Changelog

Table of Contents

Unreleased (2021-05-17)
0.6.0-alpha.2 (2021-05-07)
- Bug Fixes
- Features
0.6.0-alpha.1 (2021-05-05)
0.5.0-alpha.1 (2020-10-15)
0.4.0-alpha.1 (2020-07-08)
0.3.0-alpha.1 (2020-05-15)
0.2.0-alpha.2 (2020-05-04)
0.1.0-alpha.6 (2020-02-16)
0.1.0-alpha.5 (2020-02-06)
- Documentation
- Features
0.1.0-alpha.4 (2020-02-06)
- Documentation
0.1.0-alpha.3 (2020-02-06)
0.1.0-alpha.2 (2020-02-03)
0.1.0-alpha.1 (2020-01-31)

Unreleased (2021-05-17)

No significant changes have been made for this release.

0.6.3-alpha.1 (2021-05-17)

Bug Fixes

Properly handle CSRF for API flows in recovery and verification strategies (461c829), closes #1141
session: Use specific headers before bearer use (82c0b54)
Improve settings oas definition (867abfc)
Use correct api spec path (5f41f87)
Use correct openapi path for validation (#1340) (a0f5673)

Code Refactoring

Improve SDK experience (71b8511):

This patch resolves UX issues in the auto-generated SDKs by using consistent naming and introducing a test suite for the Ory SaaS.

BREAKING CHANGES

Unfortunately, some method signatures have changed in the SDKs. Below is a list of changed entries:

Error genericError was renamed to jsonError and now includes more information and better typing for errors;
The following functions have been renamed:
- initializeSelfServiceLoginViaAPIFlow -> initializeSelfServiceLoginForNativeApps
- initializeSelfServiceLoginViaBrowserFlow -> initializeSelfServiceLoginForBrowsers
- initializeSelfServiceRegistrationViaAPIFlow -> initializeSelfServiceRegistrationForNativeApps
- initializeSelfServiceRegistrationViaBrowserFlow -> initializeSelfServiceRegistrationForBrowsers
- initializeSelfServiceSettingsViaAPIFlow -> initializeSelfServiceSettingsForNativeApps
- initializeSelfServiceSettingsViaBrowserFlow -> initializeSelfServiceSettingsForBrowsers
- initializeSelfServiceRecoveryViaAPIFlow -> initializeSelfServiceRecoveryForNativeApps
- initializeSelfServiceRecoveryViaBrowserFlow -> initializeSelfServiceRecoveryForBrowsers
- initializeSelfServiceVerificationViaAPIFlow -> initializeSelfServiceVerificationForNativeApps
- initializeSelfServiceVerificationViaBrowserFlow -> initializeSelfServiceVerificationForBrowsers
Some type names have changed, for example traits -> identityTraits.

0.6.2-alpha.1 (2021-05-14)

Documentation

Update link to example email template. (#1326) (28a1723)

0.6.1-alpha.1 (2021-05-11)

Features

Allow changing password validation API DNS name (#1009) (ced85e8)

0.6.0-alpha.2 (2021-05-07)

Bug Fixes

Update node image (eef307e)

Features

Fix unexpected emails when update profile (#1300) (7b24485), closes #1221

0.6.0-alpha.1 (2021-05-05)

Bug Fixes

Add include stub go files (6d725b1)
Add index to migration status (8c6ec27)
Add node_modules to format tasks (e5f6b36)
Add titles to identity schema (73c15d2)
Adopt to new go-swagger changes (5c45bd9)
Allow absolute file URLs as config values (#1069) (4bb4f67)
Allow hashtag in ui urls (#1040) (7591f07)
Avoid unicode-escaping ampersand in recovery URL query string (#1212) (d172368)
Bcrypt regression in credentials counting (23fc13b)
Broken make quickstart-dev task (#980) (999828a), closes #965
Broken make sdk task (#977) (5b01c7a), closes #950
Call contextualized test helpers (e1f3f78)
Code integer parsing bit size (#1178) (31e9632):

In some cases we had a wrong bitsize of 64, while the var was later cast to int. Replaced with a bitsize of 0, which is the value to cast to int.
Contextualize identity persister (f8640c0)
Convert all identifiers to lower case on login (#815) (d64b575), closes #814
Courier adress (#1198) (ebe4e64), closes #1194
Courier message dequeue race condition (#1024) (5396a82), closes #652 #732:

Fixes the courier message dequeuing race condition by modifying *sql.Persister.NextMessages(ctx context.Context, limit uint8) to retrieve only messages with status MessageStatusQueued and update the status of the retrieved messages to MessageStatusProcessing within a transaction. On message send failure, the message's status is reset to MessageStatusQueued, so that the message can be dequeued in a subsequent NextMessages call. On message send success, the status is updated to MessageStatusSent (no change there).
Define credentials types as sql template and resolve crdb issue (a2d6eeb)
Dereference pointer types from new flow structures (#1019) (efedc92)
Do not include smtp in tracing (#1268) (bbfcbf9)
Do not publish version at public endpoint (3726ed4)
Do not reset registration method (554bb0b)
Do not return system errors for missing identifiers (1fcc855), closes #1286
Export mailhog dockertest runner (1384148)
Fix random delay norm distribution math (#1131) (bd9d28f)
Fork audit logger from root logger (68a09e7)
Gitlab oidc flow (#1159) (0bb3eb6), closes #1157
Give specific message instead of only 404 when method is disabled (#1025) (2f62041):

Enabled strategies are not only used for handlers but also in other areas (e.g. populating the flow methods). So we should keep the logic to get enabled strategies and add new functions for getting all strategies.
Ignore unset domain aliases (ada6997)
Improve cli error output (43e9678)
Improve error stack trace (4351773)
Improve error tracing (#1005) (456fd25)
Improve test contextualization (2f92a70)
Initialize randomdelay with seeded source (9896289)
Insert credentials type constants as part of migrations (#865) (92b79b8), closes #861
Linking a connection may result in system error (#990) (be02a70), closes #694
Marking whoami auhorization parameter as 'in header' (#1244) (62d8b85), closes #1215
Move schema loaders to correct file (029781f)
Move to new transaction-safe migrations (#1063) (2588fb4):

This patch introduces a new SQL transaction model for running SQL migrations. This fix is particularly targeted at CockroachDB which has limited support for mixing DDL and DML statements.

Previously it could happen that migrations failure needed manual intervention. This has now been resolved. The new migration model is compatible with the old one and should work without a problem.
Pass down context to registry (0879446)
Re-enable SDK generation (1d5854d)
Record cypress runs (db35d8f)
Rehydrate settings form on successful submission (3457e1a), closes #1305
Remove absolete 'make pack' from Dockerfile (#1172) (b8eb908)
Remove continuity cookies on errors (85eea67)
Remove include stubs (1764e3a)
Remove obsolete clihelpers (230fd13)
Remove record from bash script (84a9315)
Remove stray non-ctx configs (#1053) (1fe137e)
Remove trailing double-dot from error (59581e3)
Remove unused sql migration (1445d1d)
Remove unused var (30a8cee)
Remove verify hook (98cfec6), closes #1302:

The verify hook is automatically used when verification is enabled and has been removed as a configuration option.
Replace jwt module (#1254) (3803c8c), closes #1250
Resolve build and release issues (fb582aa)
Resolve clidoc issues (599e9f7)
Resolve compile issues (63063c1)
Resolve contextualized table issues (5a4f0d9)
Resolve crdb migration issue (9f6edfd)
Resolve double hook invokation for registration (032322c)
Resolve incorrect field types on oidc sign up completion (f88b6ab)
Resolve lint issues (0348825)
Resolve lint issues (75a995b)
Resolve linting issues and disable nancy (c8396f6)
Resolve mail queue issues (b968bc4)
Resolve merge regressions (9862ac7)
Resolve oidc e2e regressions (f28087a)
Resolve oidc regressions and e2e tests (f5091fa)
Resolve potential fsnotify leaks (3159c0a)
Resolve regressions and test failures (8bae356)
Resolve regressions in cookies and payloads (9e34bf2)
Resolve settings sudo regressions (4b611f3)
Resolve test regressions (e3fb028)
Resolve ui issues with nested form objects (8e744b9)
Resolve update regression (d0d661a)
Return delay instead of sleeping to improve tests (27b977e)
Revert generator changes (c18b97f)
Run correct error handler for registration hooks (0d80447)
Simplify data breaches password error reason (#1136) (33d29bf):

This PR simplifies the error reason given when a password has appeared in data breaches to not include the actual number and rather just show "this password has appeared in data breaches and must not be used".
Support form and json formats in decoder (d420fe6)
Update openapi definitions for signup (eb0b69d)
Update quickstart node image (c19b2f4):

See ory#1301
cmd: Make HTTP calls resilient (e8ed61f)
hashing: Make bcrypt default hashing algorithm (04abe77)
Update to new goreleaser config (4c2a1b7)
Update to new healthx (6ec987a)
Use equalfold (1c0e52e)
Use new TB interface (d75a378)
Use numerical User ID instead of name to avoid k8s security warnings (#1151) (468a12e):

Our docker image scanner does not allow running processes inside container using non-numeric User spec (to determine if we are trying to run docker image as root).
Use remote dependencies (1e56457)

Code Refactoring

Adapt new sdk in testhelpers (6e15f6f)
Add nid everywhere (407fd95)
Contextualize everything (7ebc3a9):

This patch contextualizes all configuration and DBAL models.
Do not use prefixed node names (fc42ece)
Improve Argon2 tooling (#961) (3151187), closes #955:

This adds a load testing CLI that allows to adjust the hasher parameters under simulated load.
Move faker to exportable module (09f8ae5)
Move migratest helpers to ory/x (7eca67e)
Move password config to selfservice (cd0e0eb)
Move to go 1.16 embed (43c4a13):

This patch replaces packr and pkged with the Go 1.16 embed feature.
Remove password node attribute prefix (e27fae4)
Remove profile node attribute prefix (a3ff6f7)
Rename config structs and interfaces (4a2f419)
Rename form to container (5da155a)
Replace flow's forms with new ui node module (647eb1e)
Replace flow's forms with new ui node module (f74a5c2)
Replace login flow methods with ui container (d4ca364)
Replace recovery flow methods with ui container (cac0456)
Replace registration flow methods with ui container (3f6388d)
Replace settings flow methods with ui container (0efd17e)
Replace verification flow methods with ui container (dbf2668)
Replace viper with koanf config management (5eb1bc0)
Update RegisterFakes calls (6268310)
Use underscore in webhook auth types (26829d2)

Documentation

Add docker to docs main (8ce8b78)
Add docker to sidebar (ed38c88)
Add dotnet sdk (#1183) (32d874a)
Add faq sidebar (#1105) (10697aa)
Add log docs to schema config (4967f11)
Add more HA docs (cbb2e27)
Add Rust and Dart SDKs (6d96952):

We now support for Rust and Dart SDKs!
Add SameSite help (2df6729)
Add shell-session language (d16db87)
Add ui node docs (e48a07d)
Adding double colons (#1187) (fc712f4)
Bcrypt is default and add 72 char warning (29ae53a)
Better import identities examples (#997) (2e2880a)
Change forum to discussions readme (#1220) (ae39956)
Describe more about Kratos login/browser flow on quickstart doc (#1047) (fe725ad)
Docker file links (#1182) (4d9b6a3)
Document hash timing attack mitigation (ec86993)
Explain how to use after_verification_return_to (7e1546b)
FAQ improvements (#1135) (44d0bc9)
FAQ item & minor changes (#1174) (11cf630)
Fix broken link (#1037) (6b9aae8)
Fix failing build (0de328f)
Fix formatting (#966) (687251a)
Fix identity state bullets (#1095) (f476334)
Fix known/unknown email account recovery (#1211) (e208ca5)
Fix link (7f6d7f5)
Fix link (#1128) (e7043e9)
Fix link to blogpost (#949) (4622e32), closes #945
Fix link to self-service flows overview (#995) (2be8778)
Fix note block in third party login guide (#920) (745cea0):

Allows the document to render properly
Fix npm links (#991) (4ce4468)
Fix self-service code flows labels (#1253) (f2ed424)
Fix typo in README (#1122) (e500707)
Link to argon2 blogpost and add cross-references (#1038) (9ab7c3d)
Make explicit the ID of the default schema (#1173) (cc6e9ff)
Minor cosmetics (#1050) (34db06f)
Minor improvements (#1052) (f0672b5)
ORY -> Ory (ea30979)
Reformat settings code samples (cdbbf4d)
Remove unnecessary and wrong docker pull commands (#1203) (2b0342a)
Resolve duplication error (a3d8284)
Update build from source (9b5754f), closes #979
Update email template docs (1778cb9), closes #897
Update identity-data-model links (b5fd9a3)
Update identity.ID field documentation (4624f03):

