: 2021-05-06 02:01:22

ory/kratos最新发布版本:v1.2.0(2024-06-05 19:02:56)

Today Ory Kratos v0.6 has been released! We are extremely happy with this release where we made many changes that pave the path for exciting future additions such as integrating 2FA more easily! We would like to thank the awesome community for the many contributions.

Kratos v0.6 includes an insane amount of work spread over the last five months - 480 commits and over 4200 files changed. The team at Ory would like to thank all the amazing contributors that made this release possible!

Here is a summary of the most important changes:

Ory Kratos now support highly customizable web hooks - contributed by @dadrus and @martinei;
Ory Kratos Courier can now be run as a standalone task using kratos courier watch -c your/config.yaml. To use the mail courier as a background task of the server run kratos serve --watch-courier - contributed by @mattbonnell;
Reworked migrations to ensure stable migrations in production systems - backward compatibility is ensured and tested;
Upgraded to Go 1.16 and removed all static file packers, greatly improving build time;
Refactored our SDK pipeline from Swagger 2.0 to OpenAPI Spec 3.0. Ory's SDKs are now properly typed and bugs can easily be addressed using a patch process. Due to this, we had to move away from go-swagger client generation for the Go SDK and replace it with openapi-generator. This, unfortunately, introduced breaking changes in the Go SDK APIs. If you have problems migrating, or have a tutorial on how to migrate, please share it with the community on GitHub!
Created reliable health and status checks by ensuring that e.g. migrations have completed;
Made resilient CLI client commands e.g. kratos identities list;
Better support for cookies in multi-domain setups called domain aliasing;
A new, dynamically generated FAQ;
Enhanced GitHub and Google claims parsing;
Faster and more resilient CI/CD pipeline;
Improvements for running Ory Kratos in secure Kubernetes environments;
Better Helm Charts for Ory Kratos;
Support for BCrypt hashing, which is now the default hashing implementation. Existing Argon2id hashes will be automatically translated to BCrypt hashes when the user signs in the next time. We recommend using Argon2id in use cases where password hashing is required to take at least 2 seconds. For regular web workloads (200ms) BCrypt is recommended - contributed by @seremenko-wish;
The Argon2 memory configuration is now human readable: hashers.argon2.memory: 131072 -> hashers.argon2.memory: 131072B (supports kb, mb, kib, mib, ...).
Add possibility to keep track of the return_to URLs for verification_flows after sign up using the new after_verification_return_to query parameter (e.g. http://foo.com/registration?after_verification_return_to=verification_callback) - contributed by @mattbonnell;
Emails are now populated at delivery time, offering more flexibility in terms of templating;
Emails contain a plaintext variant for email clients that do not display HTML emails - contributed by @mattbonnell;
Mitigation for password hash timing attacks by adding a random delay to login attempts where the user does not exist;
Resolving SDKs issues for whoami requests;
Simplified database schema for faster processing, significantly reducing the amount of data stored and latency as several JOINS have been removed;
Support for binding the HTTP server on UNIX sockets - contributed by @sloonz;

There are even more contributions by @NickUfer and harnash. In total, 33 people contributed to this release! Thank you all!

IMPORTANT: Please be aware that the database schema has changed significantly. Applying migrations might, depending on the size of your tables, take a long time. If your database does not support online schema migrations, you will experience downtimes. Please test the migration process before applying it to production!

The probably biggest and most significant change is the refactoring of how self-service flows work and what their payloads look like. This took the most amount of time and introduces the biggest breaking changes in our APIs. We did this refactoring to support several flows planned for Ory Kratos 0.7:

Displaying QR codes (images) in login, registration, settings flows - necessary for TOTP 2FA;
Asking the login/registration/... UI to render JavaScript - necessary for CAPTCHA, WebAuthN, and more;
Refactoring the form submission API to use one endpoint per flow instead of one endpoint per flow per method. This allows us to process several registration/settings/login/... methods such as password + 2FA in one Go.

Check out how we migrated the NodeJS app from the Ory Kratos 0.5 to Ory Kratos 0.6 SDK.

Let's take a look into how these payloads have changed (the flows have identical configuration):

Ory Kratos v0.5

Login

{
  "id": "ee6e1565-d3c3-4f3a-a6ff-0ba6b3a6481b",
  "type": "browser",
  "expires_at": "2020-09-13T10:49:54.8295242Z",
  "issued_at": "2020-09-13T10:39:54.8295242Z",
  "request_url": "http://127.0.0.1:4433/self-service/login/browser",
  "methods": {
    "password": {
      "method": "password",
      "config": {
        "action": "http://127.0.0.1:4433/self-service/login/methods/password?flow=ee6e1565-d3c3-4f3a-a6ff-0ba6b3a6481b",
        "method": "POST",
        "fields": [
          {
            "name": "identifier",
            "type": "text",
            "required": true,
            "value": ""
          },
          {
            "name": "password",
            "type": "password",
            "required": true
          },
          {
            "name": "csrf_token",
            "type": "hidden",
            "required": true,
            "value": "lNrB8sW2fZY6xnnA91V7ISYrUVcJbmRCOoGHjsnsfI7MsIL5RTbuWFm5TRv1azQW+7IRCfnt2Ch6pC42/45sJQ=="
          }
        ]
      }
    }
  },
  "forced": false
}

Registration

{
  "id": "2b1f8c5d-e830-4068-97b8-35f776df9217",
  "type": "browser",
  "expires_at": "2020-09-13T10:53:15.1774019Z",
  "issued_at": "2020-09-13T10:43:15.1774019Z",
  "request_url": "http://127.0.0.1:4433/self-service/registration/browser",
  "active": "password",
  "messages": null,
  "methods": {
    "password": {
      "method": "password",
      "config": {
        "action": "http://127.0.0.1:4433/self-service/registration/methods/password?flow=2b1f8c5d-e830-4068-97b8-35f776df9217",
        "method": "POST",
        "fields": [
          {
            "name": "csrf_token",
            "type": "hidden",
            "required": true,
            "value": "1IlHWNjkAZxuYhO82WPgNTgujKsUSaW87j6og/20i2uM4wRTWGSSUg0dJ2fbXa8C5bfM9eTKGdauGwE7y9abwA=="
          },
          {
            "name": "password",
            "type": "password",
            "required": true,
            "messages": [
              {
                "id": 4000005,
                "text": "The password can not be used because the password has been found in at least 23597311 data breaches and must no longer be used..",
                "type": "error",
                "context": {
                  "reason": "the password has been found in at least 23597311 data breaches and must no longer be used."
                }
              }
            ]
          },
          {
            "name": "traits.email",
            "type": "text",
            "value": "foo@ory.sh"
          },
          {
            "name": "traits.name.first",
            "type": "text",
            "value": "Ory"
          },
          {
            "name": "traits.name.last",
            "type": "text",
            "value": "Corp"
          }
        ]
      }
    }
  }
}

Ory Kratos v0.6

Login

As you can see below, the input name identifier has changed to password_identifier.

