This pull request adds configuration option `hsm.key_set_prefix` to support multiple Ory Hydra instances to store keys on the same HSM partition. For example if `hsm.key_set_prefix=app1.` then key set `hydra.openid.id-token` would be generated/requested/deleted on HSM with `CKA_LABEL=app1.hydra.openid.id-token`
This will not affect Hydra API in any way. `GET /keys/hydra.openid.id-token` will return key set from HSM with label `app1.hydra.openid.id-token`.
This change introduces support for Hardware Security Modules, a physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, strong authentication, and other cryptographic functions.
If enabled, the Hardware Security Module is used to look up any keys. If no key is found, the software module is used as a fallback for lookup. This allows you to use the HSM for privileged keys, and the software module to manage lifecycle keys (e.g. for Token Exchange).
For more information, please [read the guide](https://www.ory.sh/hydra/docs/next/guides/hsm-support).
Thank you to [aarmam](https://github.com/aarmam) for this great contribution!
Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com>
This change adds support for JSON Web Token (JWT) Profile for OAuth 2.0 Authorization Grants (RFC7523).
Users of Ory Hydra will be able to grant permission for OAuth 2.0 Client to act on behalf of some Resource Owner using JWT Bearer Assertions.
For more information about this feature, please head over to the documentation: https://www.ory.sh/hydra/docs/next/guides/oauth2-grant-type-jwt-bearerCloses#2229
BREAKING CHANGES: Please notice that this change requires SQL migrations to be applied! As always, please make a backup before applying them!
Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com>
Co-authored-by: Jagoba Gascón <jagoba@arima.eu>
Co-authored-by: Gajewski Dmitriy <dmit8815@gmail.com>
This patch resolves various table growth issues caused by expired/inactive login and consent flows never being purged from the database.
You may now use the new `hydra janitor` command to remove access & refresh tokens and login & consent requests which are no longer valid or used. The command follows the `notAfter` safe-guard approach to ensure records needed to be kept are not deleted.
To learn more, please use `hydra help janitor`.
This patch phases out the `/oauth2/flush` endpoint as the janitor is better suited for background tasks, is easier to run in a targeted fashion (e.g. as a singleton job), and does not cause HTTP timeouts.
Closes#1574
This patch replaces the existing SQL and memory managers with a pop based persister. Existing SQL migrations are compatible as they have been migrated to the new SQL abstraction in version 1.7.x. As a goodie, ORY Hydra now supports SQLite for both in-memory as well as on-disk (useful for development and very small deployments) databases!
Closes#1730
Co-authored-by: aeneasr <aeneas@ory.sh>
Co-authored-by: hackerman <3372410+aeneasr@users.noreply.github.com>
This patch deprecates the previous migration system (sql-migrate) in favor of gobuffalo/fizz. No functional changes have been made.
BREAKING CHANGES: Please run `hydra migrate sql` before applying this release.
Closes#1649
Currently, Hydra stores claims from consent application as a raw JSON string in the database. If a threat agent gains access to the database, he/she will be able to get access to those strings. This patch introduces a new feature which encrypts the raw JSON string in the same way we encrypt JSON Web Keys using AES-GCM.
This patch is backwards compatible and will encrypt old sessions over time when they are used or updated. This does not affect sessions that have already expired and we recommend purging those sessions from the database if you want sessions to be encrypted.
To disable this feature, set `oauth2.session.encrypt_at_rest` to `false`.
This patch significantly refactors internal configuration and service management with the goal of making configuration changes possible without service restarts. This patch prepares the possibility to configure ORY Hydra from a remote source (etcd, consul) and watch for changes. This patch also introduces the possibility to configure ORY Hydra from a configuration file on top of environment variables.
The following issues have been fixed as well:
- Key rotation of the system secret is now much simpler (closes#1316)
- Database connectivity parameters such as max_conns no longer cause issues with older postgres versions (closes#1327)
- Non-existing routes now return a JSON error instead of `text/plain` when `application/json` was requested (clsoes #1244)
- We now push tags latest, X, X.Y, X.Y.Z to docker hub (closes#1289)
- The quickstart guide no longer builds the source code but instead pulls latest tag (closes#1309)
- We moved to goreleaser and godownloader for release management (closes#1107)
- The quickstart Docker Compose files are now reusable (closes#1196)
The following issues are also resolved:
- Closes#1121
Signed-off-by: aeneasr <aeneas@ory.sh>
Arne Luenser
Kevin Goslar
Mikhail Kopylov
Anirudh Oppiliappan
aeneasr
Bernat Mut González
Grant Zvolsky
Ludovic Cleroux
Mart Aarma
Vladimir Kalugin
Dimitrij Drus
Arthur Knoepflin
Alano Terblanche
Patrik
aeneasr
巢鹏
David