See ory#956
Update kratos video link (#1073) (e86178f)
Update login code samples (695a30f)
Update login code samples (ce6c755)
Update quickstart samples (c3fcaba)
Update recovery code samples (d9fbb62)
Update registration code samples (317810f)
Update self-service code samples (6415011)
Update settings code samples (bbd6266)
Update verification code samples (4285dec)
Use correct extension for identity-data-model (acab3e8), closes /github.com/ory/kratos/pull/1197#issuecomment-819455322
prometheus: Update codedoc (47146ea)

Features

Add email template specification in doc (#898) (4230d9e)
Add error for when no login strategy was found (6bae66c)
Add facebook provider to oidc providers and documentation (#1035) (905bb03), closes #1034
Add FAQ to docs (#1096) (9c6b68c)
Add gh login to claims (49deb2e)
Add login strategy text message (7468c83)
Add more tests for multi domain args (e99803b)
Add Prometheus monitoring to Public APIs (#1022) (75a4f1a)
Add random delay to login flow (#1088) (cb9894f), closes #832
Add return_url to verification flow (#1149) (bb99912), closes #1123 #1133
Add sql migrations for new login flow (e947edf)
Add sql tracing (3c4cc1c)
Add tracing to config schema (007dde4)
Add transporter with host modification (2c41b81)
Add workaround template for go openapi (5d72d10)
Adds slack sogial login (#974) (7c66053), closes #953
Allow session cookie name configuration (77ce316), closes #268
Allow specifying sender name in smtp.from_address (#1100) (5904fe3)
Bcrypt algorithm support (#1169) (b2612ee):
This patch adds the ability to use BCrypt instead of Argon2id for password hashing. We recommend using BCrypt for web workloads where password hashing should take around 200ms. For workloads where login takes >= 2 seconds, we recommend to continue using Argon2id.

To use bcrypt for password hashing, set your config as follows:
```
hashers:
bcrypt:
   cost: 12
 algorithm: bcrypt
```
Switching the hashing algorithm will not break existing passwords!

Co-authored-by: Patrik zepatrik@users.noreply.github.com
Check migrations in health check (c6ef7ad)
Configure domain alias as query param (9d8563e)
Contextualize configuration (d3d5327)
Contextualize health checks (8145a1c)
Contextualize http client in cli calls (3b3ef8f)
Contextualize persitence testers (6440373)
Courier foreground worker with "kratos courier watch" (#1062) (500b8ba), closes #1033 #1024:

BREACKING CHANGES: This patch moves the courier watcher (responsible for sending mail) to its own foreground worker, which can be executed as a, for example, Kubernetes job.

It is still possible to have the previous behaviour which would run the worker as a background task when running kratos serve by using the --watch-courier flag.

To run the foreground worker, use kratos courier watch -c your/config.yaml.
Do not enforce bcrypt 12 for dev envs (bbf44d8)
Email input validation (#1287) (cd56b73), closes #1285
Export and add config options (4391fe5)
Expose courier worker (f50969e)
Expose crdb ui (504d518)
Global docs sidebar (#1258) (7108262)
Implement and test domain aliasing (1516a54):

This patch adds a feature called domain aliasing. For more information, head over to http://ory.sh/docs/kratos/next/guides/multi-domain-cookies
Improve oas spec and fix mobile tests (4ead2c8)
Improve sorting of ui fields (797b49d):

See ory#1196
Include schema (348a493)
Make cli commands consumable in Ory Cloud (#926) (fed790b)
Migrate to openapi v3 (595224b)
Populate email templates at delivery time, add plaintext defaults (#1155) (7749c7a), closes #1065
Sort and label nodes with easy to use defaults (cbec27c):
Ory Kratos takes a guess based on best practices for
- ordering UI nodes (e.g. email, password, submit button)
- grouping UI nodes (e.g. keep password and oidc nodes together)
- labeling UI nodes (e.g. "Sign in with GitHub")
- using the "title" attribute from the identity schema to label trait fields
This greatly simplifies front-end code on your end and makes it even easier to integrate with Ory Kratos! If you want a custom experience with e.g. translations or other things you can always adjust this in your UI integration!
Support base64 inline schemas (815a248)
Support contextual csrf cookies (957ef38)
Support domain aliasing in session cookie (0681c12)
Support label in oidc config (a99cdcd)
Support retryable CRDB transactions (f0c21d7)
Unix sockets support (#1255) (ad010de)
Web hooks support (recovery) (#1289) (3e181fe), closes #271:

feat: web hooks for self-service flows

This feature adds the ability to define web-hooks using a mixture of configuration and JsonNet. This allows integration with services like Mailchimp, Stripe, CRMs, and all other APIs that support REST requests. Additional to these new changes it is now possible to define hooks for verification and recovery as well!

For more information, head over to the hooks documentation.
courier: Allow sending individual messages (cbb2c0b)
oidc: Support google hd claim (#1097) (1f20a5c)
schema: Add totp errors (a61f881)

Tests

Add case to ensure correct behavior when verifying a different email address (#999) (f95a117), closes #998
Add oasis test case (f80691b)
Bump poll interval (b3dc925)
Bump video quality (b7f8d04)
Bump wait times (b2e43f8)
Clean up hydra env before restart (cf49414)
Longer wait times (4bec9ef)
Reliable migration tests on crdb (2e3764b)
Remove old noop test (16dca3f)
Resolve compile issues (c1b5ba4)
Resolve flaky tests (cb670a8)
Resolve json parser test regression (a1b9b9a)
Resolve login integration regressions (388b5b2)
Resolve migration regression (2051a71)
Resolve more json parser test regressions (ff791c4)
Resolve regression (e2b0ad3)
Update schema tests for webhooks (d1ddfa8)
e2e: Significantly reduce wait and idle times (f525fc5)
Resolve more regressions (c5a23af)
Resolve order regression (40a849c)
Resolve regression (f0c9e5f)
Resolve regressions (4b9da3c)
Resolve stub regressions (82650cf)
Resolve test migrations (de0b65d)
Resolve test regression issues (ccf9fed)
Speed up tests (a16737c)
Update test description (55fb37f)
Use bcrypt cost 4 to reduce CI times (cabe97d)
Use fast bcrypt for e2e (d90cf13)

Unclassified

Format (e4b7e79)
Format (193d266)
Format (1ebfbde)
Format (ba1eeef)
Format (ada5dbb)
Initial documentation tests via Text-Runner (#567) (c30eb26)
fix: resolve clidoc issues (#976) (346bc73), closes #976 #951
Format (17a0bf5)
🐛 fix ory home directory path (#897) (2fca2be), closes #897
Fix typo in config schema (16337f1)

BREAKING CHANGES

hashing: BCrypt is now the default hashing alogrithm. If you wish to continue using Argon2id please set hashers.algorithm to argon2.
This implies a significant breaking change in the verification flow payload. Please consult the new ui documentation. In essence, the login flow's methods key was replaced with a generic ui key which provides information for the UI that needs to be rendered.

To apply this patch you must apply SQL migrations. These migrations will drop the flow method table implying that all verification flows that are ongoing will become invalid. We recommend purging the flow table manually as well after this migration has been applied, if you have users doing at least one self-service flow per minute.

This implies a significant breaking change in the recovery flow payload. Please consult the new ui documentation. In essence, the login flow's methods key was replaced with a generic ui key which provides information for the UI that needs to be rendered.

To apply this patch you must apply SQL migrations. These migrations will drop the flow method table implying that all recovery flows that are ongoing will become invalid. We recommend purging the flow table manually as well after this migration has been applied, if you have users doing at least one self-service flow per minute.

This implies a significant breaking change in the settings flow payload. Please consult the new ui documentation. In essence, the login flow's methods key was replaced with a generic ui key which provides information for the UI that needs to be rendered.

To apply this patch you must apply SQL migrations. These migrations will drop the flow method table implying that all settings flows that are ongoing will become invalid. We recommend purging the flow table manually as well after this migration has been applied, if you have users doing at least one self-service flow per minute.

This implies a significant breaking change in the registration flow payload. Please consult the new ui documentation. In essence, the login flow's methods key was replaced with a generic ui key which provides information for the UI that needs to be rendered.

To apply this patch you must apply SQL migrations. These migrations will drop the flow method table implying that all registration flows that are ongoing will become invalid. We recommend purging the flow table manually as well after this migration has been applied, if you have users doing at least one self-service flow per minute.

This implies a significant breaking change in the login flow payload. Please consult the new ui documentation. In essence, the login flow's methods key was replaced with a generic ui key which provides information for the UI that needs to be rendered.

To apply this patch you must apply SQL migrations. These migrations will drop the flow method table implying that all login flows that are ongoing will become invalid. We recommend purging the flow table manually as well after this migration has been applied, if you have users doing at least one self-service flow per minute.

This change introduces a new feature: UI Nodes. Previously, all self-service flows (login, registration, ...) included form fields (e.g. methods.password.config.fields). However, these form fields lacked support for other types of UI elements such as links (for e.g. "Sign in with Google"), images (e.g. QR codes), javascript (e.g. WebAuthn), or text (e.g. recovery codes). With this patch, these new features have been introduced. Please be aware that this introduces significant breaking changes which you will need to adopt to in your UI. Please refer to the most recent documentation to see what has changed. Conceptionally, most things stayed the same - you do however need to update how you access and render the form fields.

Please be also aware that this patch includes SQL migrations which purge existing self-service forms from the database. This means that users will need to re-start the login/registration/... flow after the SQL migrations have been applied! If you wish to keep these records, make a back up of your database prior!

This change introduces a new feature: UI Nodes. Previously, all self-service flows (login, registration, ...) included form fields (e.g. methods.password.config.fields). However, these form fields lacked support for other types of UI elements such as links (for e.g. "Sign in with Google"), images (e.g. QR codes), javascript (e.g. WebAuthn), or text (e.g. recovery codes). With this patch, these new features have been introduced. Please be aware that this introduces significant breaking changes which you will need to adopt to in your UI. Please refer to the most recent documentation to see what has changed. Conceptionally, most things stayed the same - you do however need to update how you access and render the form fields.

Please be also aware that this patch includes SQL migrations which purge existing self-service forms from the database. This means that users will need to re-start the login/registration/... flow after the SQL migrations have been applied! If you wish to keep these records, make a back up of your database prior!

The configuration value for hashers.argon2.memory is now a string representation of the memory amount including the unit of measurement. To convert the value divide your current setting (KB) by 1024 to get a result in MB or 1048576 to get a result in GB. Example: 131072 would now become 128MB.

Co-authored-by: aeneasr 3372410+aeneasr@users.noreply.github.com Co-authored-by: aeneasr aeneas@ory.sh

Please run SQL migrations when applying this patch.
The following configuration keys were updated:

selfservice.methods.password.config.max_breaches

password.max_breaches -> selfservice.methods.password.config.max_breaches
password.ignore_network_errors -> selfservice.methods.password.config.ignore_network_errors

After battling with spf13/viper for several years we finally found a viable alternative with knadh/koanf. The complete internal configuration infrastructure has changed, with several highlights:

Configuration sourcing works from all sources (file, env, cli flags) with validation against the configuration schema, greatly improving developer experience when changing or updating configuration.
Configuration reloading has improved significantly and works flawlessly on Kubernetes.
Performance increased dramatically, completely removing the need for a cache layer between the configuration system and ORY Hydra.
It is now possible to load several config files using the --config flag.
Configuration values are now sent to the tracer (e.g. Jaeger) if tracing is enabled.

Please be aware that ORY Kratos might complain about an invalid configuration, because the validation process has improved significantly.

