BREAKING CHANGES: We removed compatibility with unsupported database versions (e.g. MySQL 5.6). Ory Hydra v2.x is now compatible with MySQL 8.0.13+, PostgreSQL 11.8+, CockroachDB v22.1.2+.
BREAKING CHANGE: This release updates SDK services from `public` and `admin` to `v2`. Methods exposed at the admin interface are now prefixed with `admin` (e.g. `adminCreateOAuth2Client`). Administrative endpoints now have an `/admin` prefix (e.g. `POST /admin/clients`). Existing administrative endpoints will redirect to this new prefixed path for backwards compatibility.
BREAKING CHANGE: HTTP endpoint `/oauth2/flush`, used to flush inactive access token was deprecated and has been removed. Please use `hydra janitor` instead.
This change introduces a new endpoint that allows you to control how long client tokens last. Now you can configure the lifespan for each valid combination of Client, GrantType, and TokenType.
See #3157
Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com>
Co-authored-by: Andreas Bucksteeg <andreas@bucksteeg.de>
Adds the possibility to specify TLS certificates for admin and public endpoints individually. Also improves compatibility for internal networks (e.g. Kubernetes) by removing the need for having TLS termination on admin endpoints. This can be enabled by setting `serve.admin.tls.enabled` to false.
Closes#1231Closes#1962
BREAKING CHANGES: After battling with [spf13/viper](https://github.com/spf13/viper) for several years we finally found a viable alternative with [knadh/koanf](https://github.com/knadh/koanf). The complete internal configuration infrastructure has changed, with several highlights:
1. Configuration sourcing works from all sources (file, env, cli flags) with validation against the configuration schema, greatly improving developer experience when changing or updating configuration.
2. Configuration reloading has improved significantly and works flawlessly on Kubernetes.
3. Performance increased dramatically, completely removing the need for a cache layer between the configuration system and ORY Hydra.
4. It is now possible to load several config files using the `--config` flag.
5. Configuration values are now sent to the tracer (e.g. Jaeger) if tracing is enabled.
Please be aware that deprecated configuration flags have finally been removed with this change. It is also possible that ORY Hydra might complain about an invalid configuration, because the validation process has improved significantly.
- moved MetricsPrometheusPath constant to metrics/prometheus/metrics.go
- added rule to allow insecure requests for MetricsPrometheusPath endpoint
- arranged tls_termination_test.go test to cover all cases in RejectInsecureRequests function
Closes#2072
BREAKING CHANGES: As part of this patch, a few things have changed in a breaking fashion:
- OAuth2 Redirection URL error parameters `error_hint`, `error_debug` have been deprecated and now part of `error_description`. The parameters are still included for compatibility reasons but will be removed in a future release.
- OAuth2 Error `revocation_client_mismatch` was not standardized and has been removed. Instead, you will now receive `unauthorized_client` with a description explaning why the flow failed.
This allows the reverse proxy to actually read the unix socket, since
- The default permissions are 0755
- Hydra is usually run as a user different than the reverse proxy
- One needs read and write permissions to connect to the socket
With the commit, one can set the group to be a group that contains the
reverse proxy user and permissions to 0770
Patrik
Arne Luenser
hackerman
Misa Munde
Joe Kralicky
mloiseleur
Richard Hillmann
Kevin Goslar
Arne
Grant Zvolsky
Anirudh Oppiliappan
seremenko-wish
Stepan Rakitin
Simon Lipp
Ante Mihalj
Gajewski Dmitriy
Dexter Chua
sawadashota
aeneasr