{
  "id": "07016811-917d-4788-bb9c-fc297897af6c",
  "type": "browser",
  "expires_at": "2021-04-28T08:37:53.924337873Z",
  "issued_at": "2021-04-28T08:27:53.924337873Z",
  "request_url": "http://127.0.0.1:4433/self-service/login/browser",
  "ui": {
    "action": "http://127.0.0.1:4433/self-service/login?flow=07016811-917d-4788-bb9c-fc297897af6c",
    "method": "POST",
    "nodes": [
      {
        "type": "input",
        "group": "default",
        "attributes": {
          "name": "csrf_token",
          "type": "hidden",
          "value": "IuiHo8fajl6Nwi2CfR33bmC7ZI+geYY44oinK/npkS9gaeV6DlkzS0voYZuyGawsCruvlawFl/pY6/Ph6d9JVg==",
          "required": true,
          "disabled": false
        },
        "messages": null,
        "meta": {}
      },
      {
        "type": "input",
        "group": "password",
        "attributes": {
          "name": "password_identifier",
          "type": "text",
          "value": "",
          "required": true,
          "disabled": false
        },
        "messages": null,
        "meta": {
          "label": {
            "id": 1070004,
            "text": "ID",
            "type": "info"
          }
        }
      },
      {
        "type": "input",
        "group": "password",
        "attributes": {
          "name": "password",
          "type": "password",
          "required": true,
          "disabled": false
        },
        "messages": null,
        "meta": {
          "label": {
            "id": 1070001,
            "text": "Password",
            "type": "info"
          }
        }
      },
      {
        "type": "input",
        "group": "password",
        "attributes": {
          "name": "method",
          "type": "submit",
          "value": "password",
          "disabled": false
        },
        "messages": null,
        "meta": {
          "label": {
            "id": 1010001,
            "text": "Sign in",
            "type": "info",
            "context": {}
          }
        }
      }
    ]
  },
  "forced": false
}

Registration

{
  "id": "f0c0830a-f5b2-4c2d-a37f-2e70152a4f7c",
  "type": "browser",
  "expires_at": "2021-04-28T08:54:12.951178972Z",
  "issued_at": "2021-04-28T08:44:12.951178972Z",
  "request_url": "http://127.0.0.1:4433/self-service/registration/browser",
  "ui": {
    "action": "http://127.0.0.1:4433/self-service/registration?flow=f0c0830a-f5b2-4c2d-a37f-2e70152a4f7c",
    "method": "POST",
    "nodes": [
      {
        "type": "input",
        "group": "default",
        "attributes": {
          "name": "csrf_token",
          "type": "hidden",
          "value": "408SIAOvpKxW/WbcYfKue26MlLTMbON7T7JT1yhiSemhznD5yiwZuZDXKsWu9vU5BIxfrsAQ8rn10QcdOFSRkA==",
          "required": true,
          "disabled": false
        },
        "messages": null,
        "meta": {}
      },
      {
        "type": "input",
        "group": "password",
        "attributes": {
          "name": "traits.email",
          "type": "email",
          "disabled": false
        },
        "messages": null,
        "meta": {
          "label": {
            "id": 1070002,
            "text": "E-Mail",
            "type": "info"
          }
        }
      },
      {
        "type": "input",
        "group": "password",
        "attributes": {
          "name": "password",
          "type": "password",
          "required": true,
          "disabled": false
        },
        "messages": null,
        "meta": {
          "label": {
            "id": 1070001,
            "text": "Password",
            "type": "info"
          }
        }
      },
      {
        "type": "input",
        "group": "password",
        "attributes": {
          "name": "traits.name.first",
          "type": "text",
          "disabled": false
        },
        "messages": null,
        "meta": {
          "label": {
            "id": 1070002,
            "text": "First Name",
            "type": "info"
          }
        }
      },
      {
        "type": "input",
        "group": "password",
        "attributes": {
          "name": "traits.name.last",
          "type": "text",
          "disabled": false
        },
        "messages": null,
        "meta": {
          "label": {
            "id": 1070002,
            "text": "Last Name",
            "type": "info"
          }
        }
      },
      {
        "type": "input",
        "group": "password",
        "attributes": {
          "name": "method",
          "type": "submit",
          "value": "password",
          "disabled": false
        },
        "messages": null,
        "meta": {
          "label": {
            "id": 1040001,
            "text": "Sign up",
            "type": "info",
            "context": {}
          }
        }
      }
    ]
  }
}

These changes are analogous to settings, recovery, verification as well!

We hope you enjoy these new features as much as we do, even if we were not able to deliver 2FA in time for 0.6!

On the last note, Ory Platform, a SaaS is launching in May as early access. It includes Ory Kratos as a managed service and we plan on adding all the other Ory open source technology soon. In our view, Ory is a 10x improvement to the existing "IAM" ecosystem:

The major components of Ory Platform are and will remain Apache 2.0 licensed open source. We are not changing our approach or commitment to open source. The SaaS model allows us to keep commercialization and open source in harmony;
Affordable pricing - Ory does not charge on a per identity basis;
Supporting migrations from the Ory Platform (SaaS) to the open-source and vice versa;
Offering a planet-scale service with ultra-low latencies no matter where your users are;
The largest set of features and APIs of any Identity Product, including Identity and Credentials Management (Ory Kratos), Permissions and Access Control (Ory Keto), Zero-Trust Networking (Ory Oathkeeper), OAuth2, and OpenID Connect (Ory Hydra) plus integrations with Stripe, Mailchimp, Salesforce, and much more.
Data aggregation for threat mitigation, auditing, and other use cases (e.g. integration with Snowflake, AWS RedShift, GCP BigQuery, ...)
All the advantages of the open source projects - headless, fully customizable, strong security, built with a community; If you wish to become a part of the preview, please write a short email to sales@ory.sh. Early access adopters are also eligible for Ory Hypercare - helping you integrate with Ory fast and designing your security architecture following industry best practices.

Thank you for being a part of our community!

0.6.0-alpha.1 (2021-05-05)

Bug Fixes

Add include stub go files (6d725b1)
Add index to migration status (8c6ec27)
Add node_modules to format tasks (e5f6b36)
Add titles to identity schema (73c15d2)
Adopt to new go-swagger changes (5c45bd9)
Allow absolute file URLs as config values (#1069) (4bb4f67)
Allow hashtag in ui urls (#1040) (7591f07)
Avoid unicode-escaping ampersand in recovery URL query string (#1212) (d172368)
Bcrypt regression in credentials counting (23fc13b)
Broken make quickstart-dev task (#980) (999828a), closes #965
Broken make sdk task (#977) (5b01c7a), closes #950
Call contextualized test helpers (e1f3f78)
Code integer parsing bit size (#1178) (31e9632):

In some cases we had a wrong bitsize of 64, while the var was later cast to int. Replaced with a bitsize of 0, which is the value to cast to int.
Contextualize identity persister (f8640c0)
Convert all identifiers to lower case on login (#815) (d64b575), closes #814
Courier adress (#1198) (ebe4e64), closes #1194
Courier message dequeue race condition (#1024) (5396a82), closes #652 #732:

Fixes the courier message dequeuing race condition by modifying *sql.Persister.NextMessages(ctx context.Context, limit uint8) to retrieve only messages with status MessageStatusQueued and update the status of the retrieved messages to MessageStatusProcessing within a transaction. On message send failure, the message's status is reset to MessageStatusQueued, so that the message can be dequeued in a subsequent NextMessages call. On message send success, the status is updated to MessageStatusSent (no change there).
Define credentials types as sql template and resolve crdb issue (a2d6eeb)
Dereference pointer types from new flow structures (#1019) (efedc92)
Do not include smtp in tracing (#1268) (bbfcbf9)
Do not publish version at public endpoint (3726ed4)
Do not reset registration method (554bb0b)
Do not return system errors for missing identifiers (1fcc855), closes #1286
Export mailhog dockertest runner (1384148)
Fix random delay norm distribution math (#1131) (bd9d28f)
Fork audit logger from root logger (68a09e7)
Gitlab oidc flow (#1159) (0bb3eb6), closes #1157
Give specific message instead of only 404 when method is disabled (#1025) (2f62041):

