Table of Contents generated with DocToc
- Change Log
- v0.11.4 (2018-01-23)
- v0.11.3 (2018-01-23)
- v0.11.2 (2018-01-22)
- v0.11.1 (2018-01-18)
- v0.11.0 (2018-01-08)
- v0.10.10 (2017-12-16)
- v0.10.9 (2017-12-13)
- v0.10.8 (2017-12-12)
- v0.10.7 (2017-12-09)
- v0.10.6 (2017-12-09)
- v0.10.5 (2017-12-09)
- v0.10.4 (2017-12-09)
- v0.10.3 (2017-12-08)
- v0.10.2 (2017-12-08)
- v0.10.1 (2017-12-08)
- v0.10.0 (2017-12-08)
- v0.10.0-alpha.21 (2017-11-27)
- v0.10.0-alpha.20 (2017-11-26)
- v0.10.0-alpha.19 (2017-11-26)
- v0.10.0-alpha.18 (2017-11-06)
- v0.10.0-alpha.17 (2017-11-06)
- v0.10.0-alpha.16 (2017-11-06)
- v0.10.0-alpha.15 (2017-11-06)
- v0.10.0-alpha.14 (2017-11-06)
- v0.10.0-alpha.13 (2017-11-06)
- v0.10.0-alpha.11 (2017-11-06)
- v0.10.0-alpha.12 (2017-11-06)
- v0.10.0-alpha.10 (2017-10-26)
- v0.10.0-alpha.9 (2017-10-25)
- v0.9.16 (2017-10-23)
- v0.10.0-alpha.8 (2017-10-18)
- v0.9.15 (2017-10-11)
- v0.9.14 (2017-10-06)
- v0.10.0-alpha.7 (2017-10-06)
- v0.10.0-alpha.6 (2017-10-05)
- v0.10.0-alpha.5 (2017-10-05)
- v0.10.0-alpha.4 (2017-10-05)
- v0.10.0-alpha.3 (2017-10-05)
- v0.10.0-alpha.2 (2017-10-05)
- v0.10.0-alpha.1 (2017-10-05)
- v0.9.13 (2017-09-26)
- v0.9.12 (2017-07-06)
- v0.9.11 (2017-06-30)
- v0.9.10 (2017-06-29)
- v0.9.9 (2017-06-17)
- v0.9.8 (2017-06-17)
- v0.9.7 (2017-06-16)
- v0.9.6 (2017-06-15)
- v0.9.5 (2017-06-15)
- v0.9.4 (2017-06-14)
- v0.9.3 (2017-06-14)
- v0.9.2 (2017-06-13)
- v0.9.1 (2017-06-12)
- v0.9.0 (2017-06-07)
- v0.8.7 (2017-06-05)
- v0.8.6 (2017-06-05)
- v0.8.5 (2017-06-01)
- v0.8.4 (2017-05-24)
- v0.8.3 (2017-05-23)
- v0.8.2 (2017-05-10)
- v0.8.1 (2017-05-08)
- v0.8.0 (2017-05-07)
- v0.7.13 (2017-05-03)
- v0.7.12 (2017-04-30)
- v0.7.11 (2017-04-28)
- v0.7.10 (2017-04-14)
- v0.7.9 (2017-04-02)
- v0.7.8 (2017-03-24)
- v0.7.7 (2017-02-11)
- v0.7.4 (2017-02-11)
- v0.7.5 (2017-02-11)
- v0.7.6 (2017-02-11)
- v0.7.3 (2017-01-22)
- v0.7.2 (2017-01-02)
- v0.7.1 (2016-12-30)
- v0.7.0 (2016-12-30)
- v0.6.10 (2016-12-26)
- v0.6.9 (2016-12-20)
- v0.6.8 (2016-12-06)
- v0.6.7 (2016-12-04)
- v0.6.6 (2016-12-04)
- v0.6.5 (2016-11-28)
- v0.6.4 (2016-11-22)
- v0.6.3 (2016-11-17)
- v0.6.2 (2016-11-05)
- v0.6.1 (2016-10-26)
- v0.6.0 (2016-10-25)
- v0.5.8 (2016-10-06)
- v0.5.7 (2016-10-04)
- v0.5.6 (2016-10-03)
- v0.5.5 (2016-09-29)
- v0.5.4 (2016-09-29)
- v0.5.3 (2016-09-29)
- v0.5.2 (2016-09-23)
- v0.5.0 (2016-09-22)
- v0.5.1 (2016-09-22)
- v0.4.2-alpha.4 (2016-09-03)
- v0.4.2 (2016-09-03)
- v0.4.3 (2016-09-03)
- v0.4.2-alpha.3 (2016-09-02)
- v0.4.2-alpha.2 (2016-09-01)
- v0.4.2-alpha.1 (2016-09-01)
- 0.4.2-alpha (2016-09-01)
- v0.4.1 (2016-08-18)
- v0.4.0 (2016-08-17)
- v0.3.1 (2016-08-17)
- v0.3.0 (2016-08-09)
- v0.2.0 (2016-08-09)
- 0.1-beta.4 (2016-06-26)
- 0.1-beta.3 (2016-06-20)
- 0.1-beta.2 (2016-06-14)
- 0.1-beta1 (2016-05-29)
v0.11.4 (2018-01-23)
v0.11.3 (2018-01-23)
Implemented enhancements:
Closed issues:
- possible consent session id attack? #753
v0.11.2 (2018-01-22)
Fixed bugs:
Merged pull requests:
v0.11.1 (2018-01-18)
Implemented enhancements:
- groups: Add ability to list all groups, not just by member #729
Fixed bugs:
Closed issues:
- Timezone Issue with new consent flow in 0.10? #735
- policies: change effect type from string to boolean #666
- cmd:
hydra connect --urlshould work with and without trailing slash #650
Merged pull requests:
v0.11.0 (2018-01-08)
Implemented enhancements:
- group: List groups without owner #732
- Add an alias for offline scope called offline_access #722
- oauth2: Print debug message to logs and evaluate transmitting it to clients too #715
- groups: Add ability to list all groups, not just by member #734 (arekkas)
- sdk: Adds php registry dummy #733 (arekkas)
- oauth2: Prints debug message to logs and evaluate transmitting it to clients too #727 (arekkas)
- vendor: Adds offline_access scope alias #724 (arekkas)
Fixed bugs:
- health: Should not require x-forwarded-proto #726
- health: Stop requiring x-forwarded-proto #731 (arekkas)
Closed issues:
- variable part in the subject and resource in ladon policy to be filled by request #730
- Trailing slash redirect strips directories from path #723
- Resolve broken docker-compose tutorial guide #717
- Document external dependencies #716
Merged pull requests:
v0.10.10 (2017-12-16)
Implemented enhancements:
- Make scopes in
hydra token clientcommand configurable #711 - cmd: Makes scopes in token command configurable #712 (arekkas)
- cmd: Adds a dedicated command for importing policies #709 (arekkas)
Fixed bugs:
- Misleading error message when using the SDK #686
- sdk/go: Resolves incorrect error message #713 (arekkas)
Closed issues:
- Docker readme, in case it is lost #719
- Keep track of version and build hash #706
- Scope is documented as hydra.groups but should by hydra.warden.groups #702
- Rename
hydra policies create -ftohydra policies import#701
Merged pull requests:
- docs: Resolves issue with broken 5-minute tutorial #721 (arekkas)
- Improves userinfo endpoint #714 (arekkas)
- groups: Corrects group scope documentation #710 (arekkas)
v0.10.9 (2017-12-13)
Implemented enhancements:
- Reintroduce alpine based image with shell #703
Merged pull requests:
v0.10.8 (2017-12-12)
Implemented enhancements:
