BREAKING CHANGE: To improve security and scalability (in particular sharding), OAuth 2.0 Client IDs can no longer be chosen but are always assigned a random generated UUID V4. OAuth 2.0 Clients created with custom IDs before the v2.0 release will continue working with their legacy Client ID in Ory Hydra v2.x.
Additionally, the `hydra create client` command no longer supports flag `--id` and flag `--callbacks` has been renamed to `--redirect-uris`.
Closes#2911
- Add a workaround for [mysql slice delete](https://github.com/gobuffalo/pop/issues/699)
- Optimize logout verification (save 1 db rountrip)
- Update a test to use StaticContextualizer & revert CleanAndMigrate workaround
- Ensure a Client generated with faker satisfies the DB schema
- Remove unused argument from HandleConsentRequest
This patch replaces the existing SQL and memory managers with a pop based persister. Existing SQL migrations are compatible as they have been migrated to the new SQL abstraction in version 1.7.x. As a goodie, ORY Hydra now supports SQLite for both in-memory as well as on-disk (useful for development and very small deployments) databases!
Closes#1730
Co-authored-by: aeneasr <aeneas@ory.sh>
Co-authored-by: hackerman <3372410+aeneasr@users.noreply.github.com>
BREAKING CHANGES: As part of this patch, a few things have changed in a breaking fashion:
- OAuth2 Redirection URL error parameters `error_hint`, `error_debug` have been deprecated and now part of `error_description`. The parameters are still included for compatibility reasons but will be removed in a future release.
- OAuth2 Error `revocation_client_mismatch` was not standardized and has been removed. Instead, you will now receive `unauthorized_client` with a description explaning why the flow failed.
Closes#1817
Add new field TokenEndpointAuthSigningAlgorithm for Client struct which by default will be returned as RS256 from the "getter" function GetTokenEndpointAuthSigningAlgorithm unless a defined value is set in client payload when performing a request to the Create OAuth 2.0 client endpoint. This of course implies a migration to be applied to the hydra_cient table to include this new field.
This patch significantly refactors internal configuration and service management with the goal of making configuration changes possible without service restarts. This patch prepares the possibility to configure ORY Hydra from a remote source (etcd, consul) and watch for changes. This patch also introduces the possibility to configure ORY Hydra from a configuration file on top of environment variables.
The following issues have been fixed as well:
- Key rotation of the system secret is now much simpler (closes#1316)
- Database connectivity parameters such as max_conns no longer cause issues with older postgres versions (closes#1327)
- Non-existing routes now return a JSON error instead of `text/plain` when `application/json` was requested (clsoes #1244)
- We now push tags latest, X, X.Y, X.Y.Z to docker hub (closes#1289)
- The quickstart guide no longer builds the source code but instead pulls latest tag (closes#1309)
- We moved to goreleaser and godownloader for release management (closes#1107)
- The quickstart Docker Compose files are now reusable (closes#1196)
The following issues are also resolved:
- Closes#1121
Signed-off-by: aeneasr <aeneas@ory.sh>
Field `allowed_cors_origins` was added to OAuth 2.0 Clients. It enables
CORS for the whitelisted URLS for paths which clients interact with,
such as /oauth2/token.
Closes#975
Signed-off-by: arekkas <aeneas@ory.am>
A bug was introduced in beta.5 which caused the SQL migrations to fail if data existed in the database already. This patch resolves that and adds test cases for the migration steps by adding data after each migration.
Closes#918
Signed-off-by: arekkas <aeneas@ory.am>
Henning Perl
Arne Luenser
Kevin Goslar
aeneasr
Bernat Mut González
Grant Zvolsky
Grant Zvolský
pike1212
Patrik
Daniel Jiménez
aeneasr
DennisPattmann5012
Kevin Minehart
Prateek Malhotra
Amir Aslaminejad
arekkas
Aeneas