Enabled strategies are not only used for handlers but also in other areas (e.g. populating the flow methods). So we should keep the logic to get enabled strategies and add new functions for getting all strategies.
Ignore unset domain aliases (ada6997)
Improve cli error output (43e9678)
Improve error stack trace (4351773)
Improve error tracing (#1005) (456fd25)
Improve test contextualization (2f92a70)
Initialize randomdelay with seeded source (9896289)
Insert credentials type constants as part of migrations (#865) (92b79b8), closes #861
Linking a connection may result in system error (#990) (be02a70), closes #694
Marking whoami auhorization parameter as 'in header' (#1244) (62d8b85), closes #1215
Move schema loaders to correct file (029781f)
Move to new transaction-safe migrations (#1063) (2588fb4):

This patch introduces a new SQL transaction model for running SQL migrations. This fix is particularly targeted at CockroachDB which has limited support for mixing DDL and DML statements.

Previously it could happen that migrations failure needed manual intervention. This has now been resolved. The new migration model is compatible with the old one and should work without a problem.
Pass down context to registry (0879446)
Re-enable SDK generation (1d5854d)
Record cypress runs (db35d8f)
Rehydrate settings form on successful submission (3457e1a), closes #1305
Remove absolete 'make pack' from Dockerfile (#1172) (b8eb908)
Remove continuity cookies on errors (85eea67)
Remove include stubs (1764e3a)
Remove obsolete clihelpers (230fd13)
Remove record from bash script (84a9315)
Remove stray non-ctx configs (#1053) (1fe137e)
Remove trailing double-dot from error (59581e3)
Remove unused sql migration (1445d1d)
Remove unused var (30a8cee)
Remove verify hook (98cfec6), closes #1302:

The verify hook is automatically used when verification is enabled and has been removed as a configuration option.
Replace jwt module (#1254) (3803c8c), closes #1250
Resolve build and release issues (fb582aa)
Resolve clidoc issues (599e9f7)
Resolve compile issues (63063c1)
Resolve contextualized table issues (5a4f0d9)
Resolve crdb migration issue (9f6edfd)
Resolve double hook invokation for registration (032322c)
Resolve incorrect field types on oidc sign up completion (f88b6ab)
Resolve lint issues (0348825)
Resolve lint issues (75a995b)
Resolve linting issues and disable nancy (c8396f6)
Resolve mail queue issues (b968bc4)
Resolve merge regressions (9862ac7)
Resolve oidc e2e regressions (f28087a)
Resolve oidc regressions and e2e tests (f5091fa)
Resolve potential fsnotify leaks (3159c0a)
Resolve regressions and test failures (8bae356)
Resolve regressions in cookies and payloads (9e34bf2)
Resolve settings sudo regressions (4b611f3)
Resolve test regressions (e3fb028)
Resolve ui issues with nested form objects (8e744b9)
Resolve update regression (d0d661a)
Return delay instead of sleeping to improve tests (27b977e)
Revert generator changes (c18b97f)
Run correct error handler for registration hooks (0d80447)
Simplify data breaches password error reason (#1136) (33d29bf):

This PR simplifies the error reason given when a password has appeared in data breaches to not include the actual number and rather just show "this password has appeared in data breaches and must not be used".
Support form and json formats in decoder (d420fe6)
Update openapi definitions for signup (eb0b69d)
Update quickstart node image (c19b2f4):

See https://github.com/ory/kratos/discussions/1301
cmd: Make HTTP calls resilient (e8ed61f)
hashing: Make bcrypt default hashing algorithm (04abe77)
Update to new goreleaser config (4c2a1b7)
Update to new healthx (6ec987a)
Use equalfold (1c0e52e)
Use new TB interface (d75a378)
Use numerical User ID instead of name to avoid k8s security warnings (#1151) (468a12e):

Our docker image scanner does not allow running processes inside container using non-numeric User spec (to determine if we are trying to run docker image as root).
Use remote dependencies (1e56457)

Code Refactoring

Adapt new sdk in testhelpers (6e15f6f)
Add nid everywhere (407fd95)
Contextualize everything (7ebc3a9):

This patch contextualizes all configuration and DBAL models.
Do not use prefixed node names (fc42ece)
Improve Argon2 tooling (#961) (3151187), closes #955:

This adds a load testing CLI that allows to adjust the hasher parameters under simulated load.
Move faker to exportable module (09f8ae5)
Move migratest helpers to ory/x (7eca67e)
Move password config to selfservice (cd0e0eb)
Move to go 1.16 embed (43c4a13):

This patch replaces packr and pkged with the Go 1.16 embed feature.
Remove password node attribute prefix (e27fae4)
Remove profile node attribute prefix (a3ff6f7)
Rename config structs and interfaces (4a2f419)
Rename form to container (5da155a)
Replace flow's forms with new ui node module (647eb1e)
Replace flow's forms with new ui node module (f74a5c2)
Replace login flow methods with ui container (d4ca364)
Replace recovery flow methods with ui container (cac0456)
Replace registration flow methods with ui container (3f6388d)
Replace settings flow methods with ui container (0efd17e)
Replace verification flow methods with ui container (dbf2668)
Replace viper with koanf config management (5eb1bc0)
Update RegisterFakes calls (6268310)
Use underscore in webhook auth types (26829d2)

Documentation

Add docker to docs main (8ce8b78)
Add docker to sidebar (ed38c88)
Add dotnet sdk (#1183) (32d874a)
Add faq sidebar (#1105) (10697aa)
Add log docs to schema config (4967f11)
Add more HA docs (cbb2e27)
Add Rust and Dart SDKs (6d96952):

We now support for Rust and Dart SDKs!
Add SameSite help (2df6729)
Add shell-session language (d16db87)
Add ui node docs (e48a07d)
Adding double colons (#1187) (fc712f4)
Bcrypt is default and add 72 char warning (29ae53a)
Better import identities examples (#997) (2e2880a)
Change forum to discussions readme (#1220) (ae39956)
Describe more about Kratos login/browser flow on quickstart doc (#1047) (fe725ad)
Docker file links (#1182) (4d9b6a3)
Document hash timing attack mitigation (ec86993)
Explain how to use after_verification_return_to (7e1546b)
FAQ improvements (#1135) (44d0bc9)
FAQ item & minor changes (#1174) (11cf630)
Fix broken link (#1037) (6b9aae8)
Fix failing build (0de328f)
Fix formatting (#966) (687251a)
Fix identity state bullets (#1095) (f476334)
Fix known/unknown email account recovery (#1211) (e208ca5)
Fix link (7f6d7f5)
Fix link (#1128) (e7043e9)
Fix link to blogpost (#949) (4622e32), closes #945
Fix link to self-service flows overview (#995) (2be8778)
Fix note block in third party login guide (#920) (745cea0):