- oauth2: Add token_endpoint_auth_methods_supported to openid-configuration #695
Closed issues:
- docs: Add introspect bc to upgrade #698
Merged pull requests:
v0.10.7 (2017-12-09)
v0.10.6 (2017-12-09)
Closed issues:
- oauth2: Write test for userinfo endpoint without token and test for 401 #691
Merged pull requests:
v0.10.5 (2017-12-09)
Closed issues:
- oauth2: Support userinfo endpoint #652
v0.10.4 (2017-12-09)
Merged pull requests:
v0.10.3 (2017-12-08)
v0.10.2 (2017-12-08)
v0.10.1 (2017-12-08)
Implemented enhancements:
- Open source policy naming guidelines #680
Closed issues:
- docs: docker --link should be replaced by networks #555
v0.10.0 (2017-12-08)
Implemented enhancements:
- docs: Improve release and breaking changes management #675
- oauth2: Make sub explicit in the database #658
- oauth2: Add access control to token introspection endpoint #655
- all: make policy resource and action names configurable #640
- Subject field #674 (arekkas)
- Add changelog #673 (arekkas)
Fixed bugs:
- oauth2: Token revokation should check client id before revoking tokens #676
- cli/policies: removing a policy subject adds the subject Instead #662
- jwk: Rename ES521 key generation algorithm to ES512 #651
- oauth2: Fixes clients being able to revoke any token #677 (arekkas)
Closed issues:
- Json logging #670
- swagger: scope pattern requires a space #661
- docs: Add list of undisclosed adopters with requests ranges to readme #659
Merged pull requests:
- Update release notes and prepare 0.10.0 #685 (arekkas)
- docs: Adds multi-tenant best practices #684 (arekkas)
- ci: Resolves code climate issues #683 (arekkas)
- pkg: Adds test for LogError #682 (arekkas)
- docs: Adds ACP best practices #681 (arekkas)
- oauth2: Requires firewall check for introspecting access tokens #678 (arekkas)
- Makes policy resource names prefixes configurable #672 (arekkas)
- docs: Adds consent state machine #671 (arekkas)
- docs: Make space optional in scope regex (#661) #668 (pnicolcev-tulipretail)
- Various minor fixes #667 (arekkas)
- telemetry: Update telemetry identification #654 (arekkas)
v0.10.0-alpha.21 (2017-11-27)
Closed issues:
- Add support for CORS #506
Merged pull requests:
- cli: Fix hydra cli adding policy subjects on subject remove #665 (jamesnicolas)
v0.10.0-alpha.20 (2017-11-26)
Merged pull requests:
v0.10.0-alpha.19 (2017-11-26)
Closed issues:
- Working with flask-oidc #660
- Multi stage build process removes the ability to shell into hydra container #657
- Support ES256 JWK Algo #627
- oauth2/introspect: skip omitempty in active flag #607
- oauth2: provide CWT token generation #577
Merged pull requests:
- vendor: Upgraded ladon and dockertest versions #663 (arekkas)
- pkg: Make low entropy RSA key generation explicit in function name #656 (arekkas)
- docs: Update hydra versions #649 (arekkas)
v0.10.0-alpha.18 (2017-11-06)
v0.10.0-alpha.17 (2017-11-06)
v0.10.0-alpha.16 (2017-11-06)
Merged pull requests:
v0.10.0-alpha.15 (2017-11-06)
Merged pull requests:
v0.10.0-alpha.14 (2017-11-06)
Fixed bugs:
- sql/postgres: wherever limit/offset is used, include ORDER BY clause #619
- oauth2: fix racy memory consent manager with RW mutex #600
Merged pull requests:
v0.10.0-alpha.13 (2017-11-06)
Implemented enhancements:
- Would it make sense to build hydra statically #374
Merged pull requests:
v0.10.0-alpha.11 (2017-11-06)
v0.10.0-alpha.12 (2017-11-06)
Closed issues:
Merged pull requests:
- Add license header to all source files #644 (arekkas)
- cmd: require url-encoding of root client id and secret #641 (arekkas)
- fix health link in docs #637 (DallanQ)
v0.10.0-alpha.10 (2017-10-26)
Implemented enhancements:
Closed issues:
- jwk: add es256 generator to jwk handler in master #634
- groups: add ability to list all groups to master branch #633
- travis: run genswag and gensdk before npm publish #610
v0.10.0-alpha.9 (2017-10-25)
Closed issues:
- docs: followed the installation guide and was unable to get a successful consent #623
- tests: run manager tests in parallel #617
Merged pull requests:
- Changes from zvelo #636 (arekkas)
- Dep, JWK and groups #635 (arekkas)
- tests: run database tests in parallel #632 (arekkas)
- Use recommendations made from cryptopasta repository #630 (arekkas)
- Support ES256 JWK Algo #628 (joshuarubin)
v0.9.16 (2017-10-23)
Closed issues:
- docs: adding policy to consent app doesn't work as resource using <.*> #621
- documentation vague regarding returned client_secret #620
Merged pull requests:
- updated links to apiary as the old ones didn't work #626 (abusaidm)
- docs: updated hydra version in the tutorial to v0.10.0-alpha.8 and consent app to v0.10.0-alpha.9 #625 (abusaidm)
- docs: fixed spelling and wording #624 (abusaidm)
- docs: fix bash command and version used in tutorial #622 (abusaidm)
- add ability to list all groups #612 (joshuarubin)
v0.10.0-alpha.8 (2017-10-18)
Closed issues:
- docs: SDK for Go is actually for Node, fix this typo #615
- server.injectConsentManager doesn't use ConsentRequestSQLManager even if *config.SQLConnection exists #613
Merged pull requests:
- cmd/server: SQLConnection should load SQLRequestManager #618 (arekkas)
- Clean up helpers and increase test coverage #611 (arekkas)