0.5.5-alpha.1 (2020-12-09)

Bug Fixes

CSRF token is required when using the Revoke Session API endpoint (#839) (d3218a0), closes #838
Incorrect home path (#848) (5265af0)
Make password policy configurable (#888) (7a00483), closes #450 #316:

Allows configuring password breach thresholds and optionally enforces checks against the HIBP API.
Remove obsolete types (#887) (b8bac7a), closes #716
Set samesite attribute to lax if in dev mode (#824) (91d6698), closes #821
Use working cache-control header for cdn/proxies/cache (#869) (d8e3d40), closes #601

Documentation

Add contributing to sidebar (#866) (44f33f9):

The same change as in ory/hydra#2209
Add newsletter to config (1735ca2)
Add recovery flow (#868) (d95cfe9), closes #864:

Added a short section for the recovery flow on managing-user-identities.
Fix account recovery click instruction (#870) (383de9e)
Fix broken link (#893) (dec38a2), closes #835
Fix oidc config example structure (#845) (c102a68)
Fix redirect (#802) (b868782)
Fix typo (#847) (9b3da9f)
Fix typo (#881) (3078293)
Fix typo MKFA to MFA (#826) (a5613d0)
Remove workaround note (#886) (05409bc), closes #718
Swagger specs for selfservice settings browser flow (#825) (28d50f4)
Update oidc provider with json conf support (#833) (670eb37)

Features

Add return_to parameter to logout flow (#823) (1c146dd), closes #702
Add selinux compatible quickstart config (#889) (0f87948), closes #831

Tests

Ensure registration runs only once (#872) (5ffc036)

Unclassified

docs: fix link and typo in Configuring Cookies (#883) (c51ed6b), closes #883

0.5.4-alpha.1 (2020-11-11)

Bug Fixes

Case in settings handler method (#798) (83eb4e0)
Force brew install statement (#796) (ad542ad):

Closes ory/homebrew-kratos#1

Code Refactoring

Move pkger and ioutil helpers to ory/x (60a0fc4)

Documentation

Fix another broken link (15bae9f)
Fix broken links (#795) (0ab0e7e), closes #793
Fix broken relative link (#812) (b32b173)
Fix links (#800) (5fcc272)
Fix oidc config examples (#799) (8a4f480)
Fix self-service recovery flow typo (#807) (800110d)
Remove duplicate words & fix spelling (#810) (4e1b966)
Remove leftover category from reference sidebar (#813) (94fde51)
Use correct links (#797) (a4de293)

Features

Add helper for choosing argon2 parameters (#803) (ca5a69b), closes #723 #572 #647:

This patch adds the new command "hashers argon2 calibrate" which allows one to pick the desired hashing time for password hashing and then chooses the optimal parameters for the hardware the command is running on:
$ kratos hashers argon2 calibrate 500ms
Increasing memory to get over 500ms:
    took 2.846592732s in try 0
    took 6.006488824s in try 1
  took 4.42657975s with 4.00GB of memory
[...]
Decreasing iterations to get under 500ms:
    took 484.257775ms in try 0
    took 488.784192ms in try 1
  took 486.534204ms with 3 iterations
Settled on 3 iterations.

{
  "memory": 1048576,
  "iterations": 3,
  "parallelism": 32,
  "salt_length": 16,
  "key_length": 32
}

0.5.3-alpha.1 (2020-10-27)

Bug Fixes

Add "x-session-token" to default allowed headers (3c912e4)
Do not set cookies on api endpoints (2f67c28)
Do not set csrf cookies on potential api endpoints (4d97a95)
Ignore unsupported migration dialects (12bb8d1), closes #778:

Skips sqlite3 migrations when support is lacking.
Improve semver regex (584c0b5)
Properly set nosurf context even when ignored (0dcb774)
Update cypress (ba8b172)
Use correct regex for version replacement (ce870ab), closes #787

Documentation

Fix docosaurus admonitions (#788) (281a7c9)
Pin download script version (e4137a6)
Remove trailing garbage from quickstart (#787) (7e70924)

Features

Improve makefile install process and update deps (d1eb37f)

Tests

Add e2e tests for mobile (d481d51)
Add option to disable csrf protection in apis (a0077f1)
Bump wait time (7a719e1)
Install expo-cli globally (db21cfa)
Install expo-cli in cci config with sudo (d255f46)
Log wait-on output (62b5ba9)
Output web server address (cb41ca7)
Resolve csrf test issues in settings (ef8ba7d)
Resolve test panic (6f6461f)
Revert delay increase and improve install scripts (1eafcaa)

0.5.2-alpha.1 (2020-10-22)

Bug Fixes

Add debug quickstart yml (#780) (16e6b4d)
Gracefully handle double slashes in URLs (aeb9414), closes #779
Merge gobuffalo CGO fix (fea2e77)
Remove obsolete recovery_token and add link to schema (acf6ac4)
Return correct error in login csrf (dd9cab0), closes #785
Use correct assert package (76be5b0)

Documentation

Small improvements to discord oidc provider guide (#783) (6a3c453)

Tests

Add tests for csrf behavior (48993e2), closes #785
Mark link as enabled in e2e test (c214b81)
Resolve schema test regression (bb7af1b)

0.5.1-alpha.1 (2020-10-20)

Bug Fixes

Do not require sqlite without build tag (2ee787b)
Use extra dc config file for quickstart-dev (72c03f9)

Documentation

Fix spelling mistake (14e7f65)
Fix spelling mistake (#772) (bf401a2)
Improve schemas (#773) (e614859)

Features

Auto-update docker and git tags on release (08084a9)
Use fixed versions for docker-compose (e73c4ce)

Tests

Increase waittime (5e911d6)
Reduce flakes by increasing wait time for expiry test (cddf29e)

Unclassified

Format (8be02c8)

0.5.0-alpha.1 (2020-10-15)

Bug Fixes

Add missing 'recovery' path in oathkeeper access-rules.yml (#763) (f180dba)
Add missing error handling (43c1446)
Add ory-prettier-styles to main repo (#744) (aeaddbc)
Add remote help description (f66bbe1)
Add serve help description (2eb072b)
Allow using json with form layout in password registration (bd2225c)
Annotate whoami endpoint with cookie and token (a8a781c)
Bump datadog version to fix build failure (4dfd322)
Change KRATOS_ADMIN_ENDPOINT to KRATOS_ADMIN_URL (763fdc5)
Clarify fetch use (8eb2e6f)
Complete verification by redirecting to UI with success (f0ecf51)
Correct cookie domain on logout (#646) (6d77e04), closes #645
Correct help message for import (a5f46d2)
Correct password and profile swagger annotations (668c184)
Correct password registration method api spec (08dd582)
Correct PHONY spelling (#739) (e3d3617)
Cover more test cases for persister (37d2e08)
Create decoder only once (34dc43b)
Deprecate packr2 dependency in makefile (be9a84d), closes #711 #750
Do not propagate parent validation error (bf6093d)
Don't resend verification emails once verified (#583) (a4d9969), closes #578
Enforce endpoint to be set (171ac18)
Escape jsx characters in api documentation (0946094)
Exit with code 1 on unimplemented CLI commands (66943d7)
Explicitly ignore fprint return values (f50e582)
Explicitly ignore fprintf results (a83dc50)
Fallback to default return url if logout after url is not defined (#594) (7edd367)
Favor packr2 over pkger (ac18a45):

See markbates/pkger#117
Find and replace "request" references (41fb673)
Force exe buildmode for windows CGO (e017bb5)
Html form parse regression issue (6b07cbb)
Ignore x/net false positives (7044b95)
Improve debugging output for login hook and restructure files (dabac40)
Improve debugging output for registration hook and restructure files (ec11775)
Improve expired error responses (124a92e)
Improve hook tests (55ba485)
Improve makefile dependency building (8e1d69a)
Improve pagination when listing identities (c60bf44)
Improve post login hook log and audit messages (ddd5d5a)
Improve post registration hook log and audit messages (2495629)
Improve registration hook tests (8163152)
Improve session max-age behavior (65189fe), closes #42
Keep HTML form type on registration error (#698) (6c9e756), closes #670
Lowercase emails on login (244b4dd)
Mark flow methods' fields as required (#708) (834c607)
Merge public and admin login flow fetch handlers (48c4906)
Missing write in registration error handler (3b2af53)
Properly annotate swagger password parameters (2ef57c4)
Properly fetch identity for session (7be4086)
Recursive loop on network errors in password validator (#589) (b4d5a42), closes #316:

The old code no error when ignoreNetworkErrors was set to true, but did not set a hash result which caused an infinite loop.
Remove incorrect security specs (4c3d46d)
Remove obsolete tests (f102f95):

The test is no longer valid as CSRF checks now happen after checking for login sessions in settings flows.
Remove redirector from code base (6689ecf)
Remove stray debug statements (a8e1ec4)
Rename import to put (8003e0f)
Rename quickstart config files and path (#671) (be8b9e5)
Rename quickstart schema file name (e943c90)
Rename recovery models and generate SDKs (d764435)
Resolve and test for missing data when updating flows (045ecab)
Resolve broken csrf tests (6befe2e)
Resolve broken docs links (56f4a39)
Resolve broken migrations and bump fizz (1ed9c70)
Resolve broken OIDC tests and disallow API flows (9986d8f)
Resolve cookie issues (6e2b6d2)
Resolve e2e headless test failures (82d506e)
Resolve e2e test failures (2627db2)
Resolve failing test cases (f8647b4)
Resolve flaky passwort setting tests (#582) (c42d936), closes #581 #577
Resolve handler testing issue (4f6bafd)
Resolve identity admin api issues (#586) (feef8a7), closes #435 #500:

This patch resolves several issues that occurred when creating or updating identities using the Admin API. Now, all hooks are running properly and updating privileged properties no longer causes errors.
Resolve interface type issues (064b305)
Resolve logout csrf issues (#761) (74c0aac)
Resolve migratest failures (e2f34d3)
Resolve migratest ordering failing tests (dffecc0)
Resolve migration issues (b545e15)
Resolve panic on serve (ae34155)
Resolve panic when DSN="memory" (#574) (05e55f3):

Executing the migration logic in registry.go cause a panic as the registry is not initalized at that point. Therefore we decided to move the handling to driver_default.go, after the registry has been initialized.
Resolve pkger issues (294066c)
Resolve remaining testing issues (af40d93)
Resolve SQL persistence tester issues (4952df4)
Resolve swagger issues and regenerate SDK (be4c7e4)
Resolve template loading issue (145fb20)
Resolve test issues introduced by new csrf protection (625ef5e)
Resolve verification sql errors (784da53)
Resolves a bug that prevents sessions from expiring (#612) (86b281a), closes #611
Revert disabling swagger flatten during sdk generation (98c7915)
Set correct path for kratos in oathkeeper set up (414259f)
Set quickstart logging to trace (d3e9192)
Support browser flows only in redirector (cab5280)
Swagger models (1b5f9ab):

The swagger:parameters <id> definitions for updateIdentity and createIdentity where defined two times with the same ID. They had some old definition swagger used. The internal/httpclient should now work again as expected.
Tell tls what the smtps server name is (#634) (b724038)
Type (e264c69)
Update cli documentation examples (216ea7f)
Update contrib samples (79d24b4)
Update crdb quickstart version (249a6ba)
Update import description (aef1e1a)
Update quickstart kratos config (e3246e5)
Update recovery token field and column names (42abfa1)
Update status help description (b147831)
Update swagger names and fix broken tests (85b7fb1)
Update version help description (8bf4a79)
Use and test for csrf tokens and prevent api misuse (a4e3bc5)
Use correct HTTP method for password login (4f4fcee)
Use correct log message (53c384a)
Use correct redirection for registration (8d47113)
Use correct security annotation (c9bebe0)
Use correct swagger tags and regenerate (df99d8c)
Use helpers to create flow (aba8610)
Use nosurf fork to address VerifyToken bug (cd84e51)
Use params per_page and page for pagination (5dfb6e3)
Use proper pwd in makefile (52e22c3)
Use public instead of common sdk (dcb4a36)
Use relative threshold to judge longest common substring in password policy (#585) (3e9f8cc), closes #581
Whoami returns 401 not 403 (3b3b78c), closes #729

Code Refactoring

Add flow methods to verification (00ee828):
Completely refactors the verification flow to support other methods. The original email verification flow now moved to the "link" method also used for recovery.