Allows the document to render properly
Fix npm links (#991) (4ce4468)
Fix self-service code flows labels (#1253) (f2ed424)
Fix typo in README (#1122) (e500707)
Link to argon2 blogpost and add cross-references (#1038) (9ab7c3d)
Make explicit the ID of the default schema (#1173) (cc6e9ff)
Minor cosmetics (#1050) (34db06f)
Minor improvements (#1052) (f0672b5)
ORY -> Ory (ea30979)
Reformat settings code samples (cdbbf4d)
Remove unnecessary and wrong docker pull commands (#1203) (2b0342a)
Resolve duplication error (a3d8284)
Update build from source (9b5754f), closes #979
Update email template docs (1778cb9), closes #897
Update identity-data-model links (b5fd9a3)
Update identity.ID field documentation (4624f03):

See https://github.com/ory/kratos/discussions/956
Update kratos video link (#1073) (e86178f)
Update login code samples (695a30f)
Update login code samples (ce6c755)
Update quickstart samples (c3fcaba)
Update recovery code samples (d9fbb62)
Update registration code samples (317810f)
Update self-service code samples (6415011)
Update settings code samples (bbd6266)
Update verification code samples (4285dec)
Use correct extension for identity-data-model (acab3e8), closes /github.com/ory/kratos/pull/1197#issuecomment-819455322
prometheus: Update codedoc (47146ea)

Features

Add email template specification in doc (#898) (4230d9e)
Add error for when no login strategy was found (6bae66c)
Add facebook provider to oidc providers and documentation (#1035) (905bb03), closes #1034
Add FAQ to docs (#1096) (9c6b68c)
Add gh login to claims (49deb2e)
Add login strategy text message (7468c83)
Add more tests for multi domain args (e99803b)
Add Prometheus monitoring to Public APIs (#1022) (75a4f1a)
Add random delay to login flow (#1088) (cb9894f), closes #832
Add return_url to verification flow (#1149) (bb99912), closes #1123 #1133
Add sql migrations for new login flow (e947edf)
Add sql tracing (3c4cc1c)
Add tracing to config schema (007dde4)
Add transporter with host modification (2c41b81)
Add workaround template for go openapi (5d72d10)
Adds slack sogial login (#974) (7c66053), closes #953
Allow session cookie name configuration (77ce316), closes #268
Allow specifying sender name in smtp.from_address (#1100) (5904fe3)
Bcrypt algorithm support (#1169) (b2612ee):
This patch adds the ability to use BCrypt instead of Argon2id for password hashing. We recommend using BCrypt for web workloads where password hashing should take around 200ms. For workloads where login takes >= 2 seconds, we recommend to continue using Argon2id.

To use bcrypt for password hashing, set your config as follows:
```
hashers:
bcrypt:
   cost: 12
 algorithm: bcrypt
```
Switching the hashing algorithm will not break existing passwords!

Co-authored-by: Patrik zepatrik@users.noreply.github.com
Check migrations in health check (c6ef7ad)
Configure domain alias as query param (9d8563e)
Contextualize configuration (d3d5327)
Contextualize health checks (8145a1c)
Contextualize http client in cli calls (3b3ef8f)
Contextualize persitence testers (6440373)
Courier foreground worker with "kratos courier watch" (#1062) (500b8ba), closes #1033 #1024:

BREACKING CHANGES: This patch moves the courier watcher (responsible for sending mail) to its own foreground worker, which can be executed as a, for example, Kubernetes job.

It is still possible to have the previous behaviour which would run the worker as a background task when running kratos serve by using the --watch-courier flag.

To run the foreground worker, use kratos courier watch -c your/config.yaml.
Do not enforce bcrypt 12 for dev envs (bbf44d8)
Email input validation (#1287) (cd56b73), closes #1285
Export and add config options (4391fe5)
Expose courier worker (f50969e)
Expose crdb ui (504d518)
Global docs sidebar (#1258) (7108262)
Implement and test domain aliasing (1516a54):

This patch adds a feature called domain aliasing. For more information, head over to http://ory.sh/docs/kratos/next/guides/multi-domain-cookies
Improve oas spec and fix mobile tests (4ead2c8)
Improve sorting of ui fields (797b49d):

See https://github.com/ory/kratos/discussions/1196
Include schema (348a493)
Make cli commands consumable in Ory Cloud (#926) (fed790b)
Migrate to openapi v3 (595224b)
Populate email templates at delivery time, add plaintext defaults (#1155) (7749c7a), closes #1065
Sort and label nodes with easy to use defaults (cbec27c):
Ory Kratos takes a guess based on best practices for
- ordering UI nodes (e.g. email, password, submit button)
- grouping UI nodes (e.g. keep password and oidc nodes together)
- labeling UI nodes (e.g. "Sign in with GitHub")
- using the "title" attribute from the identity schema to label trait fields
This greatly simplifies front-end code on your end and makes it even easier to integrate with Ory Kratos! If you want a custom experience with e.g. translations or other things you can always adjust this in your UI integration!
Support base64 inline schemas (815a248)
Support contextual csrf cookies (957ef38)
Support domain aliasing in session cookie (0681c12)
Support label in oidc config (a99cdcd)
Support retryable CRDB transactions (f0c21d7)
Unix sockets support (#1255) (ad010de)
Web hooks support (recovery) (#1289) (3e181fe), closes #271:

feat: web hooks for self-service flows

This feature adds the ability to define web-hooks using a mixture of configuration and JsonNet. This allows integration with services like Mailchimp, Stripe, CRMs, and all other APIs that support REST requests. Additional to these new changes it is now possible to define hooks for verification and recovery as well!

For more information, head over to the hooks documentation.
courier: Allow sending individual messages (cbb2c0b)
oidc: Support google hd claim (#1097) (1f20a5c)
schema: Add totp errors (a61f881)

Tests

Add case to ensure correct behavior when verifying a different email address (#999) (f95a117), closes #998
Add oasis test case (f80691b)
Bump poll interval (b3dc925)
Bump video quality (b7f8d04)
Bump wait times (b2e43f8)
Clean up hydra env before restart (cf49414)
Longer wait times (4bec9ef)
Reliable migration tests on crdb (2e3764b)
Remove old noop test (16dca3f)
Resolve compile issues (c1b5ba4)
Resolve flaky tests (cb670a8)
Resolve json parser test regression (a1b9b9a)
Resolve login integration regressions (388b5b2)
Resolve migration regression (2051a71)
Resolve more json parser test regressions (ff791c4)
Resolve regression (e2b0ad3)
Update schema tests for webhooks (d1ddfa8)
e2e: Significantly reduce wait and idle times (f525fc5)
Resolve more regressions (c5a23af)
Resolve order regression (40a849c)
Resolve regression (f0c9e5f)
Resolve regressions (4b9da3c)
Resolve stub regressions (82650cf)
Resolve test migrations (de0b65d)
Resolve test regression issues (ccf9fed)
Speed up tests (a16737c)
Update test description (55fb37f)
Use bcrypt cost 4 to reduce CI times (cabe97d)
Use fast bcrypt for e2e (d90cf13)

Unclassified

Format (e4b7e79)
Format (193d266)
Format (1ebfbde)
Format (ba1eeef)
Format (ada5dbb)
Initial documentation tests via Text-Runner (#567) (c30eb26)
fix: resolve clidoc issues (#976) (346bc73), closes #976 #951
Format (17a0bf5)
:bug: fix ory home directory path (#897) (2fca2be), closes #897
Fix typo in config schema (16337f1)

BREAKING CHANGES

hashing: BCrypt is now the default hashing alogrithm. If you wish to continue using Argon2id please set hashers.algorithm to argon2.
This implies a significant breaking change in the verification flow payload. Please consult the new ui documentation. In essence, the login flow's methods key was replaced with a generic ui key which provides information for the UI that needs to be rendered.