- sdk: format js sdk and remove mock tests #609 (arekkas)
v0.9.15 (2017-10-11)
Merged pull requests:
- Support dep #606 (joshuarubin)
v0.9.14 (2017-10-06)
v0.10.0-alpha.7 (2017-10-06)
v0.10.0-alpha.6 (2017-10-05)
v0.10.0-alpha.5 (2017-10-05)
v0.10.0-alpha.4 (2017-10-05)
Merged pull requests:
- travis: move deploy scripts to its own file #604 (arekkas)
- tests: skip cpu intense jwk generation in short mode #603 (arekkas)
v0.10.0-alpha.3 (2017-10-05)
v0.10.0-alpha.2 (2017-10-05)
Implemented enhancements:
- all: refactor http client endpoint logic #584
- oauth2: refresh openid connect id token via refresh_token grant #556
- oauth2: change scope semantics to wildcard #550
- warden: need endpoint that just introspects tokens #539
- sdk: client libraries for all languages #249
- oauth2: allow issuing of JWT access tokens #248
- core: enable usage statistics reporting #230
- core: introduce a way to test for bc breaks in datastore #193
Merged pull requests:
- travis: resolve deployment issues #602 (arekkas)
- warden: remove deprecated http manager #601 (arekkas)
- docs: fix sdk links #599 (arekkas)
- travis: re-add goveralls #598 (arekkas)
v0.10.0-alpha.1 (2017-10-05)
Implemented enhancements:
- oauth2: write test for handling consent deny #597
- group: add warden tests #591
- health: remove TLS restriction on health endpoint when termination is set #586
Fixed bugs:
- cmd:
policies deletesaysConnection \<id\> deletedinstead ofPolicy \<id\> deleted#583
Closed issues:
Merged pull requests:
- travis: fix binary building #596 (arekkas)
- cmd/cli: typo Connection -> Policy #592 (ljagiello)
- sdk: switch to swagger codegen sdk #585 (arekkas)
- 0.10.0 #557 (arekkas)
v0.9.13 (2017-09-26)
Implemented enhancements:
- RFC: Refactor consent flow #578
- oauth2: remove scope parameter from introspection request #551
- "Subject claim can not be empty" error when trying to retrieve ID Token #460
Fixed bugs:
- cmd:
token userno longer uses cluster url #581 - warden: do not use refresh tokens as proof of authorization #549
- Fix import path for logrus #477
Closed issues:
- Support for RFC 7636 #576
authorizationheader in/oauth2/tokenendpoint is case sensitive #575- DATABASE_URL=memory go run main.go host Error #571
- error on mismatch uris #569
- Relation "hydra_jwk" does not exist #568
- Freemium Crap #567
- Warden API docs do not talk about access_token #564
- When the client is run through a container, it should pick up configuration from environment #563
- Docker hub documentation showing up as HTML #562
- Allow people to configure the Hydra service using a config file. #561
- Error on go get the project #560
- Open a Patreon account #558
- GET /client/:id broken on master #538
Merged pull requests:
- health: disable TLS restriction for health check #587 (arekkas)
- cmd:
token usershould use clusterurl instead of empty string #582 (arekkas) - vendor: update various dependencies #579 (arekkas)
- Update to ladon 0.8.2 #570 (olivierdeckers)
- install.md: port typo #566 (rnback)
- oauth2: give meaningful hint when subject claim is empty #554 (arekkas)
v0.9.12 (2017-07-06)
Implemented enhancements:
- oauth2: use wildcards for scope strategy #552
Merged pull requests:
- warden: refresh tokens are no longer proof of authZ #553 (arekkas)
- README.md: hydra container doesn't include bash #548 (srenatus)
- docs: fix typo in tutorial #547 (arekkas)
- cmd/token/user: fix auth and token-url mixup #546 (arekkas)
- docs: update docs #545 (arekkas)
v0.9.11 (2017-06-30)
Merged pull requests:
v0.9.10 (2017-06-29)
Implemented enhancements:
- cmd/host: move status info from health endpoint to another one and protect it #532
Fixed bugs:
- Decode Basic Auth Credentials #536
Closed issues:
- Cannot try tutorial install, not existing dependencies #541
- [docker-compose] ERROR: for postgresd expected string or buffer #540
Merged pull requests:
- vendor: update fosite to remove forced nonce #542 (arekkas)
- oauth2: form-urldecode authorization basic header #537 (arekkas)
- [DOC] Update "Build from source" section to actual state #534 (dolbik)
- cmd/host: move status info to dedicated endpoint #533 (arekkas)
v0.9.9 (2017-06-17)
Fixed bugs:
- cmd/policy/create: not exiting on error #527
Merged pull requests:
- cmd: add test for get handler #531 (arekkas)
- cmd/policy/create: exit on error - closes #527 #530 (arekkas)
v0.9.8 (2017-06-17)
Fixed bugs:
- Updating policies may cause loss of policy data #503
Closed issues:
- oauth2: investigate panic #512
Merged pull requests:
- oauth2: resolve panic with nested at_ext and id_ext #529 (arekkas)
- vendor: update to ladon 0.8.0 - closes #503 #528 (arekkas)
v0.9.7 (2017-06-16)
Closed issues:
- Fatal error when running docker container #525
Merged pull requests:
v0.9.6 (2017-06-15)
Merged pull requests:
v0.9.5 (2017-06-15)
Merged pull requests:
v0.9.4 (2017-06-14)
Merged pull requests:
- cmd: resolve issuer test issue #522 (arekkas)
- all: improve test exports #521 (arekkas)
- docs: start writing faq from gitter #504 (arekkas)
v0.9.3 (2017-06-14)
Closed issues:
- Generating Client ID/Secret in >= 0.8.0 #517
- Could not gracefully run server #513
- authorize_code without password #511
Merged pull requests:
