v2.2.0-rc.3

hydra

Internet-scale OpenID Certified™ OpenID Connect and OAuth2.1 provider that integrates with your user management through headless APIs. Solve OIDC/OAuth2 user cases over night. Consume as a service on Ory Network or self-host. Trusted by OpenAI and many others for scale and security. Written in Go.

ory/hydra·

17k1.6kGoApache-2.0

·Website

authorizationclouddockerfederationhacktoberfesthydra+14

Last updated about 1 month ago

Introduces logout compatibility with Ory Kratos.

Bug Fixes

Add exceptions for internal IP addresses (#3608) (1f1121c)
Add kid to verifiable credential header (#3606) (9f1c8d1)
Deflake ttl test (6741a49)
Docker build (#3609) (01ff9da)
Enable CORS with hot-reloaded origins (#3601) (6f592fc)
Only query access tokens by hashed signature (a21e945)
Racy random string generation (#3555) (1b26c4c)
Reject invalid JWKS in client configuration / dependency cleanup and bump (#3603) (1d73d83)
Restore ability to override auth and token urls for exemplary app (#3590) (dfb129a)
Return proper error when the grant request cannot be parsed (#3558) (26f2d34)
Use correct tracer in middleware (#3567) (807cbd2)

Code Generation

Pin v2.2.0-rc.3 release commit (ad8a4ba)

Features

Add hydra migrate status subcommand (#3579) (749eb8d)
Add more resolution to events and collect client metrics (#3568) (466e66b)
Add state override (b8b9154)
Add support for OIDC VC (#3575) (219a7c0):

This adds initial support for issuing verifiable credentials as specified in https://openid.net/specs/openid-connect-userinfo-vc-1_0.html.

Because the spec is still in draft, public identifiers are suffixed with draft_00.
Allow additional SQL migrations (#3587) (8900cbb)
Allow Go migrations (#3602) (8eed306)
Allow to disable claim mirroring (#3563) (c72a316):

This PR introduces another config option called oauth2:mirror_top_level_claims which may be used to disable the mirroring of custom claims into the ext claim of the jwt. This new config option is an opt-in. If unused the behavior remains as-is to ensure backwards compatibility.

Example:
```
oauth2:
  allowed_top_level_claims:
    - test_claim
  mirror_top_level_claims: false # -> this will prevent test_claim to be mirrored within ext
```
Closes https://github.com/ory/hydra/issues/3348
Bump fosite and add some more tracing (0b56f53)
cmd: Add route that redirects to the auth code url (4db6416)
Parallel generation of JSON web key set (#3561) (5bd9002)
Propagate logout to identity provider (#3596) (c004fee):
- feat: propagate logout to identity provider
This commit improves the integration between Hydra and Kratos when logging out the user.

This adds a new configuration key for configuring a Kratos admin URL. Additionally, Kratos can send a session ID when accepting a login request. If a session ID was specified and a Kratos admin URL was configured, Hydra will disable the corresponding Kratos session through the admin API if a frontchannel or backchannel logout was triggered.
- fix: add special case for MySQL
- chore: update sdk
- chore: consistent naming
- fix: cleanup persister
Support different jwt scope claim strategies (#3531) (45da11e)

Changelog

2c452efd autogen(docs): regenerate and update changelog
551c359d autogen(docs): regenerate and update changelog
93ebaee6 autogen(docs): regenerate and update changelog
7cfba846 autogen(docs): regenerate and update changelog
cb647702 autogen(docs): regenerate and update changelog
938d4bba autogen(docs): regenerate and update changelog
0072ddf7 autogen(docs): regenerate and update changelog
c30de7f8 autogen(docs): regenerate and update changelog
6c298b2f autogen(docs): regenerate and update changelog
a547a749 autogen(docs): regenerate and update changelog
5704640c autogen(docs): regenerate and update changelog
e586cc2c autogen(docs): regenerate and update changelog
2bdad2c2 autogen(docs): regenerate and update changelog
dc878b82 autogen(docs): regenerate and update changelog
425c977a autogen(docs): regenerate and update changelog
339bf40e autogen(docs): regenerate and update changelog
ea40d443 autogen(docs): regenerate and update changelog
71d18536 autogen(docs): regenerate and update changelog
be85c29a autogen(docs): regenerate and update changelog
598c21d7 autogen(docs): regenerate and update changelog
42a9615a autogen(docs): regenerate and update changelog
330530d7 autogen(openapi): regenerate swagger spec and internal client
254a21b2 autogen(openapi): regenerate swagger spec and internal client
ad8a4bab autogen: pin v2.2.0-rc.3 release commit
6631c213 autogen: render config schema
59ec76ba chore(deps): bump semver from 5.7.0 to 5.7.2 (#3569)
9fd59e2b chore(deps): bump semver from 5.7.0 to 5.7.2 in /test/e2e/oauth2-client (#3570)
3c5c1265 chore(deps): bump tough-cookie, @cypress/request and wait-on (#3592)
48d5df43 chore: add hperl as codeowner (#3607)
efd9ca7d chore: bump deps (#3560)
d5099cbb chore: remove fosite branch override (#3599)
39145855 chore: replace fosite rewrite (#3564)
8ed2a2d3 chore: support in README (#3565)
1a1f5044 chore: update repository templates to https://github.com/ory/meta/commit/ac80097fa427e7ae39820c59cac62dc6e11b9aff
eb89af7c chore: update repository templates to https://github.com/ory/meta/commit/af28aff50b62a9eeb69de4842e0e164f82c9e066
4db64161 feat(cmd): add route that redirects to the auth code url
749eb8db feat: add hydra migrate status subcommand (#3579)
466e66bd feat: add more resolution to events and collect client metrics (#3568)
b8b91540 feat: add state override
219a7c06 feat: add support for OIDC VC (#3575)
8eed3068 feat: allow Go migrations (#3602)
8900cbb7 feat: allow additional SQL migrations (#3587)
c72a3164 feat: allow to disable claim mirroring (#3563)
0b56f53a feat: bump fosite and add some more tracing
5bd9002d feat: parallel generation of JSON web key set (#3561)
c004fee6 feat: propagate logout to identity provider (#3596)
45da11e4 feat: support different jwt scope claim strategies (#3531)
1f1121ca fix: add exceptions for internal IP addresses (#3608)
9f1c8d19 fix: add kid to verifiable credential header (#3606)
6741a49f fix: deflake ttl test
01ff9da8 fix: docker build (#3609)
6f592fc8 fix: enable CORS with hot-reloaded origins (#3601)
a21e9451 fix: only query access tokens by hashed signature
1b26c4cb fix: racy random string generation (#3555)
1d73d83e fix: reject invalid JWKS in client configuration / dependency cleanup and bump (#3603)
dfb129a5 fix: restore ability to override auth and token urls for exemplary app (#3590)
26f2d344 fix: return proper error when the grant request cannot be parsed (#3558)
807cbd20 fix: use correct tracer in middleware (#3567)

