diff --git a/UPGRADE.md b/UPGRADE.md index c71ccf3fd8f..4c6df753c33 100644 --- a/UPGRADE.md +++ b/UPGRADE.md @@ -105,11 +105,36 @@ before finalizing the upgrade process. ## 1.0.0-rc.1 -### Customise login and consent flow timeout +### Non-breaking Changes + +#### Access Token Audience + +This patch adds the access token audience feature. For more information on this, head over to [the docs](https://www.ory.sh/docs/guides/master/hydra/6-how-to/3-advanced.html). + +#### Refresh Grant + +Previously, the refresh grant did not check whether a client's allowed scope or audience changed. This has now been added. +If an OAuth 2.0 Client performs the refresh flow but the requested token includes a scope which has not been whitelisted +at the client, the flow will fail and no refresh token will be granted. + +#### Customise login and consent flow timeout You can now set the login and consent flow timeout using environment variable `LOGIN_CONSENT_REQUEST_LIFESPAN`. -### JSON Web Token formatted Access Token data +#### Schema Changes + +This patch introduces database schema changes. Before you apply it, you must run `hydra migrate sql` against +your database. + +In order to [resolve table locking](https://github.com/ory/hydra/issues/1067) during the refresh token flow, the following indices were added: +- Unique index on the `request_id` column in the `hydra_oauth2_access` & `hydra_oauth2_refresh` tables + +In order to [resolve table locking](https://github.com/ory/hydra/issues/1067) when flushing expired tokens, the following index was added: +- Index on the `requested_at` column in the `hydra_oauth2_access` table + +### Breaking Changes + +#### JSON Web Token formatted Access Token data Previously, extra fields coming from `session.access_token` where directly embedded in the OAuth 2.0 Access Token when the JSON Web Token strategy was used. However, the token introspection response returned the extra data as a field `ext: {...}`. @@ -119,26 +144,15 @@ Tokens formatted as JSON Web Tokens. This change does not impact the opaque strategy, which is the default one. -### CLI Changes +#### CLI Changes Flags `https-tls-key-path` and `https-tls-cert-path` have been removed from the `hydra serve *` commands. Use environment variables `HTTPS_TLS_CERT_PATH` and `HTTPS_TLS_KEY_PATH` instead. -### API Changes +#### API Changes Endpoint `/health/status`, which redirected to `/health/alive` and was deprecated has been removed. -### Schema Changes - -This patch introduces database schema changes. Before you apply it, you must run `hydra migrate sql` against -your database. - -In order to [resolve table locking](https://github.com/ory/hydra/issues/1067) during the refresh token flow, the following indices were added: -- Unique index on the `request_id` column in the `hydra_oauth2_access` & `hydra_oauth2_refresh` tables - -In order to [resolve table locking](https://github.com/ory/hydra/issues/1067) when flushing expired tokens, the following index was added: -- Index on the `requested_at` column in the `hydra_oauth2_access` table - ## 1.0.0-beta.9 ### CORS is disabled by default diff --git a/go.mod b/go.mod index db3c8498719..a8d04a14209 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/oleiade/reflections v1.0.0 github.com/opentracing/opentracing-go v1.0.2 github.com/ory/dockertest v3.3.2+incompatible - github.com/ory/fosite v0.27.0 + github.com/ory/fosite v0.27.1 github.com/ory/go-convenience v0.1.0 github.com/ory/graceful v0.1.0 github.com/ory/herodot v0.4.1 diff --git a/go.sum b/go.sum index 3286ab02998..cd46ba69c90 100644 --- a/go.sum +++ b/go.sum @@ -144,6 +144,7 @@ github.com/ory/fosite v0.26.2-0.20181031085642-e2441d231a19 h1:8jQrkb3nO4nG5Dzpb github.com/ory/fosite v0.26.2-0.20181031085642-e2441d231a19/go.mod h1:uttCRNB0lM7+BJFX7CC8Bqo9gAPrcpmA9Ezc80Trwuw= github.com/ory/fosite v0.27.0 h1:QYHW+asgRRIw5uk8a42/VpiwMQqQMPwZ4TP4xKNIMEA= github.com/ory/fosite v0.27.0/go.mod h1:uttCRNB0lM7+BJFX7CC8Bqo9gAPrcpmA9Ezc80Trwuw= +github.com/ory/fosite v0.27.1/go.mod h1:uttCRNB0lM7+BJFX7CC8Bqo9gAPrcpmA9Ezc80Trwuw= github.com/ory/go-convenience v0.1.0 h1:zouLKfF2GoSGnJwGq+PE/nJAE6dj2Zj5QlTgmMTsTS8= github.com/ory/go-convenience v0.1.0/go.mod h1:uEY/a60PL5c12nYz4V5cHY03IBmwIAEm8TWB0yn9KNs= github.com/ory/graceful v0.1.0 h1:zilpYtcR5vp4GubV4bN2GFJewHaSkMFnnRiJxyH8FAc=