Additionally, several upstream bugs in gobuffalo/pop and gobuffalo/fizz have been addressed, patched, and merged which improves support for SQLite and CockroachDB migrations:
- gobuffalo/fizz#97
- gobuffalo/fizz#96
Add method and rename request to flow (006bf56)
Change oidc callback URL (36d9380)
Complete login flow refactoring (ad2b3db)
Dry up login.NewFlow (f261c44)
Improve CSRF infrastructure (7e367e7)
Improve login test reuse (b4184e5)
Improve NewFlowExpiredError (1caefac)
Improve registration tests with testhelpers (9bf4530)
Improve selfservice method tests (df4d06d)
Improve settings helper functions (fda17ca)
Move samesite config to cookie parent-key (753eb86)
Moved clihelpers to ory/x (#756) (6ccffa8):

Contributes to ory/hydra#2124.
Profile settings method is now API-able (c5f361f)
Remove common keyword from API spec (6619562)
Remove need for reverse proxy in selfservice-ui (beb4c32), closes #661
Rename session.sid to session.id (809fe73)
Rename login request to login flow (9369d1b), closes #635:

As part of this change, fetching a login flow over the public API no longer requires Anti-CSRF cookies to be sent.
Rename LoginRequestErrorHandler to LoginFlowErrorHandler (66ae029)
Rename package recoverytoken to link (f87fb54)
Rename recovery request to flow internally (16c5618)
Rename recovery request to recovery flow (b0f433d), closes #635:

As part of this change, fetching a login flow over the public API no longer requires Anti-CSRF cookies to be sent.
Rename registration request to flow (8437ebc)
Rename registration request to registration flow (0470956), closes #635:

As part of this change, fetching a registration flow over the public API no longer requires Anti-CSRF cookies to be sent.
Rename request_lifespan to lifespan (#677) (3c8d5e0), closes #666
Rename strategies to methods (8985189):

This patch renames strategies such as "Username/Email & Password" to methods.
Rename verify to verificaiton (#597) (0ecd69a)
Replace all occurrences of login request to flow (1b3c491)
Replace all registration request occurrences with registration flow (308ef47)
Replace packr2 with pkger fork (4e2acae)
Restructure login package (c99e2a2)
Use session token as cookie identifier (60fd9c2)

Documentation

Add administrative user management guide (b97e0c6)
Add code samples to session checking (eba8eda)
Add configuring introduction (#630) (b8cfb35)
Add descriptions to cobra commands (607b76d)
Add documentation for configuring cookies (e3dbc8a), closes #516
Add domain, subdomain, multi-domain cookie guides (3eb1e59), closes #661
Add github video tutorial (#622) (0c4222c)
Add guide for cors (a8ae759)
Add guide for cors (91fd278)
Add guide for dealing with login sessions (4e2718c)
Add identity state (fb4aedb)
Add login session to navbar (b212d64)
Add milestones to sidebar (aae13ec)
Add missing GitLab provider to the list of supported OIDC providers (#766) (a43ed33)
Add missing TOC entries (#748) (bd7edfb)
Add pagination docs (7fe0901)
Add secret key rotation guide (3d6e21a)
Add sequence diagrams for browser/api flows (590d767)
Add session hook to ssi guide (#623) (1bbed39)
Add terminology section (29b81a7)
Add theme helpers and decouple mermaid (7c3eb32)
Add video to OIDC guide (#619) (f286980)
Added sidebar cli label (5d24a29):

clidoc.Generate expects to find an entry under sidebar.json/Reference that contains the substring "CLI" in it's label. Because that was missing, a new entry was appended on every regeneration of the file.
Added sidebar item (#639) (8574761):

Added Kratos Video Tutorial Transcripts document to sidebar.
Added transcript (#627) (cec7f1f):

Added Login with Github Transcript
Adds twitch oidc provider guide (#760) (339e622)
Bring oidc docs up to date (7d0e470)
Changed transcript location (#642) (c52764d):

Changed the location so it is in the right place.
Clarify 302 redirect on expired login flows (ca31b53)
Clarify api flow use (a38b4a1)
Clarify feature-set (2266ae7)
Clarify kratos config snippet (e7732f3)
Clean up docs and correct samples (8627ec5)
Complete registration documentation (b3af02b)
Consistent formatting of badges (#745) (b391a03)
Correct settings and verification redir (30e25e7)
Docker image documentation (#573) (bfe032e)
Document APi flows in self-service overview (71ed0bd)
Document how to check for login sessions (9ad73b8)
Explain high-level API and browser flows (fe3ee0a)
Fix logout url (#593) (f0971d4)
Fix sidebar missing comment (d90123a)
Fix typo (c2f94da)
Fix typo on index page (#656) (907add5)
Fix url of admin-api /recovery/link (#650) (e68c7cb)
Fixed link (c2aebbd)
Fixed link (#629) (ad1276f)
Fixed typos/readability (#620) (7fd3ce0):

Fixed a few typos, and moved some sentences around to improve readability.
Fixed typos/readability (#621) (c4fc75f)
Import mermaid (#696) (6f75004)
Improve charts and examples in self-service overview (312c91d)
Improve documentation and add tests (3dde956)
Improve long messages and render cli documentation (e5fc02f)
Make assumptions neutral in concepts overview (e89d980)
Move development section (2e6f643)
Move hooks (c02b588)
Move to json sidebar (504af3b)
Password login and registration methods for API clients (5a44356)
Prettify all files (#743) (d9d1bfd)
Quickstart next steps (#676) (ee9dd0d):

Added a section outlining some easy config changes, that users can apply to the quickstart to test out different scenarios and configurations.
Refactor login and registration documentation (c660a04)
Refactor settings and recovery documentation (11ca9f7)
Refactor verification docs (70f2789)
Regenerate clidocs with up-to-date binary (e53289c)
Remove make tools task (ec6e664), closes #711 #750:

This task does not exist any more and the dependency building is much smarter now.
Remove contraction (#747) (cd4f21d)
Remove duplicate word (b84e659)
Remove duplicate word (#700) (a12100e)
Remove react native guide for now (daa5f2e)
Rename self service and add admin section (639c424)
Replace ampersand (#749) (8337b80)
Resolve regression issues (0470fd7)
Resolve typo in message IDs (562cfc4)
Resolve typo in message IDs (#607) (f7688f0)
Update cli docs (085efca)
Update link to mfa issue (d03a706)
Update links (a06fd88)
Update MFA link to issue (#690) (7a744ad):

MFA issue was pushed to a later milestone. Update the documentation to point to the issue instead of the milestone.
Update repository templates (f422485)
Update repository templates (#678) (bdb6875)
Update sidebar (ea15c20)
Update ts examples (65cb46e)
Use correct id for multi-domain-cookies (b49288a)
Use correct path in 0.4 docs (9fcaac4), closes #588
Use NYT Capitalization for all Swagger headlines (#675) (6c96429), closes #664

Features

Add ability to configure session cookie domain/path (faeb332), closes #516
Add and improve settings testhelpers (10a43fc)
Add bearer helper (ec6ca20)
Add config version schema (#608) (d218662), closes #590
Add discord oidc provider (#767) (487296d)
Add enum to form field type (96028d8)
Add flow type to login (ce9133b)
Add HTTP request flow validator (1a6e847)
Add new prometheus metrics endpoint #672 (#673) (0f5c436):

Adds endpoint /metrics for prometheus metrics collection to the Admin API Endpoint.
Add nocache helpers (54dcc4d)
Add pagination tests (e3aa81b)
Add session token security definition (d36c26f):

Adds the new Session Token as a Swagger security definition to allow setting the session token as a Bearer token when calling /sessions/whoami.
Add stub errors to errorx (5d452bb), closes #610
Add test helper for fetching settings requests (3646383)
Add tests and helpers to test recovery/verifiable addresses (#579) (29979e6), closes #576
Add tests to cover auth (c9d3a15)
Add texts for settings (795548c)
Add the already declared (and settable) tracer as a middleware (#614) (e24fffe)
Add token to session (08c8c78)
Add type to all flows in SQL (5515776)
Allow import/validation of arrays (d11ac32)
Bump cli and migration render tasks (6dcb42a)
Finalize tests for registration flow refactor (8e52c3a)
Finish off client cli (36d60c7)
Implement administrative account recovery (f5f9c43)
Implement API flow for recovery link method (d65bf66)
Implement API-based tests for password method settings flows (60664aa)
Implement max-age for session cookie (2e642ff), closes #326
Implement tests and anti-csrf for API settings flows (8b8b6e5)
Implement tests for new migrations (e08ece9)
Improve test readability for password method (a896d9b)
Log successful hook execution (f6026cf)
Log successful hook execution (1e7d044)
Make login error handle JSON aware (88f581f)
Make password settings method API-able (0cf6027)
Make public cors configurable (863a0d4), closes #712
Oidc provider claims config option (#753) (bf94a40), closes #735
Reply with cache-control: 0 for browser-facing APIs (1a45b53), closes #360
Schemas are now static assets (1776d58)
Support and document api flow in session issuer hook (91f3cc7)
Support application/json in registration (3476b97), closes #44
Support custom session token header (56bec76):

The /sessions/whoami endpoint now accepts the ORY Kratos Session Token in the X-Session-Token HTTP header.
Support GitLab OIDC Provider (#519) (8580d96), closes #518
Support json payloads for login and password (354e8b2)
Support JSON payloads in password login flow (dd32c23)
Support session token bearer auth and lifecycle (c12600a):

This patch adds support for issuing, validating, and revoking session tokens. Session tokens carry a reference to a session, and are equal to session cookies but can be used on environments which do not support cookies (e.g. React Native) by sending them in the Bearer Authorization.
Update migration tests (fb28173)
Use uri-reference for ui_url etc. to allow relative urls (#617) (2dba450)
Write request -> flow rename migrations (d7189a9)

Tests

Add handler update tests (aea1fb8), closes #325
Add init browser flow tests (f477ece)
Add test for no-cache on public router (b8aa63b)
Add test for registration request (79ed63c)
Add tests for registration flows (4772f71)
Complete test suite for API-based auth (fb9d62f)
Implement API login password tests (8bfd5f2)
Implement API registration password tests (db178b7)
Replace e2e-memory with unit test (52bd839), closes #580
Resolve broken decoder tests (07add1b)
Use correct hook in test (421320c)

Unclassified

Format (e61a51d)
Format (1e5b738)
Format code (c3b5ff5)
u (e207a6a)
As part of this change, fetching a settings flow over the public API no longer requires Anti-CSRF cookies to be sent. (31d560e), closes #635
Create labels.json (68b1f6f)
Add codedoc to identifier hint block (6fe840f)

BREAKING CHANGES

The "common" keyword has been removed from the Swagger 2.0 spec which deprecates the common module / package / class (depending on the generated SDK). Please use public or admin instead!

Additionally, the SDK for TypeScript now uses the fetch API which allows the SDK to be used in both client-side as well as server-side contexts. Please note that several methods and parameters in the generated TypeScript SDK have changed. Please check the TypeScript results to see what needs to be changed!

This patch changes the OpenID Connect and OAuth2 ("Sign in with Google, Facebook, ...") Callback URL from http(s)://<kratos-public>/self-service/browser/flows/strategies/oidc/<provider> to http(s)://<kratos-public>/self-service/methods/oidc/<provider>. To apply this patch, you need to update these URLs at the OAuth2 Client configuration pages of the individual OpenID Conenct providers (e.g. GitHub, Google).
Configuration key selfservice.strategies was renamed to selfservice.methods.
This patch significantly changes how email verification works. The Verification Flow no longer uses its own system but now re-uses the API and Browser flows and flow methods established in other components such as login, recovery, registration.

Due to the many changes these patch notes does not cover how to upgrade this particular flow. We instead want to kindly ask you to check out the updated documentation for this flow at: https://www.ory.sh/kratos/docs/self-service/flows/verify-email-account-activation

This patch changes the SQL schema and thus requires running the SQL Migration command (e.g. ... migrate sql). Never apply SQL migrations without backing up your database prior.

Configuration items selfservice.flows.<name>.request_lifespan have been renamed to selfservice.flows.<name>.lifespan to match the new flow semantics.
Wording has changed from "Self-Service Recovery Request" to "Self-Service Recovery Flow" to follow community feedback and practice already applied in the documentation. Additionally, fetching a recovery flow over the public API no longer requires Anti-CSRF cookies to be sent.

This patch renames several important recovery flow endpoints:

/self-service/browser/flows/recovery is now /self-service/recovery/browser without functional changes.
/self-service/browser/flows/requests/recovery?request=abcd is now /self-service/recovery/flows?id=abcd and no longer needs anti-CSRF cookies to be available.

Additionally, the URL for completing the password and oidc recovery method has been moved. Given that this endpoint is typically not manually called, you can probably ignore this change:

/self-service/browser/flows/recovery/link?request=abcd is now /self-service/recovery/methods/link?flow=abcd without functional changes.

The Recovery UI Endpoint no longer receives a ?request=abcde query parameter but instead a ?flow=abcde query parameter. Functionality did not change however.

As part of this change SDK methods have been renamed:

  const kratos = new CommonApi(config.kratos.public)
  // ...
- kratos.completeSelfServiceBrowserRecoveryLinkStrategyFlow(req.query.request)
+ kratos.completeSelfServiceRecoveryFlowWithLinkMethod(req.query.flow)

This patch requires you to run SQL migrations.

Wording has changed from "Self-Service Settings Request" to "Self-Service Settings Flow" to follow community feedback and practice already applied in the documentation.

This patch renames several important settings flow endpoints:

/self-service/browser/flows/settings is now /self-service/settings/browser without functional changes.
/self-service/browser/flows/requests/settings?request=abcd is now /self-service/settings/flows?id=abcd and no longer needs anti-CSRF cookies to be available.