Artifacts can be verified with cosign using this public key.

Changelog

2c452efd autogen(docs): regenerate and update changelog

551c359d autogen(docs): regenerate and update changelog

93ebaee6 autogen(docs): regenerate and update changelog

7cfba846 autogen(docs): regenerate and update changelog

cb647702 autogen(docs): regenerate and update changelog

938d4bba autogen(docs): regenerate and update changelog

0072ddf7 autogen(docs): regenerate and update changelog

c30de7f8 autogen(docs): regenerate and update changelog

6c298b2f autogen(docs): regenerate and update changelog

a547a749 autogen(docs): regenerate and update changelog

5704640c autogen(docs): regenerate and update changelog

e586cc2c autogen(docs): regenerate and update changelog

2bdad2c2 autogen(docs): regenerate and update changelog

dc878b82 autogen(docs): regenerate and update changelog

425c977a autogen(docs): regenerate and update changelog

339bf40e autogen(docs): regenerate and update changelog

ea40d443 autogen(docs): regenerate and update changelog

71d18536 autogen(docs): regenerate and update changelog

be85c29a autogen(docs): regenerate and update changelog

598c21d7 autogen(docs): regenerate and update changelog

42a9615a autogen(docs): regenerate and update changelog

330530d7 autogen(openapi): regenerate swagger spec and internal client

254a21b2 autogen(openapi): regenerate swagger spec and internal client

ad8a4bab autogen: pin v2.2.0-rc.3 release commit

6631c213 autogen: render config schema

59ec76ba chore(deps): bump semver from 5.7.0 to 5.7.2 (#3569)

9fd59e2b chore(deps): bump semver from 5.7.0 to 5.7.2 in /test/e2e/oauth2-client (#3570)

3c5c1265 chore(deps): bump tough-cookie, @cypress/request and wait-on (#3592)

48d5df43 chore: add hperl as codeowner (#3607)

efd9ca7d chore: bump deps (#3560)

d5099cbb chore: remove fosite branch override (#3599)

39145855 chore: replace fosite rewrite (#3564)

8ed2a2d3 chore: support in README (#3565)

1a1f5044 chore: update repository templates to https://github.com/ory/meta/commit/ac80097fa427e7ae39820c59cac62dc6e11b9aff

eb89af7c chore: update repository templates to https://github.com/ory/meta/commit/af28aff50b62a9eeb69de4842e0e164f82c9e066

4db64161 feat(cmd): add route that redirects to the auth code url

749eb8db feat: add hydra migrate status subcommand (#3579)

466e66bd feat: add more resolution to events and collect client metrics (#3568)

b8b91540 feat: add state override

219a7c06 feat: add support for OIDC VC (#3575)

8eed3068 feat: allow Go migrations (#3602)

8900cbb7 feat: allow additional SQL migrations (#3587)

c72a3164 feat: allow to disable claim mirroring (#3563)

0b56f53a feat: bump fosite and add some more tracing

5bd9002d feat: parallel generation of JSON web key set (#3561)

c004fee6 feat: propagate logout to identity provider (#3596)

45da11e4 feat: support different jwt scope claim strategies (#3531)

1f1121ca fix: add exceptions for internal IP addresses (#3608)

9f1c8d19 fix: add kid to verifiable credential header (#3606)

6741a49f fix: deflake ttl test

01ff9da8 fix: docker build (#3609)

6f592fc8 fix: enable CORS with hot-reloaded origins (#3601)

a21e9451 fix: only query access tokens by hashed signature

1b26c4cb fix: racy random string generation (#3555)

1d73d83e fix: reject invalid JWKS in client configuration / dependency cleanup and bump (#3603)

dfb129a5 fix: restore ability to override auth and token urls for exemplary app (#3590)

26f2d344 fix: return proper error when the grant request cannot be parsed (#3558)

807cbd20 fix: use correct tracer in middleware (#3567)

Artifacts can be verified with cosign using this public key.

hydra

Bug Fixes

Code Generation

Features

Changelog

More Go Projects

ollama

kubernetes

frp

v2.2.0-rc.3

Bug Fixes

Code Generation

Features

Changelog

More Go Projects

ollama

kubernetes

frp

gin