CHANGELOG.md
# Changelog
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
**Table of Contents**
- [0.0.0 (2024-06-13)](#000-2024-06-13)
- [Breaking Changes](#breaking-changes)
- [Bug Fixes](#bug-fixes)
- [Features](#features)
- [Unclassified](#unclassified)
- [2.2.0 (2024-02-12)](#220-2024-02-12)
- [Bug Fixes](#bug-fixes-1)
- [Code Generation](#code-generation)
- [2.2.0-pre.1 (2024-02-01)](#220-pre1-2024-02-01)
- [Bug Fixes](#bug-fixes-2)
- [Code Generation](#code-generation-1)
- [Documentation](#documentation)
- [Features](#features-1)
- [2.2.0-rc.3 (2023-08-16)](#220-rc3-2023-08-16)
- [Bug Fixes](#bug-fixes-3)
- [Code Generation](#code-generation-2)
- [Features](#features-2)
- [2.2.0-pre.0 (2023-06-22)](#220-pre0-2023-06-22)
- [Code Generation](#code-generation-3)
- [Features](#features-3)
- [2.2.0-rc.2 (2023-06-13)](#220-rc2-2023-06-13)
- [Bug Fixes](#bug-fixes-4)
- [Code Generation](#code-generation-4)
- [Features](#features-4)
- [2.2.0-rc.1 (2023-06-12)](#220-rc1-2023-06-12)
- [Breaking Changes](#breaking-changes-1)
- [Bug Fixes](#bug-fixes-5)
- [Code Generation](#code-generation-5)
- [Features](#features-5)
- [Unclassified](#unclassified-1)
- [2.1.2 (2023-05-24)](#212-2023-05-24)
- [Bug Fixes](#bug-fixes-6)
- [Code Generation](#code-generation-6)
- [Documentation](#documentation-1)
- [Features](#features-6)
- [2.1.1 (2023-04-11)](#211-2023-04-11)
- [Bug Fixes](#bug-fixes-7)
- [Code Generation](#code-generation-7)
- [2.1.0 (2023-04-06)](#210-2023-04-06)
- [Bug Fixes](#bug-fixes-8)
- [Code Generation](#code-generation-8)
- [2.1.0-pre.2 (2023-04-03)](#210-pre2-2023-04-03)
- [Code Generation](#code-generation-9)
- [2.1.0-pre.1 (2023-04-03)](#210-pre1-2023-04-03)
- [Code Generation](#code-generation-10)
- [2.1.0-pre.0 (2023-03-31)](#210-pre0-2023-03-31)
- [Bug Fixes](#bug-fixes-9)
- [Code Generation](#code-generation-11)
- [Documentation](#documentation-2)
- [Features](#features-7)
- [2.0.3 (2022-12-08)](#203-2022-12-08)
- [Bug Fixes](#bug-fixes-10)
- [Code Generation](#code-generation-12)
- [Features](#features-8)
- [2.0.2 (2022-11-10)](#202-2022-11-10)
- [Bug Fixes](#bug-fixes-11)
- [Code Generation](#code-generation-13)
- [Documentation](#documentation-3)
- [Features](#features-9)
- [Tests](#tests)
- [2.0.1 (2022-10-27)](#201-2022-10-27)
- [Bug Fixes](#bug-fixes-12)
- [Code Generation](#code-generation-14)
- [Documentation](#documentation-4)
- [2.0.0 (2022-10-27)](#200-2022-10-27)
- [Breaking Changes](#breaking-changes-2)
- [Bug Fixes](#bug-fixes-13)
- [Code Generation](#code-generation-15)
- [Code Refactoring](#code-refactoring)
- [Documentation](#documentation-5)
- [Features](#features-10)
- [Tests](#tests-1)
- [Unclassified](#unclassified-2)
- [1.11.10 (2022-08-25)](#11110-2022-08-25)
- [Bug Fixes](#bug-fixes-14)
- [Code Generation](#code-generation-16)
- [1.11.9 (2022-08-01)](#1119-2022-08-01)
- [Bug Fixes](#bug-fixes-15)
- [Code Generation](#code-generation-17)