Additionally, the URL for completing the password, profile, and oidc settings method has been moved. Given that this endpoint is typically not manually called, you can probably ignore this change:

/self-service/browser/flows/login/strategies/password?request=abcd is now /self-service/login/methods/password?flow=abcd without functional changes.
/self-service/browser/flows/strategies/oidc?request=abcd is now /self-service/methods/oidc?flow=abcd without functional changes.
/self-service/browser/flows/settings/strategies/profile?request=abcd is now /self-service/settings/methods/profile?flow=abcd without functional changes.

The Settings UI Endpoint no longer receives a ?request=abcde query parameter but instead a ?flow=abcde query parameter. Functionality did not change however.

As part of this change SDK methods have been renamed:

  const kratos = new CommonApi(config.kratos.public)
  // ...
- kratos.getSelfServiceBrowserSettingsRequest(req.query.request)
+ kratos.getSelfServiceSettingsFlow(req.query.flow)

  // You will most likely not be using this:
  const kratos = new PublicApi(config.kratos.public)
- kratos.completeSelfServiceBrowserSettingsPasswordStrategyFlow //...
- kratos.completeSelfServiceSettingsFlowWithPasswordMethod //..
- kratos.completeSelfServiceBrowserSettingsProfileStrategyFlow //...
- kratos.completeSelfServiceSettingsFlowWithProfileMethod //..

This patch requires you to run SQL migrations.

This patch makes the reverse proxy functionality required in prior versions of the self-service UI example obsolete. All examples work now with a simple set up and documentation has been added to assist in subdomain scenarios.
The session field sid has been renamed to id to stay consistent with other APIs which also use id terminology to clarify identifiers. The payload of, for example, /session/whoami has changed as follows:

  {
-   "sid": "abcde",
+   "id": "abcde",
    "expires_at": "..."
    "identity": {
      // ..
    }
  }

Wording has changed from "Self-Service Registration Request" to "Self-Service Registration Flow" to follow community feedback and practice already applied in the documentation. Additionally, fetching a login flow over the public API no longer requires Anti-CSRF cookies to be sent.

This patch renames several important registration flow endpoints:

/self-service/browser/flows/registration is now /self-service/registration/browser without behavioral change.
/self-service/browser/flows/requests/registration?request=abcd is now /self-service/registration/flows?id=abcd and no longer needs anti-CSRF cookies to be available.

Additionally, the URL for completing the password registration method has been moved. Given that this endpoint is typically not manually called, you can probably ignore this change:

/self-service/browser/flows/registration/strategies/password?request=abcd is now /self-service/registration/methods/password?flow=abcd without functional changes.
/self-service/browser/flows/strategies/oidc?request=abcd is now /self-service/methods/oidc?flow=abcd without functional changes.

The Registration UI Endpoint no longer receives a ?request=abcde query parameter but instead a ?flow=abcde query parameter. Functionality did not change however.

As part of this change SDK methods have been renamed:

  const kratos = new CommonApi(config.kratos.public)
  // ...
- kratos.getSelfServiceBrowserRegistrationRequest(req.query.request)
+ kratos.getSelfServiceRegistrationFlow(req.query.flow)

This patch requires you to run SQL migrations.

Existing login sessions will no longer be valid because the session cookie data model changed. If you apply this patch, your users will need to sign in again.
Wording has changed from "Self-Service Login Request" to "Self-Service Login Flow" to follow community feedback and practice already applied in the documentation. Additionally, fetching a login flow over the public API no longer requires Anti-CSRF cookies to be sent.

This patch renames several important login flow endpoints:

/self-service/browser/flows/login is now /self-service/login/browser without functional changes.
/self-service/browser/flows/requests/login?request=abcd is now /self-service/login/flows?id=abcd and no longer needs anti-CSRF cookies to be available.

Additionally, the URL for completing the password and oidc login method has been moved. Given that this endpoint is typically not manually called, you can probably ignore this change:

/self-service/browser/flows/login/strategies/password?request=abcd is now /self-service/login/methods/password?flow=abcd without functional changes.
/self-service/browser/flows/strategies/oidc?request=abcd is now /self-service/methods/oidc?flow=abcd without functional changes.

The Login UI Endpoint no longer receives a ?request=abcde query parameter but instead a ?flow=abcde query parameter. Functionality did not change however.

As part of this change SDK methods have been renamed:

  const kratos = new CommonApi(config.kratos.public)
  // ...
- kratos.getSelfServiceBrowserLoginRequest(req.query.request)
+ kratos.getSelfServiceLoginFlow(req.query.flow)

This patch requires you to run SQL migrations.

Configuraiton value session.cookie_same_site has moved to session.cookie.same_site. There was no functional change.

0.4.6-alpha.1 (2020-07-13)

Bug Fixes

Use proper binary name in dockerfile (d36bbb0)

0.4.5-alpha.1 (2020-07-13)

Bug Fixes

Ensure default_browser_return_url for flows is configured in after (#570) (cf9753c), closes #569
Require selfservice.default_browser_return_url to be set in config (#571) (af2af7d)

0.4.4-alpha.1 (2020-07-10)

Bug Fixes

Detection of SQLite memory mode (#564) (605cd57)
Improve goreleaser config (0f8a0d8)

Documentation

Add description for subkeys of serve (#562) (deae005)
Add section about password expiry (19c2414)
Specify the use of secrets (#565) (7680450)
Update upgrade guide (a40b1ec)

0.4.3-alpha.1 (2020-07-08)

Bug Fixes

Resolve goreleaser build issues (223571b)
Update install.sh script (883d99b)

0.4.2-alpha.1 (2020-07-08)

Bug Fixes

Ignore pkged generated files (1d385e4)

0.4.0-alpha.1 (2020-07-08)

Bug Fixes

Account recovery can't use recovery token (#526) (379f24e), closes #525
Add and document recovery to quickstart (c229c54)
Add pkger to docker builds (d3ef5a0)
Allow linking oidc credentials without existing oidc connection (#548) (39c1234), closes #532
Bump pop version (#558) (9e46cea), closes #556
Clear error messages after updating settings successfully (#421) (7eec388), closes #420
Do not send debug on session/whoami (16d3670), closes #483
Document login refresh parameter in swagger (#482) (6b94993)
Embedded video link properly (#514) (962bbc6)
Embedded video link properly (#515) (821ca93)
Enable recovery for quickstart (0ccc651)
Improve grammar of similar password error (#471) (39873bf)
Improvements to Dockerfiles (#552) (6023877):
- expose ory home as volume to simplify passing in own config file
- declare Kratos default ports in Dockerfile
Initialize verification request with correct state (3264ecf), closes #543
Re-add all databases to persister (#527) (b04d178)
Re-add redirect targets for quickstart (3c48ad2)
Reduce docker bloat by ignoring docs and others (ecc555b)
Resolve broken redirect in verify flow (a9ca8fd), closes #436
Respect multiple secrets and fix used flag (#526) (b16c2b8), closes #525
Respect self-service enabled flag (#470) (b198faf), closes #417:

Respects the enabled flag for self-service strategies.

Also a new testhelper function was needed, to defer route registration (because whether strategies are enabled or not is determined only once: at route registration)
Typo accent -> account (984d978)
Use correct brew replacements (fd269b1), closes #423
Write migration tests (#499) (d32413a), closes #481

Code Refactoring

Improve and simplify configuration (#536) (8e7f9f5), closes #432
Move schema packing to pkger (173f9d2)
Move verify fallback to verification (1ce6469)
Rename identity traits schema to identity schema (#557) (949e743), closes #531
Rename prompt=login to refresh=true (#478) (c04346e), closes #477
Replace settings update_successful with state (#488) (ca3b3f4), closes #449
Text errors to text messages (#476) (8106951), closes #428:

This patch implements a better way to deal with text messages by giving them a unique ID, a context, and a default message.

Documentation

Add azure to next docs (e1dd3fa)
Add fixme note for viper workaround (7e3eef6):

See ory/x#169
Add guide for setting up account recovery (bbf3762)
Add guide for setting up email verification (1435cbc)
Add guide for SSO via Google (#424) (5c45b16)
Add new guides to sidebar (24c5cbc)
Added video tutorials to guides (#513) (956731d)
Added youtube manual (#490) (ec232f7)
Connecting Kratos to AzureAD (#433) (7660bcd)
Correct claims.email in github guide (#422) (052a622):

There is no email_primary in claims, and the selfservice strategy is currently using claims.email.
Correct claims.email in github guide (#422) (58f7e15):

There is no email_primary in claims, and the selfservice strategy is currently using claims.email.
Correct link in user-settings (d13317d)
Correct SDK use in quickstart (#480) (dfdf975), closes #430
Correct stray dot (e820f41)
Correct user settings render form (197e246)
Delete old redirect homepage (b6d9244)
Document new account recovery feature (2252a86), closes #436
Document refresh=true for login (#479) (2ab5ead), closes #464
Embedded quickstart video (#491) (ee80346)
Fix broken link (d20816e)
Fix broken link (aa9d3e6)
Fix broken link (#506) (dac8dfd):

The rest api is no longer under sdk but under reference.
Fix broken link (#554) (e80d691)
Fix code sample comment (781a76b)
Fix copy paste errors in code docs (e456a4e)
Fix iframe syntax (#520) (0cb36ca)
Fix typo (#535) (c57d270)
Fix typo in base docs (#503) (6668048)
Fix typo in oauth sign in documentation (#504) (886e24d)
Fix typos (81903a5)
Fix typos (#489) (57a7bc8)
Fix ui url keys everywhere (b75debb)
Fix username example by renaming property and removing format (#508) (4573426)
Fix wording in settings flow graph (e2a0084)
Fixed broken link (#452) (d1ddbd1)
Fixed broken link (#455) (4f3d179)
Fixed broken link (#456) (4b43e99)
Fixed broken link (#460) (7da304c)
Fixed broken link (#461) (c248e4e)
Fixed broken link (#462) (ceacac3)
Fixed broken links (#451) (193a781):

Fixed a few broken links, .md in the url was the problem.
Fixed broken links (#453) (59d00eb)
Fixed broken links (#457) (00ec00d)
Fixed broken links (#458) (f960887)
Fixed broken links (#459) (2749596)
Fixed broken markdown (#474) (22d5be1)
Format guides (407c70f)
Improve grammar and wording (#448) (a19adf3)
Improve grammar, clarify sections, update images (#419) (79019d1)
Make whitelisted_return_to_urls examples an array (#426) (7ed5605), closes #425
Minor fixes (#467) (8d15307)
Move security questions to own document (2b77fba)
Properly annotate forms disabled field (#486) (be1acb3), closes /github.com/ory/kratos/pull/467#discussion_r434764266
Remove rogue slash and fix closing tag (#521) (3fd1076)
Rename redirect page to browser-redirect-flow-completion (ae77d48)
Replace mailhog references with mailslurper (#509) (d0e5a0f)
Run format (2b3f299)
Typo correction in credentials.md (#551) (3b7e104)
Typos and stale links (29fb466)
Typos and stale links (#510) (7557ab8)
Update repository templates (4c89834)
Use central banner repo for README (d1e8a82)
Use shorthand closing tag for Mermaid (f9f2dbc)

Features

Add support for Multitenant Azure AD as an OIDC provider (#434) (a8f1179)
Add tests for defaults (a16fc51)
Add User ID to a header when calling whoami (#530) (183b4d0)
Implement account recovery (#428) (e169a3e), closes #37:

This patch implements the account recovery with endpoints such as "Init Account Recovery", a new config value urls.recovery_ui and so on. A new identity field has been added identity.recovery_addresses containing all recovery addresses.

Additionally, some refactoring was made to DRY code and make naming consistent. As part of dependency upgrades, structured logging has also improved and an audit trail prototype has been added (currently streams to stderr only).

Unclassified

Allow kratos to talk to databases in docker-compose quickstart (#522) (8bf9a1a):

All of the databases must exist on the same docker network to allow the main kratos applications to communicate with them.
Fixed typo (#472) (31263b6)
docs:fixed broken link (#454) (22720c6), closes #454

BREAKING CHANGES

This patch renames the Identity Traits JSON Schema to Identity JSON Schema.

The identity payload has changed from

 {
-  "traits_schema_url": "...",
-  "traits_schema_id": "...",
+  "schema_url": "...",
+  "schema_id": "...",
 }

Additionally, it is now expected that your Identity JSON Schema includes a "traits" key at the root level.