To apply this patch you must apply SQL migrations. These migrations will drop the flow method table implying that all verification flows that are ongoing will become invalid. We recommend purging the flow table manually as well after this migration has been applied, if you have users doing at least one self-service flow per minute.

This implies a significant breaking change in the recovery flow payload. Please consult the new ui documentation. In essence, the login flow's methods key was replaced with a generic ui key which provides information for the UI that needs to be rendered.

To apply this patch you must apply SQL migrations. These migrations will drop the flow method table implying that all recovery flows that are ongoing will become invalid. We recommend purging the flow table manually as well after this migration has been applied, if you have users doing at least one self-service flow per minute.

This implies a significant breaking change in the settings flow payload. Please consult the new ui documentation. In essence, the login flow's methods key was replaced with a generic ui key which provides information for the UI that needs to be rendered.

To apply this patch you must apply SQL migrations. These migrations will drop the flow method table implying that all settings flows that are ongoing will become invalid. We recommend purging the flow table manually as well after this migration has been applied, if you have users doing at least one self-service flow per minute.

This implies a significant breaking change in the registration flow payload. Please consult the new ui documentation. In essence, the login flow's methods key was replaced with a generic ui key which provides information for the UI that needs to be rendered.

To apply this patch you must apply SQL migrations. These migrations will drop the flow method table implying that all registration flows that are ongoing will become invalid. We recommend purging the flow table manually as well after this migration has been applied, if you have users doing at least one self-service flow per minute.

This implies a significant breaking change in the login flow payload. Please consult the new ui documentation. In essence, the login flow's methods key was replaced with a generic ui key which provides information for the UI that needs to be rendered.

To apply this patch you must apply SQL migrations. These migrations will drop the flow method table implying that all login flows that are ongoing will become invalid. We recommend purging the flow table manually as well after this migration has been applied, if you have users doing at least one self-service flow per minute.

This change introduces a new feature: UI Nodes. Previously, all self-service flows (login, registration, ...) included form fields (e.g. methods.password.config.fields). However, these form fields lacked support for other types of UI elements such as links (for e.g. "Sign in with Google"), images (e.g. QR codes), javascript (e.g. WebAuthn), or text (e.g. recovery codes). With this patch, these new features have been introduced. Please be aware that this introduces significant breaking changes which you will need to adopt to in your UI. Please refer to the most recent documentation to see what has changed. Conceptionally, most things stayed the same - you do however need to update how you access and render the form fields.

Please be also aware that this patch includes SQL migrations which purge existing self-service forms from the database. This means that users will need to re-start the login/registration/... flow after the SQL migrations have been applied! If you wish to keep these records, make a back up of your database prior!

This change introduces a new feature: UI Nodes. Previously, all self-service flows (login, registration, ...) included form fields (e.g. methods.password.config.fields). However, these form fields lacked support for other types of UI elements such as links (for e.g. "Sign in with Google"), images (e.g. QR codes), javascript (e.g. WebAuthn), or text (e.g. recovery codes). With this patch, these new features have been introduced. Please be aware that this introduces significant breaking changes which you will need to adopt to in your UI. Please refer to the most recent documentation to see what has changed. Conceptionally, most things stayed the same - you do however need to update how you access and render the form fields.

The configuration value for hashers.argon2.memory is now a string representation of the memory amount including the unit of measurement. To convert the value divide your current setting (KB) by 1024 to get a result in MB or 1048576 to get a result in GB. Example: 131072 would now become 128MB.

Co-authored-by: aeneasr 3372410+aeneasr@users.noreply.github.com Co-authored-by: aeneasr aeneas@ory.sh

Please run SQL migrations when applying this patch.
The following configuration keys were updated:

selfservice.methods.password.config.max_breaches

password.max_breaches -> selfservice.methods.password.config.max_breaches
password.ignore_network_errors -> selfservice.methods.password.config.ignore_network_errors

After battling with spf13/viper for several years we finally found a viable alternative with knadh/koanf. The complete internal configuration infrastructure has changed, with several highlights:

Configuration sourcing works from all sources (file, env, cli flags) with validation against the configuration schema, greatly improving developer experience when changing or updating configuration.
Configuration reloading has improved significantly and works flawlessly on Kubernetes.
Performance increased dramatically, completely removing the need for a cache layer between the configuration system and ORY Hydra.
It is now possible to load several config files using the --config flag.
Configuration values are now sent to the tracer (e.g. Jaeger) if tracing is enabled.

Please be aware that ORY Kratos might complain about an invalid configuration, because the validation process has improved significantly.