- [Documentation](#documentation-6)
- [Features](#features-11)
- [1.11.8 (2022-05-04)](#1118-2022-05-04)
- [Bug Fixes](#bug-fixes-16)
- [Code Generation](#code-generation-18)
- [Documentation](#documentation-7)
- [Features](#features-12)
- [Tests](#tests-2)
- [1.11.7 (2022-02-23)](#1117-2022-02-23)
- [Code Generation](#code-generation-19)
- [1.11.6 (2022-02-23)](#1116-2022-02-23)
- [Bug Fixes](#bug-fixes-17)
- [Code Generation](#code-generation-20)
- [1.11.5 (2022-02-21)](#1115-2022-02-21)
- [Bug Fixes](#bug-fixes-18)
- [Code Generation](#code-generation-21)
- [1.11.4 (2022-02-16)](#1114-2022-02-16)
- [Bug Fixes](#bug-fixes-19)
- [Code Generation](#code-generation-22)
- [1.11.3 (2022-02-15)](#1113-2022-02-15)
- [Bug Fixes](#bug-fixes-20)
- [Code Generation](#code-generation-23)
- [1.11.2 (2022-02-11)](#1112-2022-02-11)
- [Code Generation](#code-generation-24)
- [1.11.1 (2022-02-11)](#1111-2022-02-11)
- [Bug Fixes](#bug-fixes-21)
- [Code Generation](#code-generation-25)
- [Code Refactoring](#code-refactoring-1)
- [Documentation](#documentation-8)
- [1.11.0 (2022-01-21)](#1110-2022-01-21)
- [Breaking Changes](#breaking-changes-3)
- [Bug Fixes](#bug-fixes-22)
- [Code Generation](#code-generation-26)
- [Documentation](#documentation-9)
- [Features](#features-13)
- [1.10.7 (2021-10-27)](#1107-2021-10-27)
- [Breaking Changes](#breaking-changes-4)
- [Bug Fixes](#bug-fixes-23)
- [Code Generation](#code-generation-27)
- [Code Refactoring](#code-refactoring-2)
- [Documentation](#documentation-10)
- [Features](#features-14)
- [1.10.6 (2021-08-28)](#1106-2021-08-28)
- [Bug Fixes](#bug-fixes-24)
- [Code Generation](#code-generation-28)
- [Documentation](#documentation-11)
- [1.10.5 (2021-08-13)](#1105-2021-08-13)
- [Bug Fixes](#bug-fixes-25)
- [Code Generation](#code-generation-29)
- [Documentation](#documentation-12)
- [Features](#features-15)
- [1.10.3 (2021-07-14)](#1103-2021-07-14)
- [Bug Fixes](#bug-fixes-26)
- [Code Generation](#code-generation-30)
- [Code Refactoring](#code-refactoring-3)
- [Documentation](#documentation-13)
- [Features](#features-16)
- [1.10.2 (2021-05-04)](#1102-2021-05-04)
- [Breaking Changes](#breaking-changes-5)
- [Bug Fixes](#bug-fixes-27)
- [Code Generation](#code-generation-31)
- [Code Refactoring](#code-refactoring-4)
- [Documentation](#documentation-14)
- [Features](#features-17)
- [1.10.1 (2021-03-25)](#1101-2021-03-25)
- [Bug Fixes](#bug-fixes-28)
- [Code Generation](#code-generation-32)
- [Documentation](#documentation-15)
- [Features](#features-18)
- [Tests](#tests-3)
- [Unclassified](#unclassified-3)
- [1.9.2 (2021-01-29)](#192-2021-01-29)
- [Code Generation](#code-generation-33)
- [Features](#features-19)
- [1.9.1 (2021-01-27)](#191-2021-01-27)
- [Code Generation](#code-generation-34)
- [Documentation](#documentation-16)
- [1.9.0 (2021-01-12)](#190-2021-01-12)
- [Code Generation](#code-generation-35)
- [1.9.0-rc.0 (2021-01-12)](#190-rc0-2021-01-12)
- [Code Generation](#code-generation-36)