Before (example)

{
  "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Person",
  "type": "object",
  "properties": {
    "email": {
      "type": "string",
      "format": "email",
      "title": "E-Mail",
      "minLength": 3,
      "ory.sh/kratos": {
        "credentials": {
          "password": {
            "identifier": true
          }
        },
        "verification": {
          "via": "email"
        },
        "recovery": {
          "via": "email"
        }
      }
    }
  },
  "required": [
    "email"
  ],
  "additionalProperties": false
}

After (example)

{
  "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Person",
  "type": "object",
  "properties": {
    "traits": {
      "type": "object",
      "properties": {
        "email": {
          "type": "string",
          "format": "email",
          "title": "E-Mail",
          "minLength": 3,
          "ory.sh/kratos": {
            "credentials": {
              "password": {
                "identifier": true
              }
            },
            "verification": {
              "via": "email"
            },
            "recovery": {
              "via": "email"
            }
          }
        }
      },
      "required": [
        "email"
      ],
      "additionalProperties": false
    }
  }
}

You also need to remove the traits key from your ORY Kratos config like this:

 identity:
-   traits:
-     default_schema_url: http://test.kratos.ory.sh/default-identity.schema.json
-     schemas:
-       - id: other
-         url: http://test.kratos.ory.sh/other-identity.schema.json
+   default_schema_url: http://test.kratos.ory.sh/default-identity.schema.json
+   schemas:
+     - id: other
+       url: http://test.kratos.ory.sh/other-identity.schema.json

Do not forget to also update environment variables for the Identity JSON Schema as well if set.

To address these refactorings, the configuration had to be changed and with breaking changes as keys have moved or have been removed.

Hook configuration has also changed. It is no longer required to include hooks such as verification to get verification working. Instead, verification is enabled globally (selfservice.flows.verification.enabled). Also, the redirect hook has been removed as it lead to confusion because there are already default redirect URLs configurable. You will find more information in the details below.

Session Management

-ttl:
-  session: 1h
-security:
-  session:
-    cookie:
-      same_site: Lax
+session:
+  lifespan: 1h
+  cookie_same_site: Lax

Secrets

-secrets:
-  session:
-    - secret-to-encrypt-session-cookies
-    - old-session-cookie-secret-that-has-been-rotated
+secrets:
+  default:
+    # This secret is used as default and will also be used for encrypting e.g. cookies when a dedicated cookie secret (as shown below) is not defined.
+    - default-secret-to-encrypt-stuff
+  cookie:
+    - secret-to-encrypt-session-cookies
+    - old-session-cookie-secret-that-has-been-rotated

URLs

The Base URL configuration has moved to serve.public and serve.admin. They are also no longer required and fall back to defaults based on the machine's hostname, port configuration, and other settings:

-urls:
-  self:
-    public: https://kratos.my-website.com/
-    admin: https://admin.kratos.cluster.localnet/
+serve:
+  public:
+    base_url: https://kratos.my-website.com/
+  admin:
+    base_url: https://admin.kratos.cluster.localnet/

The UI URLs have moved from urls to their respective self-service flows:

-urls:
-  login_ui: http://127.0.0.1:4455/auth/login
-  registration_ui: http://127.0.0.1:4455/auth/registration
-  settings_ui: http://127.0.0.1:4455/settings
-  verify_ui: http://127.0.0.1:4455/verify
-  error_ui: http://127.0.0.1:4455/error
+selfservice:
+  flows:
+    login:
+      ui_url: http://127.0.0.1:4455/auth/login
+    registration:
+      ui_url: http://127.0.0.1:4455/auth/registration
+    settings:
+      ui_url: http://127.0.0.1:4455/settings
+    # please note that `verify` has changed to `verification`!
+    verification:
+      ui_url: http://127.0.0.1:4455/verify
+    error:
+      ui_url: http://127.0.0.1:4455/error

The default redirect URL as well as whitelisted redirect URLs have also changed their location:

-urls:
-  default_return_to: https://self-service/dashboard
-  whitelisted_return_to_urls:
-    - https://self-service/some-other-url
-    - https://example.org/another-url
+selfservice:
+  default_browser_return_url: https://self-service/dashboard
#  Please note that the `to` has been removed (`whitelisted_return_to_urls` -> `whitelisted_return_urls`)
+  whitelisted_return_urls:
+    - https://self-service/some-other-url
+    - https://example.org/another-url

Self-Service Login

selfservice.login has moved to selfservice.flow.login:

 selfservice:
-  login:
+  flows:
+    login:

On top of this change, a few keys under login have changed as well:

 selfservice
   flows:
     login:
+      ui_url: http://127.0.0.1:4455/auth/login
       request_lifespan: 99m
-      before:
-        hooks:
-          - hook: redirect
-            config:
-              default_redirect_url: http://test.kratos.ory.sh:4000/
-              allow_user_defined_redirect: false
+      # The before hooks have been removed because there were no good use cases for them. If
+      # this is a problem for you feel free to open an issue!

     after:
-      default_return_to: https://self-service/login/return_to
+      default_browser_return_url: https://self-service/login/return_to
       password:
-         default_return_to: https://self-service/login/password/return_to
+         default_browser_return_url: https://self-service/login/password/return_to
          hooks:
            - hook: revoke_active_sessions
       oidc:
-         default_return_to: https://self-service/login/podc/return_to
+         default_browser_return_url: https://self-service/login/podc/return_to
          hooks:
            - hook: revoke_active_sessions

Self-Service Registration

selfservice.registration has moved from to selfservice.flow.registration:

 selfservice:
-  registration:
+  flows:
+    registration:

On top of this change, a few keys under registration have changed as well:

 selfservice
   flows:
     registration:
+      ui_url: http://127.0.0.1:4455/auth/registration
       request_lifespan: 99m
-      before:
-        hooks:
-          - hook: redirect
-            config:
-              default_redirect_url: http://test.kratos.ory.sh:4000/
-              allow_user_defined_redirect: false
+      # The before hooks have been removed because there were no good use cases for them. If
+      # this is a problem for you feel free to open an issue!

     after:
-      default_return_to: https://self-service/registration/return_to
+      default_browser_return_url: https://self-service/registration/return_to
       password:
-        default_return_to: https://self-service/registration/password/return_to
+        default_browser_return_url: https://self-service/registration/password/return_to
         hooks:
           - hook: revoke_active_sessions
+          # The verify hook is now executed automatically when verification is turned on.
-          - hook: verify
+          # The redirect hook was confusing as it aborts the registration flow and does not solve redirection on
+          # success. It has thus been removed.
-          - hook: redirect
       oidc:
-        default_return_to: https://self-service/registration/podc/return_to
+        default_browser_return_url: https://self-service/registration/podc/return_to
         hooks:
           - hook: revoke_active_sessions
+          # The verify hook is now executed automatically when verification is turned on.
-          - hook: verify
+          # The redirect hook was confusing as it aborts the registration flow and does not solve redirection on
+          # success. It has thus been removed.
-          - hook: redirect

Self-Service Settings

selfservice.settings has moved from to selfservice.flow.settings:

 selfservice:
-  settings:
+  flows:
+    settings:

On top of this change, a few keys under settings have changed as well:

 selfservice
   flows:
     settings:
+      ui_url: http://127.0.0.1:4455/settings
       request_lifespan: 99m
       privileged_session_max_age: 99m
-      default_return_to: https://self-service/settings/return_to
       after:
+        default_browser_return_url: https://self-service/settings/return_to
+        # The profile/password after hooks have been removed as verification is now executed automatically
+        # when turned on.
-        password:
-          hooks:
-            - hook: verify
-        profile:
-          hooks:
-            - hook: verify

Self-Service Verification

selfservice.verify has moved from to selfservice.flow.verification:

 selfservice:
-  verify:
+  flows:
+    verification:

Instead of configuring verification with hooks and other components, it can now be enabled in a central place. If enabled, a SMTP server must be configured in the courier section. You are still required to mark a field as verifiable in your Identity JSON Schema.

 selfservice:
   flows:
     verification:
+      enabled: true # defaults to true
+      ui_url: http://127.0.0.1:4455/recovery
       request_lifespan: 1m
-      default_return_to: https://self-service/verification/return_to
       after:
+        default_browser_return_url: https://self-service/verification/return_to

Replaces the update_successful field of the settings request with a field called state which can be either show_form or success.
Flows, request methods, form fields have had a key errors to show e.g. validation errors such as ("not an email address", "incorrect username/password", and so on. The errors key is now called messages. Each message now has a type which can be error or info, an id which can be used to translate messages, a text (which was previously errors[*].message). This affects all login, request, settings, and recovery flows and methods.
To refresh a login session it is now required to append refresh=true instead of prompt=login as the second has implications for revoking an existing issue and might be confusing when used in combination with OpenID Connect.
- Applying this patch requires running SQL Migrations.
The field identity.addresses has moved to identity.verifiable_addresses.
Configuration key selfservice.verification.link_lifespan has been merged with selfservice.verification.request_lifespan.

0.3.0-alpha.1 (2020-05-15)

Bug Fixes

Access rules of oathkeeper for quick start (#390) (5ed6d05), closes #389:

To access / as dashboard
Active field should not be required (#401) (aed2a5c), closes ory/sdk#14
Adopt jsonnet in e2e oidc tests (5e518fb)
Detect postgres unique constraint (3a777af)
Fix oidc strategy jsonnet test (f6c48bf)
Improve config validation error message (#414) (d1e6896), closes #413
Reset request id after parse (9550205)
Resolve flaky swagger generation (#416) (ac4acfc)
Resolve regression issues and bugs (e6d5369)
Return correct error on id mismatch (5915f28)
Test and implement mapper_url for jsonnet (40ac3dc)
Transaction usage in the identity persister (#404) (7f5072d)

Code Refactoring

Adopt new request parser (ad16cc9)
Dry config and oidc tests (3e98756)
Improve oidc flows and payloads and add e2e tests (#381) (f9a5079), closes #387:

This patch improves the OpenID Connect login and registration user experience by simplifying the network flows and introduces e2e tests using ORY Hydra.
Move cypress files to test/e2e (df8e627)
Partition files and change creds structure (4f1eb94):

This patch changes the data model of the OpenID Connect strategy. Instead of using an array of providers as the base config item (e.g. {"type":"oidc","config":[{"provider":"google","subject":"..."}]}) the credentials config is now an object with a providers key: {"type":"oidc","config":{"providers":[{"provider":"google","subject":"..."}]}}. This change allows introduction of future changes to the schema without breaking compatibility.
settings: Use common request parser (ad6c402)
Moved scanner json to ory/x (#412) (8a0967d)
Replace oidc jsonschema with jsonnet (2b45e79), closes #380:

This patch replaces the previous methodology of merging OIDC data which used JSON Schema with Extensions and JSON Path in favor of a much easier to use approach with JSONNet.

Documentation

Document account enumeration defenses for oidc (266329c), closes #32
Document new oidc jsonnet mapper (#392) (088b30f)
Document oidc strategy (#415) (9f079f4), closes #409 #124 #32
Explain that form data is merged with oidc data (#394) (b0dbec4), closes #127
Fix links in README (efb6102), closes #403
Improve social sign in guide (#393) (647ced3), closes #49:

This patch changes the social sign in guide to represent more use cases such as Google and Facebook. Additionally, the example has been updated to work with Jsonnet.

This patch also documents limitations around merging user data from GitHub.
Improve the identity data model page (#410) (2915b8f)
Include redirect doc in nav (5aaebff), closes #406
Prepare v0.3.0-alpha.1 (d6a6f43)
Ui should show only active form sections (#395) (4db674d)
Update github templates (#408) (6e646b0)

Features

Add format and lint for JSONNet files (0a1b244):

This patch adds two commands kratos jsonnet format and kratos jsonnet lint that help with formatting and linting JSONNet code.
Implement oidc settings e2e tests (919925c)
Introduce leaklog for debugging oidc map payloads (238d7a4)
Write tests and fix bugs for oidc settings (575a61f)

Unclassified

Format code (bc7557a)

BREAKING CHANGES

If you upgrade and have existing Social Sign In connections, it will no longer be possible to use them to sign in. Because the oidc strategy was undocumented and not officially released we do not provide an upgrade guide. If you run into this issue on a production system you may need to use SQL to change the config of those identities. If this is a real issue for you that you're unable to solve, please create an issue on GitHub.
This is a breaking change as previous OIDC configurations will not work. Please consult the newly written documentation on OpenID Connect to learn how to use OIDC in your login and registration flows. Since the OIDC feature was not publicly broadcasted yet we have chosen not to provide an upgrade path. If you have issues, please reach out on the forums or slack.