- metrics: resolve potential data race #520 (arekkas)
- Fix warden docs #519 (arekkas)
- all: export test helpers #518 (arekkas)
- oauth2: add tests for refresh token grant #515 (arekkas)
- oauth2: use issuer-prefixed auth URL in challenge redirect #509 (wyattanderson)
- cmd: resolve failing test #501 (arekkas)
v0.9.2 (2017-06-13)
Merged pull requests:
v0.9.1 (2017-06-12)
Merged pull requests:
- client: export tests #510 (arekkas)
- metrics: improve metrics #508 (arekkas)
- cmd: add auto migration image #502 (arekkas)
v0.9.0 (2017-06-07)
Implemented enhancements:
- cmd/cli: add flag for X-Forwarded-Proto for faking https termination #349
- metrics: add metrics and telemetry package #500 (arekkas)
Fixed bugs:
- warden/group: investigate missing transaction rollback in group manager #462
- policies: validate conditions and return error instead of silently dropping them #350
Closed issues:
- Headers should be case-insensitive #496
- docs: add FAQ on missing migrate in docker image #484
- docs: include oauth2 example #358
- warden: allow scopes in policies #330
Merged pull requests:
- sdk: add simple example of hydra sdk #499 (arekkas)
- docs: add FAQ on missing migrate in docker image #498 (arekkas)
- vendor: upgrade to ladon 0.7.4 - closes #350 #497 (arekkas)
- docs: add scopes to oauth2 #495 (arekkas)
- warden/group: add rollback to transactions #494 (arekkas)
v0.8.7 (2017-06-05)
Implemented enhancements:
- oauth2: add possibility for denying consent requests #400
- oauth2: allow redirection to client if consent was denied #371
Fixed bugs:
- Introspection endpoint responds with 401 on invalid payload token #457
Closed issues:
- Allow configuration of
DB\_HOST,DB\_PASS,DB\_USER,DB\_NAMEseparately. #480
Merged pull requests:
- all: implement --fake-tls-termination flag #493 (arekkas)
- oauth2/introspect>: resolve 401 on invalid token #492 (arekkas)
- client/manager_sql: return an empty slice if string is empty #491 (faxal)
v0.8.6 (2017-06-05)
Implemented enhancements:
- Assign clients different consent urls #378
Fixed bugs:
- Creating policies via the CLI does not populate the 'description' field #472
- Missing "iss" field from /oauth2/introspect response #399
- client: getting a non-existing client raises 500 instead of 404 #348
Closed issues:
- Libraries version problem, build break. #481
- oauth2: update to latest fosite which removed implicit storage #468
- Unable to set Public flag to false #463
- oauth2: allow client specific token TTLs #428
- docs: hint at health check #355
- Hydra URLs mounted to a subpath #352
- oidc: hydra as federated user auth for AWS Console/API #315
- jwk: when retrieving a key, stray request missing a subject 403 #271
Merged pull requests:
- oauth2/introspect: send issuer in introspection #490 (arekkas)
- oauth2: allow redirection to client if consent was denied #489 (arekkas)
- docs: add health check to swagger and resolve swagger issues #488 (arekkas)
- jwk/handler: nest ac check and resolve stray log message #487 (arekkas)
- pkg/errors: make ErrNotFound return a status code #486 (arekkas)
- cmd/policies: description is a string field, not slice #485 (arekkas)
- Vendor update #483 (arekkas)
- vendor: update to latest versions #482 (arekkas)
- client/manager: remove merging of stored and updated client #478 (faxal)
- Fix Swagger for Warden Groups #476 (grillz)
v0.8.5 (2017-06-01)
Fixed bugs:
- max_conns and max_conn_lifetime breaks db.Ping #464
- cmd/server: resolve gorilla session mem leak - closes #461 #475 (arekkas)
Closed issues:
Merged pull requests:
- fix spelling of challenge #471 (sstarcher)
- oauth2: remove unused implicit grant storage #469 (arekkas)
v0.8.4 (2017-05-24)
Closed issues:
- Kubernetes Helm chart #430
Merged pull requests:
- config: connect to cleaned DSN #470 (arekkas)
- docs: hint to kubernetes helm chart - see #430 #467 (arekkas)
- Improve documentation #466 (arekkas)
v0.8.3 (2017-05-23)
Implemented enhancements:
- http: harden http server for public net #334
Fixed bugs:
Closed issues:
- Listing policies not working with database #458
- go install github.com/ory/hydra Fails to compile #456
- Challenge claims redirect http instead of https #455
- core/store: document aes gcm nonce limitation #76
Merged pull requests:
v0.8.2 (2017-05-10)
Implemented enhancements:
- Missing
kidparameter in ID token header #433 - no /.well-known/openid-configuration endpoint implementation #379
Merged pull requests:
- Add Key Id to Header #454 (grillz)
- cmd: improve error message for when database tables are missing #453 (arekkas)
- Wellknown #427 (grillz)
v0.8.1 (2017-05-08)
Implemented enhancements:
- cmd: database migrations should not be run automatically but have a cmd instead #444
- all: move herodot to ory/herodot #436
Fixed bugs:
- cmd: token client fails in ci sometimes #443
Closed issues:
- all: deprecating rethinkdb and redis support #425
- oauth2: consent anti-csrf token should be forcefully removed #367
v0.8.0 (2017-05-07)
Closed issues:
- Refresh token doesn't work #449
Merged pull requests:
- ✏️ minor grammar typo #452 (therebelrobot)
- Add example about securing the consent app #450 (matteosuppo)
- Allow setting SkipTLSVerify Option value #448 (faxal)
- 0.8.0: Towards production friendliness #445 (arekkas)