- [1.9.0-alpha.4.pre.0 (2021-01-12)](#190-alpha4pre0-2021-01-12)
- [Bug Fixes](#bug-fixes-29)
- [Code Generation](#code-generation-37)
- [Documentation](#documentation-17)
- [1.9.0-alpha.3 (2020-12-08)](#190-alpha3-2020-12-08)
- [Breaking Changes](#breaking-changes-6)
- [Bug Fixes](#bug-fixes-30)
- [Code Generation](#code-generation-38)
- [Code Refactoring](#code-refactoring-5)
- [Documentation](#documentation-18)
- [Features](#features-20)
- [Tests](#tests-4)
- [Unclassified](#unclassified-4)
- [1.9.0-alpha.2 (2020-10-29)](#190-alpha2-2020-10-29)
- [Bug Fixes](#bug-fixes-31)
- [Code Generation](#code-generation-39)
- [Documentation](#documentation-19)
- [Features](#features-21)
- [Tests](#tests-5)
- [1.9.0-alpha.1 (2020-10-20)](#190-alpha1-2020-10-20)
- [Bug Fixes](#bug-fixes-32)
- [Code Generation](#code-generation-40)
- [Code Refactoring](#code-refactoring-6)
- [Documentation](#documentation-20)
- [Features](#features-22)
- [Tests](#tests-6)
- [1.8.5 (2020-10-03)](#185-2020-10-03)
- [Code Generation](#code-generation-41)
- [1.8.0-pre.1 (2020-10-03)](#180-pre1-2020-10-03)
- [Bug Fixes](#bug-fixes-33)
- [Code Generation](#code-generation-42)
- [Features](#features-23)
- [1.8.0-pre.0 (2020-10-02)](#180-pre0-2020-10-02)
- [Breaking Changes](#breaking-changes-7)
- [Bug Fixes](#bug-fixes-34)
- [Code Generation](#code-generation-43)
- [Documentation](#documentation-21)
- [Features](#features-24)
- [1.7.4 (2020-08-31)](#174-2020-08-31)
- [Bug Fixes](#bug-fixes-35)
- [Code Generation](#code-generation-44)
- [1.7.3 (2020-08-31)](#173-2020-08-31)
- [Code Generation](#code-generation-45)
- [1.7.1 (2020-08-31)](#171-2020-08-31)
- [Breaking Changes](#breaking-changes-8)
- [Bug Fixes](#bug-fixes-36)
- [Code Generation](#code-generation-46)
- [Code Refactoring](#code-refactoring-7)
- [Documentation](#documentation-22)
- [Features](#features-25)
- [Unclassified](#unclassified-5)
- [1.7.0 (2020-08-14)](#170-2020-08-14)
- [Breaking Changes](#breaking-changes-9)
- [Bug Fixes](#bug-fixes-37)
- [Code Generation](#code-generation-47)
- [Code Refactoring](#code-refactoring-8)
- [Documentation](#documentation-23)
- [Features](#features-26)
- [Unclassified](#unclassified-6)
- [1.6.0 (2020-07-20)](#160-2020-07-20)
- [Bug Fixes](#bug-fixes-38)
- [Code Generation](#code-generation-48)
- [Documentation](#documentation-24)
- [Unclassified](#unclassified-7)
- [1.5.2 (2020-06-23)](#152-2020-06-23)
- [Bug Fixes](#bug-fixes-39)
- [Code Generation](#code-generation-49)
- [Features](#features-27)
- [1.5.1 (2020-06-16)](#151-2020-06-16)
- [Code Generation](#code-generation-50)
- [1.5.0 (2020-06-16)](#150-2020-06-16)
- [Bug Fixes](#bug-fixes-40)
- [Chores](#chores)
- [Documentation](#documentation-25)
- [Features](#features-28)
- [Unclassified](#unclassified-8)
- [1.5.0-beta.5 (2020-05-28)](#150-beta5-2020-05-28)
- [Bug Fixes](#bug-fixes-41)
- [Chores](#chores-1)
- [Documentation](#documentation-26)