Changelog

346bc739 fix: resolve clidoc issues (#976) 2fca2bed :bug: fix ory home directory path (#897) 16337f13 Fix typo in config schema b28aea86 autogen(docs): generate and format documentation 412af90a autogen(docs): generate and format documentation cfae68b7 autogen(docs): generate and format documentation 9438f87e autogen(docs): generate and format documentation ef300aa7 autogen(docs): generate and format documentation 9c4fdeae autogen(docs): generate and format documentation 00d2e98d autogen(docs): generate and format documentation 9ff58626 autogen(docs): generate and format documentation 80e9eb81 autogen(docs): generate and format documentation d9955bd5 autogen(docs): generate and format documentation 69f090d5 autogen(docs): generate and format documentation 17340f75 autogen(docs): generate and format documentation bbf38d32 autogen(docs): generate and format documentation 527c22e6 autogen(docs): generate and format documentation d1c8cef6 autogen(docs): generate and format documentation c2358be1 autogen(docs): generate and format documentation eb2f369a autogen(docs): generate and format documentation 7522a54f autogen(docs): generate and format documentation e0e333c5 autogen(docs): generate and format documentation 3bdbdc0c autogen(docs): generate and format documentation 7a5143c4 autogen(docs): generate and format documentation 2fb367bc autogen(docs): generate and format documentation b8971a25 autogen(docs): generate and format documentation 9efe448b autogen(docs): generate and format documentation 8ac1cf1a autogen(docs): generate and format documentation 93351636 autogen(docs): generate and format documentation 56c9ba0b autogen(docs): generate and format documentation ad4f5e6f autogen(docs): generate and format documentation f44cced6 autogen(docs): generate and format documentation 8516e404 autogen(docs): generate and format documentation 8d646453 autogen(docs): generate and format documentation 23d78bae autogen(docs): generate and format documentation f335dba7 autogen(docs): generate and format documentation 28851465 autogen(docs): generate and format documentation 0068aa56 autogen(docs): generate and format documentation 40493f8f autogen(docs): generate and format documentation 278b0a7a autogen(docs): generate and format documentation 8985775d autogen(docs): generate and format documentation 4301ea61 autogen(docs): generate and format documentation a7b05441 autogen(docs): generate and format documentation 343d02d7 autogen(docs): generate and format documentation b3b6d2ec autogen(docs): generate and format documentation 7cf1e72a autogen(docs): generate and format documentation 5405defa autogen(docs): generate and format documentation f87c939b autogen(docs): generate and format documentation fbd3f828 autogen(docs): generate and format documentation ba2f2c31 autogen(docs): generate and format documentation 6c8ca8e2 autogen(docs): generate and format documentation 3840285b autogen(docs): generate and format documentation 91f0531d autogen(docs): generate and format documentation f115821d autogen(docs): generate and format documentation 75e81fec autogen(docs): generate and format documentation 1008d2fa autogen(docs): generate and format documentation c034e3ed autogen(docs): generate and format documentation 6b6edc23 autogen(docs): generate and format documentation 2b0031ff autogen(docs): generate and format documentation 5adbfadb autogen(docs): generate and format documentation ff1aede2 autogen(docs): generate and format documentation 1811b10d autogen(docs): generate and format documentation e3f20379 autogen(docs): generate and format documentation 2725d2ce autogen(docs): generate and format documentation 162df3e5 autogen(docs): generate and format documentation a0b68861 autogen(docs): generate and format documentation 75408a0b autogen(docs): generate and format documentation 784a44eb autogen(docs): generate and format documentation e3b79200 autogen(docs): generate cli docs 8085fdec autogen(docs): generate cli docs 6653d236 autogen(docs): generate cli docs 5f88465a autogen(docs): generate cli docs 4bda1f09 autogen(docs): generate cli docs e786410b autogen(docs): generate cli docs 1d3a4349 autogen(docs): generate cli docs 425de3f1 autogen(docs): generate cli docs 95b33768 autogen(docs): generate cli docs 73db8a1b autogen(docs): generate cli docs 2bca952f autogen(docs): generate cli docs abfcdfda autogen(docs): generate cli docs d0b47976 autogen(docs): generate cli docs 15d50e2d autogen(docs): generate cli docs d87dcc74 autogen(docs): generate cli docs 0f5106c2 autogen(docs): generate cli docs 76486046 autogen(docs): generate cli docs af200d13 autogen(docs): generate cli docs 653e476a autogen(docs): generate cli docs 6788f055 autogen(docs): generate cli docs c9d14922 autogen(docs): generate cli docs 79d6a46f autogen(docs): generate cli docs e216c43c autogen(docs): generate cli docs 6c895f1d autogen(docs): generate cli docs 714508bc autogen(docs): regenerate and update changelog 4b8958a0 autogen(docs): regenerate and update changelog 3cb38805 autogen(docs): regenerate and update changelog 3661e9ba autogen(docs): regenerate and update changelog 1d213c6b autogen(docs): regenerate and update changelog bc0be6fd autogen(docs): regenerate and update changelog c8e10295 autogen(docs): regenerate and update changelog 81f13de8 autogen(docs): regenerate and update changelog 7360f2b4 autogen(docs): regenerate and update changelog 5a450c71 autogen(docs): regenerate and update changelog 3929742c autogen(docs): regenerate and update changelog 0e210643 autogen(docs): regenerate and update changelog 813d85e4 autogen(docs): update milestone document 41492f9d autogen(docs): update milestone document aad6ee9d autogen(docs): update milestone document 2e43773c autogen(docs): update milestone document 0c04a84d autogen(docs): update milestone document ef1e3f77 autogen(docs): update milestone document b20f6513 autogen(docs): update milestone document 71e602ca autogen(docs): update milestone document a559cf44 autogen(docs): update milestone document 0a1380fa autogen(docs): update milestone document 6e7e8e00 autogen(docs): update milestone document ade41e03 autogen(docs): update milestone document 33c5f6bf autogen(docs): update milestone document 71aa2045 autogen(docs): update milestone document abf15a35 autogen(docs): update milestone document 63b269f2 autogen(docs): update milestone document 1bd2b95e autogen(docs): update milestone document 64eb80c2 autogen(docs): update milestone document 0bdca786 autogen(docs): update milestone document b17b5f8b autogen(docs): update milestone document 4e831f2b autogen(docs): update milestone document 0a72f96e autogen(docs): update milestone document 1b8bdc4d autogen(docs): update milestone document eb0399c2 autogen(docs): update milestone document 8660d6d9 autogen(docs): update milestone document dc410bee autogen(docs): update milestone document 8cf1e789 autogen(docs): update milestone document e28f759e autogen(docs): update milestone document 688d04a1 autogen(docs): update milestone document 6d462ca0 autogen(docs): update milestone document 48078e9a autogen(docs): update milestone document 529a2a49 autogen(openapi): Regenerate openapi spec and internal client f6b9f233 autogen(openapi): Regenerate openapi spec and internal client 7de219bd autogen(openapi): Regenerate swagger spec and internal client c4c6ed96 autogen(openapi): Regenerate swagger spec and internal client 7381b8d6 autogen(openapi): Regenerate swagger spec and internal client e8fac42b autogen(openapi): Regenerate swagger spec and internal client 7768464c autogen(openapi): Regenerate swagger spec and internal client 17bbbd28 autogen(openapi): Regenerate swagger spec and internal client e96216ff autogen(openapi): Regenerate swagger spec and internal client 20cf594d autogen(openapi): Regenerate swagger spec and internal client 2e6f87ba autogen(openapi): Regenerate swagger spec and internal client 0c07aca4 autogen(openapi): Regenerate swagger