v0.7.13 (2017-05-03)
Implemented enhancements:
- ui: implement a basic management interface with react for oauth2 client, jwk, social connections and others #215
Fixed bugs:
- herodot: resolve issue with infinite loop caused by certain error chain #441
- "Could not fetch signing key for OpenID Connect" #439
- vendor: upgrade fosite to resolve regression issue #446 (arekkas)
Closed issues:
- Peculiar EOF instead of response from the introspect endpoint. #368
Merged pull requests:
v0.7.12 (2017-04-30)
Fixed bugs:
Closed issues:
- Freeze dependencies #437
v0.7.11 (2017-04-28)
Closed issues:
- Mismatch between library versions #434
- Data Passthrough to IDP #431
- Api protection #429
- Gitter.im or irc channel #426
- Outdated fosite #424
- oauth2: resource owner password credentials proposal #214
Merged pull requests:
v0.7.10 (2017-04-14)
Closed issues:
- Build instructions from Readme fail #420
- API error (500) during tests #419
- Uname in session #418
- Resource owner password credentials grant #417
- ory vs ory-am #414
- Cockroachdb support #413
- Small doc error #411
- Rest API documentation not working #410
Merged pull requests:
- Remove uname references from docs #423 (matteosuppo)
- vendor: update common and ladon dependencies #422 (arekkas)
- docs: resolve broken build instructions in readme - closes #420 #421 (arekkas)
- Dropping brackets in Create Client example #415 (grillz)
- Update bash command in tutorial #412 (grillz)
- Update README.md #409 (joelpickup)
- docs: changes apiary url to current version #407 (arekkas)
v0.7.9 (2017-04-02)
Closed issues:
Merged pull requests:
- Updated ladon version in glide.lock #404 (ericalandouglas)
- oauth2: fix typo #403 (maximesong)
v0.7.8 (2017-03-24)
Implemented enhancements:
- sdk: add consent helper #397
- Transition Dockerfile to Alpine Linux #393
- redirect_uri domains are case-sensitive #380
- Per-client consent URLs #351
- sdk: add consent helper - closes #397 #398 (arekkas)
- docs: add example policy for consent app signing #389 (arekkas)
Fixed bugs:
- cli handler_groups type error? #383
Closed issues:
- oauth2: token introspection fails on HTTP without dangerous-force-http #395
- Create User based on access token provided by Social Provider #394
- investigate why import from json fails #390
- gitter link doesn't work #386
- Possible security bug in warden/group package #382
- relation "hydra_client" does not exist (postgres) #381
- Native login support #375
- Request denied by default #373
Merged pull requests:
- docker: reduce docker image size #396 (arekkas)
- Added information about auth code exchange to oauth2 docs #392 (therebelrobot)
- Small typo. #391 (darron)
- all: resolve ci issues and improve readme #384 (arekkas)
v0.7.7 (2017-02-11)
v0.7.4 (2017-02-11)
v0.7.5 (2017-02-11)
v0.7.6 (2017-02-11)
Implemented enhancements:
- sql: limit maximum open connections, document timeout options through DSN #359
Fixed bugs:
- oauth2: invalid consent response causes panic #369
- oauth2: resolve issue with cookie store #376 (arekkas)
Closed issues:
- Can hydra be easily integrated (embedded) into any golang http application? #372
Merged pull requests:
- oauth2: invalid consent response causes panic - closes #369 #370 (arekkas)
- Resolve issues with SQL maximum open connections #360 (arekkas)
v0.7.3 (2017-01-22)
Fixed bugs:
Closed issues:
- Have Hydra store usernames linked to tokens #364
- policy: investigate potential sql connection leak #363
- crypto/bcrypt: hashedPassword is not the hash of the given password #346
Merged pull requests:
v0.7.2 (2017-01-02)
Fixed bugs:
- Problems with the authorization code flow #342
- sql: deleting policies does not delete associated records with mysql driver #326
- vendor: update to fosite 0.6.11 - closes #338 #343 (arekkas)
Closed issues:
Merged pull requests:
v0.7.1 (2016-12-30)
v0.7.0 (2016-12-30)
Implemented enhancements:
- Implement RemoveSubjectFromPolicy and RemoveResourceFromPolicy #336
- policy: provide rest endpoint for policy updates #305
- 0.7.0: SQL Migrate, Groups, Hardening #329 (arekkas)
Fixed bugs:
Closed issues:
- Replace # with ? in authentication response #337
v0.6.10 (2016-12-26)
Implemented enhancements:
- oauth2/consent: force jti echo in consent response #322
- include a migration routine for databases #194
- warden: add group management and group based policy checks #68
- Improve http-based warden/introspection error responses #335 (arekkas)
v0.6.9 (2016-12-20)
Implemented enhancements:
Fixed bugs:
Closed issues:
- openid: support response_type=code id_token #332
- Apparent failure on load with ECDSA key #328
- Why hydra github homepage crash when I visit ( while scrolling down) #323
- JsonWebTokenError: jwt must be provided #321
- write tests for cmd helpers #186
Merged pull requests:
- cmd: replace newline in HTTP_TLS #331 (ewilde)
- Log fixes #324 (johnwu96822)
v0.6.8 (2016-12-06)
Implemented enhancements:
v0.6.7 (2016-12-04)
Merged pull requests:
v0.6.6 (2016-12-04)
Implemented enhancements:
- core: Redis backend #306
Closed issues:
- oauth2: aud parameter does not allow arrays #314
Merged pull requests:
- add missing work in docs/oauth2.md #317 (bbigras)