- [Features](#features-29)
- [1.5.0-beta.3 (2020-05-23)](#150-beta3-2020-05-23)
- [Chores](#chores-2)
- [1.5.0-beta.2 (2020-05-23)](#150-beta2-2020-05-23)
- [Bug Fixes](#bug-fixes-42)
- [Chores](#chores-3)
- [Code Refactoring](#code-refactoring-9)
- [Documentation](#documentation-27)
- [1.5.0-beta.1 (2020-04-30)](#150-beta1-2020-04-30)
- [Breaking Changes](#breaking-changes-10)
- [Chores](#chores-4)
- [Code Refactoring](#code-refactoring-10)
- [1.4.10 (2020-04-30)](#1410-2020-04-30)
- [Bug Fixes](#bug-fixes-43)
- [Chores](#chores-5)
- [Documentation](#documentation-28)
- [Unclassified](#unclassified-9)
- [1.4.9 (2020-04-25)](#149-2020-04-25)
- [Bug Fixes](#bug-fixes-44)
- [Chores](#chores-6)
- [1.4.8 (2020-04-24)](#148-2020-04-24)
- [Bug Fixes](#bug-fixes-45)
- [Chores](#chores-7)
- [Documentation](#documentation-29)
- [Features](#features-30)
- [1.4.7 (2020-04-24)](#147-2020-04-24)
- [Bug Fixes](#bug-fixes-46)
- [Chores](#chores-8)
- [Documentation](#documentation-30)
- [1.4.6 (2020-04-17)](#146-2020-04-17)
- [Bug Fixes](#bug-fixes-47)
- [Documentation](#documentation-31)
- [1.4.5 (2020-04-16)](#145-2020-04-16)
- [Bug Fixes](#bug-fixes-48)
- [Documentation](#documentation-32)
- [1.4.3 (2020-04-16)](#143-2020-04-16)
- [Bug Fixes](#bug-fixes-49)
- [Code Refactoring](#code-refactoring-11)
- [Documentation](#documentation-33)
- [Features](#features-31)
- [1.4.2 (2020-04-03)](#142-2020-04-03)
- [Chores](#chores-9)
- [Documentation](#documentation-34)
- [1.4.1 (2020-04-02)](#141-2020-04-02)
- [Bug Fixes](#bug-fixes-50)
- [1.4.0 (2020-04-02)](#140-2020-04-02)
- [GHSA-3p3g-vpw6-4w66](#ghsa-3p3g-vpw6-4w66)
- [Impact](#impact)
- [Severity](#severity)
- [Patches](#patches)
- [Workarounds](#workarounds)
- [References](#references)
- [Upstream](#upstream)
- [Breaking Changes](#breaking-changes-11)
- [GHSA-3p3g-vpw6-4w66](#ghsa-3p3g-vpw6-4w66-1)
- [Impact](#impact-1)
- [Severity](#severity-1)
- [Patches](#patches-1)
- [Workarounds](#workarounds-1)
- [References](#references-1)
- [Upstream](#upstream-1)
- [Bug Fixes](#bug-fixes-51)
- [Code Refactoring](#code-refactoring-12)
- [Documentation](#documentation-35)
- [Features](#features-32)
- [Unclassified](#unclassified-10)
- [1.3.2 (2020-02-17)](#132-2020-02-17)
- [Bug Fixes](#bug-fixes-52)
- [Chores](#chores-10)
- [Documentation](#documentation-36)
- [1.3.1 (2020-02-16)](#131-2020-02-16)
- [Continuous Integration](#continuous-integration)
- [1.3.0 (2020-02-14)](#130-2020-02-14)
- [Bug Fixes](#bug-fixes-53)
- [Documentation](#documentation-37)
- [Features](#features-33)
- [Unclassified](#unclassified-11)
- [1.2.3 (2020-01-31)](#123-2020-01-31)
- [Unclassified](#unclassified-12)
- [1.2.2 (2020-01-23)](#122-2020-01-23)
- [Documentation](#documentation-38)
- [Unclassified](#unclassified-13)
- [1.2.1 (2020-01-15)](#121-2020-01-15)
- [Unclassified](#unclassified-14)
- [1.2.0 (2020-01-08)](#120-2020-01-08)
- [Unclassified](#unclassified-15)