spec and internal client e8064b56 autogen(openapi): Regenerate swagger spec and internal client 76f6002a autogen: add v0.5.5-alpha.1 to version.schema.json 507d13a8 autogen: pin v0.6.0-alpha.1 release commit b51dd98d autogen: pin v0.6.0-alpha.1.pre.0 release commit c89bcb33 autogen: pin v0.6.0-alpha.1.pre.1 release commit fa7fa701 autogen: pin v0.6.0-alpha.1.pre.2 release commit ebc8d8d4 autogen: pin v0.6.0-alpha.1.pre.3 release commit 9b6afb24 chore(identity): remove unused function e43ec543 chore: add sqlite links 2f265236 chore: bump cockroach be72d426 chore: bump cypress and openapi generator 23f347bf chore: bump deps 8ef26f0a chore: bump go deps 4ad89dee chore: bump go.mod 04d89b93 chore: bump gobuffalo a3129ac1 chore: bump ory/x 8858f719 chore: bump ory/x e6f78665 chore: bump ory/x and gjson (#1171) 61834d10 chore: bump ory/x to 0.0.192 15ade1c5 chore: enable goimports linter (#1177) 5b437de2 chore: fix docs build (#1179) aee52d23 chore: fix mermaid (#1197) 3e982211 chore: fix misprint (#1308) 8f01c5c3 chore: fix sdk link (#1190) 0b551e48 chore: format a8964042 chore: regenerate SDK for new login flow 364ee591 chore: regenerate sdk 8afa98a1 chore: remove incorrect dependency (#1271) 4097e277 chore: remove obsolete package 9aaae858 chore: remove stray print e49c7534 chore: remove unused file 734e538f chore: resolve lint issues 19198cf2 chore: resolve linter issues e3cf3da3 chore: typos and Hydra replacements (#1307) 5ac23807 chore: update docusaurus template d79e1adb chore: update docusaurus template 7f97ca80 chore: update docusaurus template ab538938 chore: update docusaurus template c713c17b chore: update docusaurus template 6bc87522 chore: update docusaurus template 39d9b95a chore: update docusaurus template (#1098) 81c452aa chore: update docusaurus template (#1120) d44178d4 chore: update docusaurus template (#1158) 2b620ae7 chore: update docusaurus template (#1176) 11698b51 chore: update docusaurus template (#1259) fdbb3971 chore: update docusaurus template (#1260) 45ce1c6c chore: update docusaurus template (#1309) 8ed70e36 chore: update go modules e8a38ea8 chore: update go-sqlite3 dependency 1d5c5dde chore: update go.mod with local rewrites eb1889f6 chore: update gomodules 694bbbb5 chore: update package lock e2e fec00257 chore: update package.lock 7386ab1e chore: update repository templates 6edcd26d chore: update repository templates 948e6e27 chore: update repository templates 35cac8b8 chore: update repository templates 91686e6a chore: update repository templates (#1061) 222f0ca5 chore: update repository templates (#1076) 510ac232 chore: update repository templates (#1118) ca8a7c38 chore: update repository templates (#1209) fde9dd38 chore: upgrades discordgo dependency for discord api 8 support (#1010) 2d70d67e ci: add codeql (#928) c9d0c89c ci: add cypress recordings b4a1c235 ci: add killall 4ef8ccbe ci: bump orbs d07994ea ci: bump orbs 26b92f82 ci: bump orbs and fix sdk 49910f38 ci: bump orbs and update config 481d523a ci: disable sdk/generate 3835377a ci: execute the new step feb1f4f8 ci: fix config issues 373a23f6 ci: fix nancy check by stripping the local rewrite 888651cc ci: ignore test faker in golangci-lint dbda88ff ci: make sure generated FAQ files are commited (#1099) e29cfab4 ci: resolve go 1.16 go.sum woes 21b7b16d ci: resolve go 1.16 issues 4882e55a ci: resolve ignore issue a6cc4294 ci: resolve test issues 65539c99 ci: simplify and speed up CI (#1126) 47146ea8 docs(prometheus): update codedoc 44d0bc96 docs: FAQ improvements (#1135) 11cf6300 docs: FAQ item & minor changes (#1174) e5007078 docs: Fix typo in README (#1122) ea309797 docs: ORY -> Ory 6d969528 docs: add Rust and Dart SDKs 2df6729b docs: add SameSite help 8ce8b785 docs: add docker to docs main ed38c88b docs: add docker to sidebar 32d874a0 docs: add dotnet sdk (#1183) 10697aa4 docs: add faq sidebar (#1105) 4967f11d docs: add log docs to schema config cbb2e27f docs: add more HA docs d16db878 docs: add shell-session language e48a07d0 docs: add ui node docs fc712f45 docs: adding double colons (#1187) 29ae53a9 docs: bcrypt is default and add 72 char warning 2e2880ac docs: better import identities examples (#997) ae399561 docs: change forum to discussions readme (#1220) fe725ad1 docs: describe more about Kratos login/browser flow on quickstart doc (#1047) 4d9b6a3f docs: docker file links (#1182) ec869930 docs: document hash timing attack mitigation 7e1546be docs: explain how to use after_verification_return_to 6b9aae8a docs: fix broken link (#1037) 0de328ff docs: fix failing build 687251a2 docs: fix formatting (#966) f476334c docs: fix identity state bullets (#1095) e208ca50 docs: fix known/unknown email account recovery (#1211) 7f6d7f50 docs: fix link e7043e9b docs: fix link (#1128) 4622e322 docs: fix link to blogpost (#949) 2be87784 docs: fix link to self-service flows overview (#995) 745cea02 docs: fix note block in third party login guide (#920) 4ce44681 docs: fix npm links (#991) f2ed4242 docs: fix self-service code flows labels (#1253) 002448dc docs: fix typo in config schema (#896) 9ab7c3df docs: link to argon2 blogpost and add cross-references (#1038) cc6e9ffb docs: make explicit the ID of the default schema (#1173) 34db06fd docs: minor cosmetics (#1050) f0672b5c docs: minor improvements (#1052) cdbbf4df docs: reformat settings code samples 2b0342ad docs: remove unnecessary and wrong docker pull commands (#1203) a3d8284a docs: resolve duplication error 9b5754f3 docs: update build from source 1778cb9a docs: update email template docs b5fd9a3a docs: update identity-data-model links 4624f03a docs: update identity.ID field documentation e86178f4 docs: update kratos video link (#1073) 695a30f6 docs: update login code samples ce6c7558 docs: update login code samples c3fcaba6 docs: update quickstart samples d9fbb62f docs: update recovery code samples 317810ff docs: update registration code samples 6415011a docs: update self-service code samples bbd6266c docs: update settings code samples 4285dec5 docs: update verification code samples acab3e8b docs: use correct extension for identity-data-model cbb2c0be feat(courier): allow sending individual messages 1f20a5ce feat(oidc): support google hd claim (#1097) a61f8814 feat(schema): add totp errors 9c6b68c4 feat: add FAQ to docs (#1096) 75a4f1a5 feat: add Prometheus monitoring to Public APIs (#1022) 4230d9e0 feat: add email template specification in doc (#898) 6bae66cd feat: add error for when no login strategy was found 905bb032 feat: add facebook provider to oidc providers and documentation (#1035) 49deb2e1 feat: add gh login to claims 7468c835 feat: add login strategy text message e99803b6 feat: add more tests for multi domain args cb9894fe feat: add random delay to login flow (#1088) bb99912d feat: add return_url to verification flow (#1149) e947edf4 feat: add sql migrations for new login flow 3c4cc1ce feat: add sql tracing 007dde44 feat: add tracing to config schema 2c41b81b feat: add transporter with host modification 5d72d10f feat: add workaround template for go openapi 7c660533 feat: adds slack sogial login (#974) 77ce3162 feat: allow session cookie name configuration 5904fe31 feat: allow specifying sender name in smtp.from_address (#1100) b2612eef feat: bcrypt algorithm support (#1169) c6ef7ad1 feat: check migrations in health check 9d8563ee feat: configure domain alias as query param d3d5327a feat: contextualize configuration 8145a1c9 feat: contextualize health checks 3b3ef8f0 feat: contextualize http client in cli calls 64403736 feat: contextualize persitence testers 500b8bac feat: courier foreground worker with "kratos courier watch" (#1062) bbf44d88 feat: do not enforce bcrypt 12 for dev envs cd56b73d feat: email input validation (#1287) 4391fe57 feat: export and add config options f50969ec feat: expose courier worker 504d5181 feat: expose crdb ui 71082624 feat: global docs sidebar (#1258) 1516a546 feat: implement and test domain aliasing 4ead2c82 feat: improve oas spec and fix