0.2.1-alpha.1 (2020-05-05)

Documentation

Fix quickstart hero sections (7c6c439)
Fix typo in upgrade guide (a1b1d7c)

0.2.0-alpha.2 (2020-05-04)

Bug Fixes

Allow setting new password in profile flow (3b5fd5c)
Automatically append multiStatements parameter to mySQL URI (#374) (39f77bb)
Create pop connection without parsed connection options (#366) (10b6481)
Declare proper vars for setting version (#383) (2fc7556)
Decouple quickstart scenarios (#336) (17363b3), closes #262:

Creates several docker compose examples which include various scenarios of the quickstart.

The regular quickstart guide now works without ORY Oathkeeper and uses the standalone mode of the example app instead.

Additionally, the Makefile was improved and now automatically pulls required dependencies in the appropriate version.
Document Schema API and serve over admin endpoint (#299) (4be417c), closes #287
Exempt whomai from csrf protection (#329) (31d4065)
Fix swagger annotation (#331) (5c5c78f):

Closes ory/sdk#10
Move to ory sqa service (#309) (7c244e0)
Properly annotate error API (a6f1300)
Resolve docker build permission issues (f3612e8)
Resolve failing test issues (2e968e5)
Resolve NULL value for seen_at (#259) (a7d1e86), closes #244:

Previously, errorx tests were not executed which caused several bugs.
Revert use host volume mount for sqlite (#272) (#285) (a7477ab):

This reverts commit 230ab2d83f4d187f410e267c6d68554e82514948.
Show log in ui only when unauthenticated or forced (df77310), closes #323
Use semver-regex replacer func (d5c9a47)
Use sqlite tag on make install (2c82784)
docker: Throw away build artifacts (481ec1b)
Remove unused returnTo (e64e5b0)
Resolve linux install script archive naming (#302) (c98b8aa)
Resolve password continuity issues (56a44fa)
Self-service error query parameter name (#308) (be257f5):

The query parameter for the self-service errors endpoint was named id in the API docs, whereas it is the error param that is used by the handler.
Use host volume mount for sqlite (#272) (230ab2d)
Use resilient client for HIBP lookup (#288) (735b435), closes #261
Verified_at field should not be required (#353) (15d5e26):

Closes ory/sdk#11
config: Rename config key stmp to smtp (#278) (ef95811)
session: Regenerate CSRF Token on principal change (#290) (1527ef4), closes #217
session: Whoami endpoint now supports all HTTP methods (#283) (4bf645b), closes #270
sql: Rename migrations with same version (#280) (07e46b9), closes #279
swagger: Move nolint,deadcode instructions to own file (#293) (1935510):

Closes ory/docs#279

Code Refactoring

Move docs to this repository (#317) (aa0d726)
Prepare profile management payloads for credentials (44493f3)
Rename traits method to profile (4f1e033)
Rework hooks and self-service flow completion (#349) (a7c7fef), closes #348 #347 #179 #51 #50 #31:

This patch focuses on refactoring how self-service flows terminate and changes how hooks behave and when they are executed.

Before this patch, it was not clear whether hooks run before or after an identity is persisted. This caused problems with multiple writes on the HTTP ResponseWriter and other bugs.

This patch removes certain hooks from after login, registration, and profile flows. Per default, these flows now respond with an appropriate payload ( redirect for browsers, JSON for API clients) and deprecate the redirect hook. This patch includes documentation which explains how these hooks work now.

Additionally, the documentation was updated. Especially the sections about hooks have been refactored. The login and user registration docs have been updated to reflect the latest changes as well.

Also, some other minor, cosmetic, changes to the documentation have been made.

Documentation

Add banner kratos (8a9dfbb)
Add csrf and cookie debug section (#342) (cac2948), closes #341
Add database connection documentation (#332) (4f9e8b0)
Add HA docs (2e5c591)
Add hook changes to upgrade guide (55b5fe0)
Add info to oidc (#382) (6eeeb5d)
Add more examples to config schema (#372) (ed2ccb9), closes #345
Add quickstart notes for docker debugging (74f082a)
Add settings docs and improve flows (#375) (478cd9c), closes #345
Declare api frontmatter properly (df7591f)
Document 0.2.0 high-level changes (9be1064)
Document multi-tenant set up (891594d), closes #370
Fix broken images in quickstart (52aa4cf)
Fix broken link (bf7843c), closes #327
Fix broken link (c2adc73), closes #327
Fix broken mermaid links (f24fc1b)
Fix spelling in quickstart (#356) (3ce6b4a)
Improve changelog (#384) (a973ca7)
Improve profile section and restructure nav (#373) (3cc0979), closes #345
Regenerate and update changelog (7d4ed98)
Regenerate and update changelog (175b626)
Regenerate and update changelog (e60e2df)
Regenerate and update changelog (41eeb75)
Regenerate and update changelog (468105a)
Regenerate and update changelog (8414520)
Regenerate and update changelog (85d5866)
Regenerate and update changelog (e8d2d10)
Regenerate and update changelog (4c58b6d)
Regenerate and update changelog (a726eb2)
Regenerate and update changelog (87b47ba)
Regenerate and update changelog (537d496)
Regenerate and update changelog (00e6af9)
Regenerate and update changelog (48a2eca)
Regenerate and update changelog (8a71948)
Regenerate and update changelog (ad3d510)
Regenerate and update changelog (48bcc70)
Regenerate and update changelog (816a55c)
Regenerate and update changelog (4ed74d2)
Regenerate and update changelog (367927e)
Regenerate and update changelog (38f4019)
Typo in README.md (#265) (9f865a2)
Update banner url (292c986)
Update forum and chat links (3039191)
Update github templates (#338) (57dbc77)
Update github templates (#343) (eb13dc1)
Update github templates (#350) (faf2f30)
Update github templates (#351) (20ff289)
Update linux install guide (3b8e549)
Update linux install guide (#354) (ec49cae)
Update self service reg docs (#367) (4cf0323), closes /github.com/ory/kratos-selfservice-ui-node/blob/489c76d1b0474ee55ef56804b28f54d8718747ba/src/routes/auth.ts#L28:

The old links pointed at /auth/browser/(login|registration) which seems to be outdated now.
Update user-settings-profile-management.md (#322) (45dc3a5)
Updates issue and pull request templates (#298) (1be738d)
Updates issue and pull request templates (#313) (299063c)
Updates issue and pull request templates (#314) (d5ae452)
Use git checkout in quickstart (#339) (2d2562b), closes #335
concepts: Fix typo (a49184c):

Closes ory/docs#296
concepts: Properly close code tag (1c841c2)
Updates issue and pull request templates (#315) (8b68db1)

Features

Add dsn: memory shorthand (#284) (e66a030), closes #228
Add and test id hint in reauth flow (2298f01), closes #323
Add cypress e2e tests (#334) (abc0e91)
Allow configuring same-site for session cookies (#303) (2eb2054), closes #257:

It is now possible to set SameSite for the session cookie via the key security.session.cookie.same_site.
Enable CockroachDB integration (#260) (adc5153), closes #132 #155
Enable continuity management for settings module (009d755)
Enable updating auth related traits (#266) (65b88ba), closes #243
Implement password profile management flow (a31839a), closes #243
Introduce fallbacks for required configs (#376) (b3bcb25), closes #369 #352
Return 410 when selfservice requests expire (#289) (b414607), closes #235
Send verification emails on profile update (#333) (1cacc80), closes #267
continuity: Implement request continuity (135e047), closes #304 #311:

This patch adds a module which is capable of aborting a request, waiting for another option to complete, and then resuming the request again.

This feature makes use of a temporary cookie which keeps track of the request state.

This feature is required for several workflows that update privileged fields such as passwords, 2fa recovery codes, email addresses.

refactor: rename profile to settings flow

Renames selfservice/profile to settings. The settings flow includes a strategy for managing profile information
login: Forced reauthentication (#248) (344fc9c), closes #243

Unclassified

u (0b6fa48)
Make format (b85e5af)
u (03fa4f0)
u (a3dfd9d)
u (616aa0f)
fix:add graceful shutdown to courier handler (#296) (235d784), closes #296 #295:

Courier would not stop with the provided Background handler. This changes the methods of Courier so that the graceful package can be used in the same way as the http endpoints can be used.
fix(sql) change courier body to text field (#276) (ed5268d), closes #276 #269

BREAKING CHANGES

Please remove the redirect hook from both login, registration, and settings after configuration. Please remove the session hook from your login after configuration. Hooks have moved down a level and are now configured at selfservice.<login|registration|settings>.<after|before>.hooks instead of selfservice.<login|registration|settings>.<after|before>.hooks. Hooks are now identified by hook: instead of job:. Please rename those sections accordingly.
continuity: Several profile-related URLs have and payloads been updated. Please consult the most recent documentation.
The payloads of the Profile Management Request API that previously were set in { "methods": { "traits": { ... } }} have now moved to { "methods": { "profile": { ... } }}.
This patch introduces a refactor that is needed for the profile management API to be capable of handling (password, oidc, ...) credential changes as well.

To implement this, the payloads of the Profile Management Request API that previously were set in {"form": {...} } have now moved to {"methods": { "traits": { ... } }}.

In the future, as more credential updates are handled, there will be additional keys in the forms key {"methods": { "traits": { ... }, "password": { ... } }}.

0.1.1-alpha.1 (2020-02-18)

Bug Fixes

Add verify return to address (#252) (64ab9e5)
Clean up docker quickstart (#255) (7f0996b)
Resolve several verification problems (#253) (30d4632)
Update verify URLs (#258) (5d4f909)

Code Refactoring

Support context-based SQL transactions (#254) (6ace1ee)

Documentation

Regenerate and update changelog (a125822)
Regenerate and update changelog (b3a8220)
Regenerate and update changelog (a141b30)
Regenerate and update changelog (7e12e20)
Regenerate and update changelog (3c1c67b)
Regenerate and update changelog (ee07937)

0.1.0-alpha.6 (2020-02-16)

Bug Fixes

Adapt quickstart to verify changes (#247) (24eceb7)
Gracefully handle selfservice request expiry (#242) (4421e6b), closes #233
Set AuthenticatedAt in session issuer hook (#246) (29c83fa), closes #224
swagger: Sanitize before validate (c72f140)
swagger: Use correct annotations for request methods (#237) (8473c85), closes #234

Code Refactoring

Move to ory/jsonschema/v3 everywhere (#229) (61f5c1d), closes #225

Documentation

Regenerate and update changelog (922cf0f)
Regenerate and update changelog (e097c23)
Regenerate and update changelog (2d1685f)
Regenerate and update changelog (f8964e9)
Regenerate and update changelog (92b8001)
Regenerate and update changelog (d7083ab)
Regenerate and update changelog (c4547dc)
Regenerate and update changelog (d8d8bba)
Regenerate and update changelog (b012ed9)

Features

Add disabled flag to identifier form fields (#238) (a2178bd), closes #227
Add verification to quickstart (#251) (172dc87)
Implement email verification (#245) (eed00f4), closes #27
Improve password validation strategy (#231) (256fad3)

0.1.0-alpha.5 (2020-02-06)

Documentation

Regenerate and update changelog (e87e9c9)
Regenerate and update changelog (d6f0794)
Regenerate and update changelog (eb7326c)

Features

Redirect to new auth session on expired auth sessions (#230) (b477ecd), closes #96

0.1.0-alpha.4 (2020-02-06)

Documentation

Regenerate and update changelog (f02afb3)

0.1.0-alpha.3 (2020-02-06)

No significant changes have been made for this release.