- [1.2.0-alpha.3 (2020-01-08)](#120-alpha3-2020-01-08)
- [Unclassified](#unclassified-16)
- [1.2.0-alpha.2 (2020-01-08)](#120-alpha2-2020-01-08)
- [Continuous Integration](#continuous-integration-1)
- [1.2.0-alpha.1 (2020-01-07)](#120-alpha1-2020-01-07)
- [Documentation](#documentation-39)
- [Unclassified](#unclassified-17)
- [1.1.1 (2019-12-19)](#111-2019-12-19)
- [Documentation](#documentation-40)
- [Unclassified](#unclassified-18)
- [1.1.0 (2019-12-16)](#110-2019-12-16)
- [Documentation](#documentation-41)
- [Unclassified](#unclassified-19)
- [1.0.9 (2019-11-02)](#109-2019-11-02)
- [Documentation](#documentation-42)
- [Unclassified](#unclassified-20)
- [1.0.8 (2019-10-04)](#108-2019-10-04)
- [Unclassified](#unclassified-21)
- [1.0.7 (2019-09-29)](#107-2019-09-29)
- [Continuous Integration](#continuous-integration-2)
- [1.0.6 (2019-09-29)](#106-2019-09-29)
- [Continuous Integration](#continuous-integration-3)
- [1.0.5 (2019-09-28)](#105-2019-09-28)
- [Continuous Integration](#continuous-integration-4)
- [1.0.4 (2019-09-26)](#104-2019-09-26)
- [Unclassified](#unclassified-22)
- [1.0.3 (2019-09-23)](#103-2019-09-23)
- [Unclassified](#unclassified-23)
- [1.0.2 (2019-09-18)](#102-2019-09-18)
- [Unclassified](#unclassified-24)
- [1.0.1 (2019-09-04)](#101-2019-09-04)
- [Documentation](#documentation-43)
- [Unclassified](#unclassified-25)
- [1.0.0 (2019-06-24)](#100-2019-06-24)
- [Documentation](#documentation-44)
- [Unclassified](#unclassified-26)
- [1.0.0-rc.16 (2019-06-13)](#100-rc16-2019-06-13)
- [Documentation](#documentation-45)
- [Unclassified](#unclassified-27)
- [1.0.0-rc.15 (2019-06-05)](#100-rc15-2019-06-05)
- [Documentation](#documentation-46)
- [Unclassified](#unclassified-28)
- [1.0.0-rc.14 (2019-05-18)](#100-rc14-2019-05-18)
- [Continuous Integration](#continuous-integration-5)
- [Documentation](#documentation-47)
- [Unclassified](#unclassified-29)
- [1.0.0-rc.12 (2019-05-10)](#100-rc12-2019-05-10)
- [Unclassified](#unclassified-30)
- [0.0.1 (2019-05-08)](#001-2019-05-08)
- [Documentation](#documentation-48)
- [Unclassified](#unclassified-31)
- [1.0.0-rc.11 (2019-05-02)](#100-rc11-2019-05-02)
- [Documentation](#documentation-49)
- [Unclassified](#unclassified-32)
- [1.0.0-rc.10 (2019-04-29)](#100-rc10-2019-04-29)
- [Documentation](#documentation-50)
- [Unclassified](#unclassified-33)
- [1.0.0-rc.9+oryOS.10 (2019-04-18)](#100-rc9oryos10-2019-04-18)
- [Documentation](#documentation-51)
- [Unclassified](#unclassified-34)
- [1.0.0-rc.8+oryOS.10 (2019-04-03)](#100-rc8oryos10-2019-04-03)
- [Continuous Integration](#continuous-integration-6)
- [Documentation](#documentation-52)
- [1.0.0-rc.7+oryOS.10 (2019-04-02)](#100-rc7oryos10-2019-04-02)
- [Continuous Integration](#continuous-integration-7)
- [Documentation](#documentation-53)
- [Unclassified](#unclassified-35)
- [1.0.0-rc.6+oryOS.10 (2018-12-18)](#100-rc6oryos10-2018-12-18)
- [Documentation](#documentation-54)
- [Unclassified](#unclassified-36)