- docker: --name should be before the image's name #316 (bbigras)
v0.6.5 (2016-11-28)
Implemented enhancements:
v0.6.4 (2016-11-22)
Implemented enhancements:
Fixed bugs:
- oauth2/revocation: token revocation fails silently with sql store #311
- oauth2/revocation: token revocation fails silently with sql store #312 (arekkas)
Closed issues:
- docs: clean up TokenValid leftovers #310
v0.6.3 (2016-11-17)
Implemented enhancements:
- Rejection reason code to /warden/token/allowed #308
Fixed bugs:
v0.6.2 (2016-11-05)
Implemented enhancements:
- github: comply with Go license terms #300
Merged pull requests:
- Fix client SQL manager missing client_name #303 (johnwu96822)
v0.6.1 (2016-10-26)
Fixed bugs:
- MySQL DB not creating on start – JSON column types only supported from MySQL 5.7 and onwards #299
- 0.6.1 #301 (arekkas)
Merged pull requests:
- Fix some minor typos and the broken tutorial links #298 (justinclift)
v0.6.0 (2016-10-25)
Implemented enhancements:
- Make it possible for travis-ci to build forked repos #295
- core: add sql support #292
- travis: execute gox build only when new commit is a new tag #285
- cmd: prettify the
hydra token useroutput #281 - warden: make it clear that ladon.Request.Subject is not required or break bc and remove it #270
- connections: remove connections API #265
- consider signing up for Core Infrastructure Initiative badge #246
- oauth2: token revocation endpoint #233
- oauth2/rethinkdb: clear expired access tokens from memory #228
- 0.6.0 #293 (arekkas)
Fixed bugs:
- all: coverage report is missing covered lines of nested packages #296
- oauth2/introspect: make endpoint rfc7662 compatible #289
- rethink: figure out how to deal with unreliable changefeed #269
- oauth2: requests waste a lot of time in fosite storer
requestFromRDB\(\)routine #260 - 0.6.0 #293 (arekkas)
Closed issues:
- docs: fix typo in consent.md #294
- docs/apiary: add at_ext note to warden endpoints #287
- core/storage: with rethinkdb being closed, what is our path forward? #286
- docs: warden resource names are wrong on apiary #268
- Request for Comment: Fair Source License / Business Source License #227
- core: (health) monitoring endpoint #216
- add much simpler identity provider and oauth2 consumer example #172
- 2fa: add two factor authentication helper API #69
Merged pull requests:
- cmd: fix typo in host command help text #291 (faxal)
- travis: Only gox build on tags and go1.7 #288 (emilva)
- docs: improve introduction #267 (arekkas)
v0.5.8 (2016-10-06)
Fixed bugs:
- oauth2: refresh token does not migrate session object to new token #283
- oauth2: refresh token does not migrate session object to new token #284 (arekkas)
v0.5.7 (2016-10-04)
Implemented enhancements:
- jwk: add use parameter to generated JWKs #279
- jwk: add use parameter to generated JWKs - closes #279 #280 (arekkas)
v0.5.6 (2016-10-03)
Implemented enhancements:
- oauth2: scopes should be separated by %20 and not +, to ensure javascript compatibility #278 (arekkas)
Fixed bugs:
Closed issues:
- Scopes should be separated by %20 and not +, to ensure javascript compatibility #277
Merged pull requests:
- cmd: fix #272 typos in the host command controls #276 (cixtor)
- Fix #274 - replace HYDRA_PROFILING with PROFILING #275 (otremblay)
v0.5.5 (2016-09-29)
v0.5.4 (2016-09-29)
v0.5.3 (2016-09-29)
Implemented enhancements:
Fixed bugs:
- investigate if and why slow rethinkdb connection causes client root to be recreated #191
Closed issues:
- Consider extract Go SDK package into separate repository #266
- Showcase: How and where are you using Hydra? #115
v0.5.2 (2016-09-23)
v0.5.0 (2016-09-22)
v0.5.1 (2016-09-22)
Implemented enhancements:
- oauth2: include original request query parameters in the consent challenge #256
- Need a better health check for a load balancer #251
- client: add ability to update client #250
- oauth2: allow access token validation for public clients #245
- all: improve error messages regarding token validation #244
- all: resolve naming inconsistencies in jwk set names used in hydra #239
- sdk: resolve naming inconsistencies #226
- oidc: support kid hint in header #222
- 0.5.0-errors #263 (arekkas)
- 0.5.0 #243 (arekkas)
Fixed bugs:
- When invalid/expired token is used for /warden/allowed endpoint, status 500 is returned #262
- docs: fix images in readme #261
- Bad HTML encoding of the scope parameter #259
- docs: images are broken #258
- oauth2: id token hashes are not base64 url encoded #255
- oauth2: state parameter is missing when response_type=id_token #254
- jwk: anonymous request can't read public keys #253
- travis: ld flags are wrong #242
- cmd: hydra token user should show id token in browser #224
- oidc: hybrid flow using
token+code+id\_tokenreturns multiple tokens of the same type #223 - hydra clients import doesn't print client's secret #221
- 0.5.0-errors #263 (arekkas)
- 0.5.0 #243 (arekkas)
Closed issues:
Merged pull requests:
v0.4.2-alpha.4 (2016-09-03)
v0.4.2 (2016-09-03)
v0.4.3 (2016-09-03)
v0.4.2-alpha.3 (2016-09-02)
v0.4.2-alpha.2 (2016-09-01)
v0.4.2-alpha.1 (2016-09-01)
0.4.2-alpha (2016-09-01)
Implemented enhancements:
- Add version option to Hydra's CLI #218
- autobuild #240 (arekkas)