0.1.0-alpha.2 (2020-02-03)

Bug Fixes

daemon: Register error routes on admin port (#226) (decd8d8)
Add paths to sqa middleware (#216) (130c9c2)
Set csrf token on public endpoints (d0b15ae)

Documentation

Introduce upgrade guide (736a3b1)
Prepare ecosystem automation (7013b6c)
Regenerate and update changelog (f39b942)
Regenerate and update changelog (c121601)
Regenerate and update changelog (a947d55)
Regenerate and update changelog (8ba2044)
Regenerate and update changelog (9c023e1)
Regenerate and update changelog (1e855a9)
Regenerate and update changelog (01ce3a8)
Updates issue and pull request templates (#222) (4daae88)

Features

Override semantic config (#220) (9b4214b)

Unclassified

Update CHANGELOG [ci skip] (ce9390c)
refactor!: Improve user-facing error APIs (#219) (7d4054f), closes #219 #204:
This patch refactors user-facing error APIs:
- The /errors endpoint moved to /self-service/errors
- The endpoint is now available at both the Admin and Public API. The Public API requires CSRF Token match or a 403 error will be returned.
- The Public API endpoint no longer returns 404 errors but 403 instead.
- The response payload changed. What was [{"code": ...}] is now {"id": "...", "errors": [{"code": ...}]}
This patch requires running kratos migrate sql as a new column (csrf_token) has been added to the user-facing error store.
Update CHANGELOG [ci skip] (c368a11)

0.1.0-alpha.1 (2020-01-31)

Documentation

Updates issue and pull request templates (#215) (10c45f2)

0.0.3-alpha.15 (2020-01-31)

Unclassified

Update permissions in SQLite Dockerfile (1266e53)

0.0.3-alpha.14 (2020-01-31)

Unclassified

Update README.md (db8d65b)

0.0.3-alpha.13 (2020-01-31)

Unclassified

Allow mounting SQLite in /home/ory/sqlite (#212) (2fe8c0f), closes #212

0.0.3-alpha.11 (2020-01-31)

Unclassified

Clean up cmd and resolve packr2 issues (#211) (2e43ec0), closes #211:

This patch addresses issues with the build pipeline caused by an invalid import. Profiling was also added.
Improve field types (#209) (aeefa93), closes #209
Update CHANGELOG [ci skip] (fc32207)

0.0.3-alpha.10 (2020-01-31)

Unclassified

Update README (35a310d)
Update CHANGELOG [ci skip] (3c98745)
Update CHANGELOG [ci skip] (c1c01df)

0.0.3-alpha.7 (2020-01-30)

Unclassified

Use correct project root in Dockerfile (3528758)
Update CHANGELOG [ci skip] (e78bbbe)

0.0.3-alpha.5 (2020-01-30)

Unclassified

Update CHANGELOG [ci skip] (ebb1744)
Add libmusl to binary output (e9b8445)

0.0.3-alpha.4 (2020-01-30)

Unclassified

Update CHANGELOG [ci skip] (018c229)
Add and use ory docker user (cccbe09)
Update CHANGELOG [ci skip] (0e436e5)
Update goreleaser changelog filters (7e5af97)
Update CHANGELOG [ci skip] (4387503)

0.0.3-alpha.2 (2020-01-30)

Unclassified

Resolve goreleaser build issues (#208) (d59a08a), closes #208

0.0.3-alpha.1 (2020-01-30)

Unclassified

Update CHANGELOG [ci skip] (49e09ea)
Take form field orders from JSON Schema (#205) (a880f0d), closes #205 #176
Update CHANGELOG [ci skip] (ff52bbb)
Adapt quickstart docker compose config (#207) (e532583), closes #207
Update CHANGELOG [ci skip] (7f4800b)
Update CHANGELOG [ci skip] (1b2c3f6)
Rework public and admin fetch strategy (#203) (99aa169), closes #203 #122
Update CHANGELOG [ci skip] (1cea427)
ss/profile: Use request ID as query param everywhere (#202) (ed32b14), closes #202 #190
Update CHANGELOG [ci skip] (a392027)
Update HTTP routes for a consistent API naming (#199) (9ed4bda), closes #199 #195

0.0.1-alpha.9 (2020-01-29)

No significant changes have been made for this release.

0.0.2-alpha.1 (2020-01-29)

Unclassified

Use correct build archive for homebrew (74ac29f)

0.0.1-alpha.6 (2020-01-29)

No significant changes have been made for this release.

0.0.1-alpha.5 (2020-01-29)

Unclassified

Resolve build issues with CGO (#196) (298f4ea), closes #196
ss/password: Make form fields an array (#197) (6cb0058), closes #197 #186

0.0.1-alpha.3 (2020-01-28)

No significant changes have been made for this release.

0.0.1-alpha.2 (2020-01-28)

No significant changes have been made for this release.

0.0.1-alpha.1 (2020-01-28)

Documentation

Present ORY Hive to the world (#107) (7883589)
Updates issue and pull request templates (0441dff)
Updates issue and pull request templates (#174) (ad405e9)
Updates issue and pull request templates (#39) (daf5aa8)
Updates issue and pull request templates (#40) (f5907f3)
Updates issue and pull request templates (#59) (8c5612c)
Updates issue and pull request templates (#7) (a1220ba)
Updates issue and pull request templates (#8) (c56798a)

Unclassified

Inject Identity Traits JSON Schema (3a4c5ad), closes #189
Remove redundant return statement (7c2989f)
ss/oidc: Remove obsolete request field from form (#193) (59671ba), closes #193 #180
Re-introduce migration plans to CLI command (#192) (bb32cd3), closes #131
strategy/oidc: Allow multiple OIDC Connections (#191) (8984831), closes #191 #114
Improve Docker Compose Quickstart (#187) (9459072), closes #187 #188
Fix broken import (308aa13)
selfservice/password: Remove request field and ensure method is set (#183) (e035adc), closes #183
Add tests and fixtures for the config JSON Schema (#171) (ede9c0e), closes #171
Add example values for config JSON Schema (12ba728)
Replace url with uri format in config JSON Schema (68eddef)
Replace number with integer in config JSON Schema (#177) (9eff6fd), closes #177
Improve --dev flag (#167) (9b61ee1), closes #167 #162
Add goreleaser orb task (#170) (5df0def), closes #170
Add changelog generation task (#169) (edd937c), closes #169
Adopt new SDK pipeline (#168) (21d9b6d), closes #168
Add ability to define multiple schemas and serve them over HTTP (#164) (c65119c), closes #86:

All identity traits schemas have to be configured using a human readable ID and the corresponding URL. This PR enables multiple schemas to be used next to the default schema. It also adds the kratos.public/schemas/:id endpoint that mirrors all schemas.
Add docker-compose quickstart (#153) (e096190), closes #153
Update README (#160) (533775b), closes #160
Separate post register/login hooks (#150) (f4b7812), closes #150 #149
Update README badges (4f7838e)
Bump go-acc and resolve test issues (#154) (15b1b63), closes #154 #152 #151:

Due to a bug in go-acc, tests would not run if -tags sqlite was supplied as a go tool argument to go-acc. This patch resolves that issue and also includes several test patches from previous community PRs and some internal test issues.
Add helper for requiring authentication (3888fbd)
Add session destroyer hook (#148) (d17f002), closes #139:

This patch adds a hook that destroys all active session by the identity which is being logged in. This can be useful in scenarios where only one session should be active at any given time.
Add ORY Kratos banner to README (#145) (23b824f), closes #145
Implement message templates and SMTP delivery (#146) (dc674bf), closes #99:

This patch adds a message templates (with override capabilities) and SMTP delivery.

Integration tests using MailHog test fault resilience and e2e email delivery.

This system is designed to be extended for SMS and other use cases.
Replace DBAL layer with gobuffalo/pop (#130) (21d08b8), closes #130:

This is a major refactoring of the internal DBAL. After a successful proof of concept and evaluation of gobuffalo/pop, we believe this to be the best DBAL for Go at the moment. It abstracts a lot of boilerplate code away.

As with all sophisticated DBALs, pop too has its quirks. There are several issues that have been discovered during testing and adoption: gobuffalo/pop#136 gobuffalo/pop#476 gobuffalo/pop#473 gobuffalo/pop#469 gobuffalo/pop#466

However, the upside of moving much of the hard database/sql plumbing into another library cleans up the code base significantly and reduces complexity.

As part of this change, the "ephermal" DBAL ("in memory") will be removed and sqlite will be used instead. This further reduces complexity of the code base and code-duplication.

To support sqlite, CGO is required, which means that we need to run tests with go test -tags sqlite on a machine that has g++ installed. This also means that we need a Docker Image with alpine as opposed to pure scratch. While this is certainly a downside, the upside of less maintenance and "free" support for SQLite, PostgreSQL, MySQL, and CockroachDB simply outweighs any downsides that come with CGO.
Replace local deps with remote ones (8605e45)
ss/profile: Improve success and error flows (9e0015a), closes #112:

This patch completes the profile management flow by implementing proper error and success states and adding several data integrity tests.
Add helpers for go-swagger (165a660):

See go-swagger/go-swagger#2119
Add profile management and refactor internals (3ec9263), closes #112
Update keyword from kratos to ory.sh/kratos (f45cbe0), closes #115
Update sdk generation method (24aa3d7)
Use JSON Schema to type assert form body (#116) (1944c7c), closes #109
Rebrand ORY Hive to ORY Kratos (#111) (ceda7fb), closes #111
Add SQL adapter (#100) (9e7f998), closes #92
Explicitly whitelist form parser keys (#105) (28b056e), closes #98:

Previously the form parser would try to detect the field type by asserting types for the whole form. That caused passwords containing only numbers to fail to unmarshal into a string value.

This patch resolves that issue by introducing a prefix option to the BodyParser
Handle securecookie errors appropriately (#101) (75bf6fe), closes #97:

Previously, IsNotAuthenticated would not handle securecookie errors appropriately. This has been resolved.
Improve migration command (#94) (2b631de)
Mark active field as nullable (#89) (292702d)
Move package to selfservice (063b767):

Because this module is primarily used in selfservice scenarios, it has been moved to the selfservice parent.
Omit request header from login/registration request (#106) (9b07587), closes #95:

When fetching a login and registration request, the HTTP Request Headers must not be included in the response, as they contain irrelevant information for the API caller.
Properly handle empty credentials config in sql (#93) (b79c5d1)
Resolve wrong column reference in sql (#90) (0c0eb87):

Reference ic.method instead of ici.method.

Added regression tests against this particular issue.
Update to ory/x 0.0.80 (#110) (64de2f8):

Removes the need for BindEnv()
Fix broken tests and ci linter issues (#104) (69760fe), closes #104
Update to Go modules 1.13 (1da4d75)
Resolve minor configuration issues and response errors (#85) (a44913b), closes #85
Clean up dead files (#84) (e0c96ef), closes #84
Add health endpoints (#83) (0e936f7), closes #83 #82
Update Dockerfile and related build tools (#80) (d20c701), closes #80
Implement SQL Database adapter (#79) (86d07c4), closes #79 #69
Prevent duplicate signups (#76) (4c88968), closes #76 #46
Contributing 08 10 19 00 52 45 (#74) (43b511f), closes #74
Echo form values from oidc signup (98b1da5), closes #71
Properly decode values in error handler (5eb9088), closes #71
Force path and domain on CSRF cookie (#70) (a80d8b0), closes #70 #68
Require no session when accessing login or sign up (#67) (c0e0da1), closes #67 #63
Reset CSRF token on principal change (#64) (9c889ab), closes #38:

Add tests for logout.
Add tests for selfservice ErrorHandler (#62) (4bb9e70), closes #62
Implement CRUD for identities (#60) (58a3c24), closes #58
Enable Circle CI (#57) (6fb0afd), closes #57 #53
OIDC provider selfservice data enrichment (#56) (936970a), closes #56 #23 #55
Remove local jsonschema module override (cd2a5d8)
Implement identity management, login, and registration (#22) (bf3395e), closes #22
Revert incorrect license changes (fb9740b)
Create FUNDING.yml (3c67ac8)
Initial commit (ab6f24a)

Files

CHANGELOG.md

Latest commit

History

CHANGELOG.md

File metadata and controls

Changelog

Unreleased (2021-05-17)

0.6.3-alpha.1 (2021-05-17)

Bug Fixes

Code Refactoring

BREAKING CHANGES

0.6.2-alpha.1 (2021-05-14)

Documentation

0.6.1-alpha.1 (2021-05-11)

Features

0.6.0-alpha.2 (2021-05-07)

Bug Fixes

Features

0.6.0-alpha.1 (2021-05-05)

Bug Fixes

Code Refactoring

Documentation

Features

Tests

Unclassified

BREAKING CHANGES

0.5.5-alpha.1 (2020-12-09)

Bug Fixes

Documentation

Features

Tests

Unclassified

0.5.4-alpha.1 (2020-11-11)

Bug Fixes

Code Refactoring

Documentation

Features

0.5.3-alpha.1 (2020-10-27)

Bug Fixes

Documentation

Features

Tests

0.5.2-alpha.1 (2020-10-22)

Bug Fixes

Documentation

Tests

0.5.1-alpha.1 (2020-10-20)

Bug Fixes

Documentation

Features

Tests

Unclassified

0.5.0-alpha.1 (2020-10-15)

Bug Fixes

Code Refactoring

Documentation

Features

Tests

Unclassified

BREAKING CHANGES

0.4.6-alpha.1 (2020-07-13)

Bug Fixes

0.4.5-alpha.1 (2020-07-13)

Bug Fixes

0.4.4-alpha.1 (2020-07-10)

Bug Fixes

Documentation

0.4.3-alpha.1 (2020-07-08)

Bug Fixes

0.4.2-alpha.1 (2020-07-08)

Bug Fixes

0.4.0-alpha.1 (2020-07-08)

Bug Fixes

Code Refactoring

Documentation

Features

Unclassified

BREAKING CHANGES

0.3.0-alpha.1 (2020-05-15)