- [1.0.0-rc.5+oryOS.10 (2018-12-13)](#100-rc5oryos10-2018-12-13)
- [Documentation](#documentation-55)
- [Unclassified](#unclassified-37)
- [1.0.0-rc.4+oryOS.9 (2018-12-12)](#100-rc4oryos9-2018-12-12)
- [Documentation](#documentation-56)
- [Unclassified](#unclassified-38)
- [1.0.0-rc.3+oryOS.9 (2018-12-06)](#100-rc3oryos9-2018-12-06)
- [Documentation](#documentation-57)
- [Unclassified](#unclassified-39)
- [1.0.0-rc.2+oryOS.9 (2018-11-21)](#100-rc2oryos9-2018-11-21)
- [Documentation](#documentation-58)
- [Unclassified](#unclassified-40)
- [1.0.0-rc.1+oryOS.9 (2018-11-21)](#100-rc1oryos9-2018-11-21)
- [Build System](#build-system)
- [Documentation](#documentation-59)
- [Unclassified](#unclassified-41)
- [1.0.0-beta.9 (2018-09-01)](#100-beta9-2018-09-01)
- [Documentation](#documentation-60)
- [Unclassified](#unclassified-42)
- [1.0.0-beta.8 (2018-08-10)](#100-beta8-2018-08-10)
- [Documentation](#documentation-61)
- [Unclassified](#unclassified-43)
- [1.0.0-beta.7 (2018-07-16)](#100-beta7-2018-07-16)
- [Documentation](#documentation-62)
- [Unclassified](#unclassified-44)
- [1.0.0-beta.6 (2018-07-11)](#100-beta6-2018-07-11)
- [Documentation](#documentation-63)
- [Unclassified](#unclassified-45)
- [1.0.0-beta.5 (2018-07-07)](#100-beta5-2018-07-07)
- [Documentation](#documentation-64)
- [Unclassified](#unclassified-46)
- [1.0.0-beta.4 (2018-06-13)](#100-beta4-2018-06-13)
- [Documentation](#documentation-65)
- [1.0.0-beta.3 (2018-06-13)](#100-beta3-2018-06-13)
- [Continuous Integration](#continuous-integration-8)
- [Documentation](#documentation-66)
- [Unclassified](#unclassified-47)
- [1.0.0-beta.2 (2018-05-29)](#100-beta2-2018-05-29)
- [Continuous Integration](#continuous-integration-9)
- [1.0.0-beta.1 (2018-05-29)](#100-beta1-2018-05-29)
- [Build System](#build-system-1)
- [Documentation](#documentation-67)
- [Unclassified](#unclassified-48)
- [0.11.10 (2018-03-19)](#01110-2018-03-19)
- [Documentation](#documentation-68)
- [Unclassified](#unclassified-49)
- [0.11.12 (2018-04-08)](#01112-2018-04-08)
- [Documentation](#documentation-69)
- [Unclassified](#unclassified-50)
- [0.11.9 (2018-03-10)](#0119-2018-03-10)
- [Unclassified](#unclassified-51)
- [0.11.7 (2018-03-03)](#0117-2018-03-03)
- [Unclassified](#unclassified-52)
- [0.11.6 (2018-02-07)](#0116-2018-02-07)
- [Unclassified](#unclassified-53)
- [0.11.10 (2018-03-19)](#01110-2018-03-19-1)
- [Documentation](#documentation-70)
- [Unclassified](#unclassified-54)
- [0.11.9 (2018-03-10)](#0119-2018-03-10-1)
- [Unclassified](#unclassified-55)
- [0.11.7 (2018-03-03)](#0117-2018-03-03-1)
- [Unclassified](#unclassified-56)
- [0.11.6 (2018-02-07)](#0116-2018-02-07-1)
- [Unclassified](#unclassified-57)
- [0.11.4 (2018-01-23)](#0114-2018-01-23)
- [Documentation](#documentation-71)
- [0.11.3 (2018-01-23)](#0113-2018-01-23)
- [Documentation](#documentation-72)
- [Unclassified](#unclassified-58)
- [0.11.2 (2018-01-22)](#0112-2018-01-22)
- [Unclassified](#unclassified-59)