- Update jwt-go and resolve warden regression issue #232 (arekkas)
Fixed bugs:
- warden: firewal.Audience overridden with requesting clients subject #236 (faxal)
- Update jwt-go and resolve warden regression issue #232 (arekkas)
Closed issues:
- how to use hydra without "--dangerous-auto-logon"? #241
- warden: firewal.Audience overridden with requesting clients subject #237
- Vendor: Upgrade to jwt-go 3.0.0 #229
- docs: warden sdk example is misleading #225
- Typo in the apiary documentation #220
- Importing clients with the CLI doesn't work #219
- doc: add "what is hydra not?" section to readme #217
- figure out a process to autobuild releases #210
Merged pull requests:
- fix broken link for tutorial in README.md #213 (allan-simon)
v0.4.1 (2016-08-18)
Fixed bugs:
v0.4.0 (2016-08-17)
Implemented enhancements:
Fixed bugs:
Closed issues:
- docs/guide: warden docs are outdated #206
- fix sdk examples in readme #196
- add tests for clients import #163
- remove go get -t ./... from travis #71
v0.3.1 (2016-08-17)
Implemented enhancements:
- oauth2: introspection should return custom session values #205
- warden: move IntrospectToken from warden sdk to oauth2 #201
- warden: rename InspectToken to IntrospectToken #200
Fixed bugs:
- AccessTokens get overridden during startup of hydra #207
- warden: IntrospectToken always throws an error on Hydra logs #199
- resolve issue with at extra data #198
- Fix 207 #208 (arekkas)
v0.3.0 (2016-08-09)
Implemented enhancements:
Fixed bugs:
v0.2.0 (2016-08-09)
Implemented enhancements:
- warden sdk should not make distinction between token and request #190
- core scope should not be mandatory #189
- id token claims should be set by consent challenge
id\_tokenclaim #188 - provide default consent endpoint in hydra #185
- make bcrypt cost configurable #184
- make lifespans configurable #183
- improve env to config #182
- add memory profiling and cpu profiling #179
- add basic http request logging #178
- support edge tls termination #177
- Make client HTTPManager not compatible with fosite.Storage #173
- clean up stale branches #171
- improve hydra connect dialogue #170
- investigate if token creation can be speeded up #168
- consent: allow proxying of id token claims #167
- warden: rename authorized / allowed endpoints to something more meaningful #162
- warden: rename
assertiontotoken#158 - Implement strict mode for warden #156
- Implement token introspection endpoint #155
- Don't log database credentials #147
- OpenID Connect Session Management #143
- [Feature request] Import clients on startup #140
- Warden for anonymous users #139
- oauth2/consent: id token expiry should be configurable #127
- warden: endpoint should only require valid client, not policy based access control #121
- Improve error message of wrong system secret #104
- warden: rename authorized / allowed endpoints to something more meaningful #187 (arekkas)
- 0.2.0 #165 (arekkas)
- all: add test cases for methods returning slices or maps of entities #152 (arekkas)
- Resolve rethinkdb connection when idle #148 (arekkas)
- all: resolve issues with the sdk and cli #142 (arekkas)
- cli: add token validation #134 (arekkas)
- Add wrapper library for HTTP Managers #130 (faxal)
Fixed bugs:
- investigate runtime panic on warden allowed #181
- oauth2 implicit flow should allow custom protocols #180
- support edge tls termination #177
- Token generation should be always consistent, not eventually consistent #176
- consent: allow proxying of id token claims #167
- config: do not store database config in hydra config #164
- OAuth2 token endpoint does not allow GET method but reads query parameters #160
- OAuth2 token endpoint should be able to handle simple form encoded requests #159
- --dry option does not work correctly #157
- client.GetClients() returns invalid information #150
- RethinkDB connection dies after a certain amount of inactive time #146
- Fails to startup when a SSO connection is added. #141
- id_token: at_hash / c_hash is null #129
- oauth2: some scopes are included twice #126
- warden: iat / exp values are not being set #125
- investigate missing scopes issue #124
- rethinkdb: resolve an issue where missing refresh tokens cause duplicate key error #122
- 0.2.0 #165 (arekkas)
- ensure client endpoint is initialised for CLI "clients import" command #149 (boyvinall)
- Resolve rethinkdb connection when idle #148 (arekkas)
- all: resolve issues with the sdk and cli #142 (arekkas)
- Resolve warden issues #128 (arekkas)
- Various bugfixes #123 (arekkas)
Closed issues:
- Error trying to create a token via curl #174
- gorethink: could not decode type []uint8 into Go value of type string #169
- document warden interface sdk #166
- Document what OpenID Connect is and how to use it #154
- Warden endpoints #137
- Environment variables naming scheme #136
- Implicit Flow redirect_uri does not match #133
- hydra 2FA on cloud providers #132
- Document HTTP client libraries for go #101
- Document error redirect to identity provider #96
- use dropbox example to explain oauth2 #95
Merged pull requests:
- client: fix client.GetClients() for multiple clients #151 (boyvinall)
- readme: Fix table of contents links #145 (smithrobs)
- doc: Minor grammar/spelling fixes for README #144 (smithrobs)