mobile tests 797b49d0 feat: improve sorting of ui fields 348a493c feat: include schema fed790b0 feat: make cli commands consumable in Ory Cloud (#926) 595224b1 feat: migrate to openapi v3 7749c7a7 feat: populate email templates at delivery time, add plaintext defaults (#1155) cbec27c9 feat: sort and label nodes with easy to use defaults 815a2489 feat: support base64 inline schemas 957ef38b feat: support contextual csrf cookies 0681c123 feat: support domain aliasing in session cookie a99cdcdd feat: support label in oidc config f0c21d7e feat: support retryable CRDB transactions ad010de2 feat: unix sockets support (#1255) 3e181fe3 feat: web hooks support (recovery) (#1289) e8ed61fc fix(cmd): make HTTP calls resilient 04abe774 fix(hashing): make bcrypt default hashing algorithm 6d725b14 fix: add include stub go files 8c6ec274 fix: add index to migration status e5f6b36c fix: add node_modules to format tasks 73c15d23 fix: add titles to identity schema 5c45bd9f fix: adopt to new go-swagger changes 4bb4f679 fix: allow absolute file URLs as config values (#1069) 7591f07f fix: allow hashtag in ui urls (#1040) d1723687 fix: avoid unicode-escaping ampersand in recovery URL query string (#1212) 23fc13ba fix: bcrypt regression in credentials counting 999828ae fix: broken make quickstart-dev task (#980) 5b01c7a3 fix: broken make sdk task (#977) e1f3f783 fix: call contextualized test helpers 31e9632b fix: code integer parsing bit size (#1178) f8640c04 fix: contextualize identity persister d64b5757 fix: convert all identifiers to lower case on login (#815) ebe4e643 fix: courier adress (#1198) 5396a82c fix: courier message dequeue race condition (#1024) a2d6eeb2 fix: define credentials types as sql template and resolve crdb issue efedc920 fix: dereference pointer types from new flow structures (#1019) bbfcbf9c fix: do not include smtp in tracing (#1268) 3726ed4d fix: do not publish version at public endpoint 554bb0b4 fix: do not reset registration method 1fcc8557 fix: do not return system errors for missing identifiers 13841487 fix: export mailhog dockertest runner bd9d28fe fix: fix random delay norm distribution math (#1131) 68a09e7f fix: fork audit logger from root logger 0bb3eb6d fix: gitlab oidc flow (#1159) 2f62041a fix: give specific message instead of only 404 when method is disabled (#1025) ada6997f fix: ignore unset domain aliases 43e96788 fix: improve cli error output 43517737 fix: improve error stack trace 456fd254 fix: improve error tracing (#1005) 2f92a706 fix: improve test contextualization 98962892 fix: initialize randomdelay with seeded source 92b79b86 fix: insert credentials type constants as part of migrations (#865) be02a70c fix: linking a connection may result in system error (#990) 62d8b852 fix: marking whoami auhorization parameter as 'in header' (#1244) 029781f6 fix: move schema loaders to correct file 2588fb48 fix: move to new transaction-safe migrations (#1063) 08794461 fix: pass down context to registry 1d5854d6 fix: re-enable SDK generation db35d8ff fix: record cypress runs 3457e1a4 fix: rehydrate settings form on successful submission b8eb9085 fix: remove absolete 'make pack' from Dockerfile (#1172) 85eea674 fix: remove continuity cookies on errors 1764e3a0 fix: remove include stubs 230fd138 fix: remove obsolete clihelpers 84a9315a fix: remove record from bash script 1fe137e0 fix: remove stray non-ctx configs (#1053) 59581e3f fix: remove trailing double-dot from error 1445d1d1 fix: remove unused sql migration 30a8cee2 fix: remove unused var 98cfec6d fix: remove verify hook 3803c8ce fix: replace jwt module (#1254) fb582aa0 fix: resolve build and release issues 599e9f77 fix: resolve clidoc issues 63063c15 fix: resolve compile issues 5a4f0d92 fix: resolve contextualized table issues 9f6edfd1 fix: resolve crdb migration issue 032322c6 fix: resolve double hook invokation for registration f88b6abe fix: resolve incorrect field types on oidc sign up completion 75a995b3 fix: resolve lint issues 03488250 fix: resolve lint issues c8396f60 fix: resolve linting issues and disable nancy b968bc4e fix: resolve mail queue issues 9862ac72 fix: resolve merge regressions f28087aa fix: resolve oidc e2e regressions f5091fac fix: resolve oidc regressions and e2e tests 3159c0ab fix: resolve potential fsnotify leaks 8bae3565 fix: resolve regressions and test failures 9e34bf2f fix: resolve regressions in cookies and payloads 4b611f34 fix: resolve settings sudo regressions e3fb0281 fix: resolve test regressions 8e744b93 fix: resolve ui issues with nested form objects d0d661aa fix: resolve update regression 27b977eb fix: return delay instead of sleeping to improve tests c18b97f3 fix: revert generator changes 0d804471 fix: run correct error handler for registration hooks 33d29bf7 fix: simplify data breaches password error reason (#1136) d420fe6e fix: support form and json formats in decoder eb0b69d5 fix: update openapi definitions for signup c19b2f4c fix: update quickstart node image 4c2a1b7f fix: update to new goreleaser config 6ec987ae fix: update to new healthx 1c0e52ec fix: use equalfold d75a378e fix: use new TB interface 468a12e5 fix: use numerical User ID instead of name to avoid k8s security warnings (#1151) 1e56457d fix: use remote dependencies 6e15f6f8 refactor: adapt new sdk in testhelpers 407fd958 refactor: add nid everywhere 7ebc3a9a refactor: contextualize everything fc42ece2 refactor: do not use prefixed node names 31511872 refactor: improve Argon2 tooling (#961) 09f8ae57 refactor: move faker to exportable module 7eca67eb refactor: move migratest helpers to ory/x cd0e0ebb refactor: move password config to selfservice 43c4a13c refactor: move to go 1.16 embed e27fae4b refactor: remove password node attribute prefix a3ff6f7e refactor: remove profile node attribute prefix 4a2f4197 refactor: rename config structs and interfaces 5da155a0 refactor: rename form to container f74a5c25 refactor: replace flow's forms with new ui node module 647eb1e6 refactor: replace flow's forms with new ui node module d4ca364f refactor: replace login flow methods with ui container cac04562 refactor: replace recovery flow methods with ui container 3f6388d0 refactor: replace registration flow methods with ui container 0efd17e7 refactor: replace settings flow methods with ui container dbf26687 refactor: replace verification flow methods with ui container 5eb1bc0b refactor: replace viper with koanf config management 62683106 refactor: update RegisterFakes calls 26829d21 refactor: use underscore in webhook auth types 193d2668 styles: format ada5dbb5 styles: format e4b7e79f styles: format 17a0bf58 styles: format ba1eeef4 styles: format 1ebfbdea styles: format f525fc53 test(e2e): significantly reduce wait and idle times f95a1176 test: add case to ensure correct behavior when verifying a different email address (#999) f80691b9 test: add oasis test case b3dc925a test: bump poll interval b7f8d042 test: bump video quality b2e43f8b test: bump wait times cf494149 test: clean up hydra env before restart 4bec9ef5 test: longer wait times 2e3764ba test: reliable migration tests on crdb 16dca3f7 test: remove old noop test c1b5ba42 test: resolve compile issues cb670a85 test: resolve flaky tests a1b9b9a9 test: resolve json parser test regression 388b5b27 test: resolve login integration regressions 2051a716 test: resolve migration regression ff791c41 test: resolve more json parser test regressions c5a23af8 test: resolve more regressions 40a849ca test: resolve order regression f0c9e5ff test: resolve regression e2b0ad3c test: resolve regression 4b9da3c9 test: resolve regressions 82650cf1 test: resolve stub regressions de0b65d9 test: resolve test migrations ccf9fedd test: resolve test regression issues a16737cc test: speed up tests d1ddfa80 test: update schema tests for webhooks 55fb37f6 test: update test description cabe97d0 test: use bcrypt cost 4 to reduce CI times d90cf132 test: use fast bcrypt for e2e c30eb26f tests: initial documentation tests via Text-Runner (#567)