- [0.11.1 (2018-01-18)](#0111-2018-01-18)
- [Unclassified](#unclassified-60)
- [0.11.0 (2018-01-08)](#0110-2018-01-08)
- [Documentation](#documentation-73)
- [Unclassified](#unclassified-61)
- [0.10.10 (2017-12-16)](#01010-2017-12-16)
- [Documentation](#documentation-74)
- [Unclassified](#unclassified-62)
- [0.10.9 (2017-12-13)](#0109-2017-12-13)
- [Documentation](#documentation-75)
- [Unclassified](#unclassified-63)
- [0.10.8 (2017-12-12)](#0108-2017-12-12)
- [Documentation](#documentation-76)
- [Unclassified](#unclassified-64)
- [0.10.7 (2017-12-09)](#0107-2017-12-09)
- [Documentation](#documentation-77)
- [Unclassified](#unclassified-65)
- [0.10.6 (2017-12-09)](#0106-2017-12-09)
- [Unclassified](#unclassified-66)
- [0.10.5 (2017-12-09)](#0105-2017-12-09)
- [Documentation](#documentation-78)
- [Unclassified](#unclassified-67)
- [0.10.4 (2017-12-09)](#0104-2017-12-09)
- [Documentation](#documentation-79)
- [Unclassified](#unclassified-68)
- [0.10.3 (2017-12-08)](#0103-2017-12-08)
- [Documentation](#documentation-80)
- [0.10.2 (2017-12-08)](#0102-2017-12-08)
- [Continuous Integration](#continuous-integration-10)
- [0.10.1 (2017-12-08)](#0101-2017-12-08)
- [Continuous Integration](#continuous-integration-11)
- [0.10.0 (2017-12-08)](#0100-2017-12-08)
- [Continuous Integration](#continuous-integration-12)
- [Documentation](#documentation-81)
- [Unclassified](#unclassified-69)
- [0.10.0-alpha.21 (2017-11-27)](#0100-alpha21-2017-11-27)
- [Unclassified](#unclassified-70)
- [0.10.0-alpha.20 (2017-11-26)](#0100-alpha20-2017-11-26)
- [Unclassified](#unclassified-71)
- [0.10.0-alpha.19 (2017-11-26)](#0100-alpha19-2017-11-26)
- [Documentation](#documentation-82)
- [Unclassified](#unclassified-72)
- [0.10.0-alpha.18 (2017-11-06)](#0100-alpha18-2017-11-06)
- [Continuous Integration](#continuous-integration-13)
- [0.10.0-alpha.17 (2017-11-06)](#0100-alpha17-2017-11-06)
- [Continuous Integration](#continuous-integration-14)
- [0.10.0-alpha.16 (2017-11-06)](#0100-alpha16-2017-11-06)
- [Continuous Integration](#continuous-integration-15)
- [Documentation](#documentation-83)
- [Unclassified](#unclassified-73)
- [0.10.0-alpha.15 (2017-11-06)](#0100-alpha15-2017-11-06)
- [Unclassified](#unclassified-74)
- [0.10.0-alpha.14 (2017-11-06)](#0100-alpha14-2017-11-06)
- [Unclassified](#unclassified-75)
- [0.10.0-alpha.13 (2017-11-06)](#0100-alpha13-2017-11-06)
- [Unclassified](#unclassified-76)
- [0.10.0-alpha.12 (2017-11-06)](#0100-alpha12-2017-11-06)
- [Documentation](#documentation-84)
- [Unclassified](#unclassified-77)
- [0.10.0-alpha.10 (2017-10-26)](#0100-alpha10-2017-10-26)
- [Continuous Integration](#continuous-integration-16)
- [Documentation](#documentation-85)
- [0.10.0-alpha.9 (2017-10-25)](#0100-alpha9-2017-10-25)
- [Documentation](#documentation-86)
- [Unclassified](#unclassified-78)
- [0.10.0-alpha.8 (2017-10-18)](#0100-alpha8-2017-10-18)
- [Documentation](#documentation-87)
- [Unclassified](#unclassified-79)