- Add some precisions to installation #131 (yageek)
0.1-beta.4 (2016-06-26)
Implemented enhancements:
- Connect to rethinkdb over SSL with self-signed certificate #114
Fixed bugs:
- clients endpoint returns client secret base64 encoded #119
- firewall 403s on warden endpoints #118
- Client secrets should not be hashed when POSTing #113
- Resolve issues with warden and client api #120 (arekkas)
- client: return client secret on POST and remove it from GET #117 (arekkas)
Merged pull requests:
- Connect to rethinkdb with a custom certificate #116 (matteosuppo)
- dist: fix typos in exemplary policies #112 (arekkas)
0.1-beta.3 (2016-06-20)
Implemented enhancements:
Fixed bugs:
- Warden handlers are not mounted #109
Closed issues:
- Installation fails #108
- Exchange token from browser client #107
- Temporary Client not working #106
- Could not fetch initial state with docker-compose #103
Merged pull requests:
- all: update jwt-go to versioned package and update dependencies #111 (arekkas)
- Mount warden handler #110 (faxal)
0.1-beta.2 (2016-06-14)
Implemented enhancements:
- CLI should have
-dryoption to show what the HTTP request looks like #99 - Add offline scope for refresh tokens #97
- extend jwk cert store #92
- Creating clients with predefined credentials #91
- Passing key and certificate to hydra #88
- AES-GCM key should be sha256(secret)[:32] #86
- Update GoRethink imports #78
- link exemplary policies in the docs #75
- support SAML in addition to OAuth2 #29
- 0.1-beta2 #90 (arekkas)
- vendor: switch to versioned gorethink api #81 (arekkas)
Fixed bugs:
- fix issue where tls certificate is regenerated on boot #93
- typo: singing instead of signing #89
- 404 in the gitbook #85
- Update GoRethink imports #78
- client: resolved that secrets can not be set when using http or cli #102 (arekkas)
Closed issues:
Merged pull requests:
- Fix typo of weather #100 (smurfpandey)
- readme: add security section #87 (arekkas)
- Fix idiom in README #79 (neuhaus)
0.1-beta1 (2016-05-29)
Implemented enhancements:
- client rest endpoint: rename
nametoclient\_name#72 - allow using not self-signed TLS certificates #70
- Implement OpenID Connect Dynamic Client Registration 1.0 #65
- Implement default identity provider using postgres #63
- Implement generic connectors #61
- Replace osin with ory-am/fosite #46
- Remove dockertest dependency from handlers #43
- adding RethinkDB as a Store #39
- Add more IdPs #33
- Make JWT as access tokens optional and replace with a custom strategy #32
- support for ldap for user storage #28
- Migrate from mux to httprouter #14
- Decompositioning, implement Fosite #62 (arekkas)
Fixed bugs:
- spec: /jwk/:set/:kid must return array #74
- client rest endpoint: rename
nametoclient\\_name#72 - Too many open files probably caused by http client #47
Closed issues:
- Add Dockerfile for autobuild #60
- CLI refactor and initial account set up #59
- ory-am ssl cert invalid #58
- Granted Endpoint Proposal: Performant access decisions for resource providers using REST #48
- Security "audit" pre-analysis (based on rfc6749) #41
- wrong repo #40
- Rename providers to connectors #38
- Are there standards for connecting to third party providers #37
- Add support for scopes #36
- Readme: Accounts CLI Usage #31
- Continue using JWT as access tokens? #22
- remove refresh token claims #21
- godeps should only be commited on release #19
- refactor POST workflow #13
- JWT assertions #5
- Check JWT Algorithm #3
Merged pull requests:
- Remove go get of govet in .travis.yml #67 (sbani)
- Hydra is now using Go 1.6 vendoring and is deployable to heroku #56 (arekkas)
- Heroku #55 (arekkas)
- Update README.md #54 (leetal)
- RethinkDB #53 (leetal)
- handler.go:300: no formatting directive in Sprintf call #52 (QuentinPerez)
- providers: added microsoft and improved existing providers #51 (arekkas)
- oauth: added google provider #50 (arekkas)
- handle multiple return values from gopass #49 (timothyknight)
- doc: create MAINTAINERS #45 (arekkas)
- docs: create CONTRIBUTING.md #44 (arekkas)
- update accounts CLI Usage #34 (akhedrane)
- Add a Gitter chat badge to README.md #30 (gitter-badger)
- Extra arguments #27 (QuentinPerez)
- all: oauth and guard endpoints now accept basic auth instead of token… #26 (arekkas)
- account: refactor, more endpoints and tests #25 (arekkas)
- all: username instead of email, token revocation, introspect spec ali… #24 (arekkas)
- Tutorial #23 (arekkas)
- Unstaged #20 (arekkas)
- client: now tries to refresh when token is invalid #18 (arekkas)
- client: added possibility to skip CA check #17 (arekkas)
- cli: fixed default TLS and JWT filepaths #16 (arekkas)
- Policy changes and more tests #15 (arekkas)
- unstaged #12 (arekkas)
- Ladon api update & policy http endpoint #11 (arekkas)
- Improved CLI
client createand provider workflow. #10 (arekkas) - cli #9 (arekkas)
- all: increased test coverage #8 (arekkas)
- Handlers and cleanup #7 (arekkas)
- Single Sign On #6 (arekkas)
- tests: increased coverage #4 (arekkas)
- Implemented jwt, middleware, test coverage and handlers. #2 (arekkas)
- Refactor #1 (arekkas)
* This Change Log was automatically generated by github_changelog_generator