- [0.9.14 (2017-10-06)](#0914-2017-10-06)
- [Documentation](#documentation-88)
- [Unclassified](#unclassified-80)
- [0.10.0-alpha.7 (2017-10-06)](#0100-alpha7-2017-10-06)
- [Unclassified](#unclassified-81)
- [0.10.0-alpha.6 (2017-10-05)](#0100-alpha6-2017-10-05)
- [Unclassified](#unclassified-82)
- [0.10.0-alpha.5 (2017-10-05)](#0100-alpha5-2017-10-05)
- [Unclassified](#unclassified-83)
- [0.10.0-alpha.4 (2017-10-05)](#0100-alpha4-2017-10-05)
- [Unclassified](#unclassified-84)
- [0.10.0-alpha.3 (2017-10-05)](#0100-alpha3-2017-10-05)
- [Unclassified](#unclassified-85)
- [0.10.0-alpha.2 (2017-10-05)](#0100-alpha2-2017-10-05)
- [Documentation](#documentation-89)
- [Unclassified](#unclassified-86)
- [0.10.0-alpha.1 (2017-10-05)](#0100-alpha1-2017-10-05)
- [Documentation](#documentation-90)
- [Unclassified](#unclassified-87)
- [0.9.13 (2017-09-26)](#0913-2017-09-26)
- [Documentation](#documentation-91)
- [Unclassified](#unclassified-88)
- [0.9.12 (2017-07-06)](#0912-2017-07-06)
- [Documentation](#documentation-92)
- [Unclassified](#unclassified-89)
- [0.9.11 (2017-06-30)](#0911-2017-06-30)
- [Documentation](#documentation-93)
- [Unclassified](#unclassified-90)
- [0.9.10 (2017-06-29)](#0910-2017-06-29)
- [Documentation](#documentation-94)
- [Unclassified](#unclassified-91)
- [0.9.9 (2017-06-17)](#099-2017-06-17)
- [Unclassified](#unclassified-92)
- [0.9.8 (2017-06-17)](#098-2017-06-17)
- [Documentation](#documentation-95)
- [Unclassified](#unclassified-93)
- [0.9.7 (2017-06-16)](#097-2017-06-16)
- [Documentation](#documentation-96)
- [Unclassified](#unclassified-94)
- [0.9.6 (2017-06-15)](#096-2017-06-15)
- [Unclassified](#unclassified-95)
- [0.9.5 (2017-06-15)](#095-2017-06-15)
- [Unclassified](#unclassified-96)
- [0.9.4 (2017-06-14)](#094-2017-06-14)
- [Documentation](#documentation-97)
- [Unclassified](#unclassified-97)
- [0.9.3 (2017-06-14)](#093-2017-06-14)
- [Documentation](#documentation-98)
- [Unclassified](#unclassified-98)
- [0.9.2 (2017-06-13)](#092-2017-06-13)
- [Unclassified](#unclassified-99)
- [0.9.1 (2017-06-12)](#091-2017-06-12)
- [Unclassified](#unclassified-100)
- [0.9.0 (2017-06-07)](#090-2017-06-07)
- [Documentation](#documentation-99)
- [Unclassified](#unclassified-101)
- [0.8.7 (2017-06-05)](#087-2017-06-05)
- [Unclassified](#unclassified-102)
- [0.8.6 (2017-06-05)](#086-2017-06-05)
- [Documentation](#documentation-100)
- [Unclassified](#unclassified-103)
- [0.8.5 (2017-06-01)](#085-2017-06-01)
- [Unclassified](#unclassified-104)
- [0.8.4 (2017-05-24)](#084-2017-05-24)
- [Documentation](#documentation-101)
- [Unclassified](#unclassified-105)
- [0.8.3 (2017-05-23)](#083-2017-05-23)
- [Documentation](#documentation-102)
- [Unclassified](#unclassified-106)
- [0.8.2 (2017-05-10)](#082-2017-05-10)
- [Unclassified](#unclassified-107)
- [0.8.1 (2017-05-08)](#081-2017-05-08)
- [Continuous Integration](#continuous-integration-17)
- [0.8.0 (2017-05-07)](#080-2017-05-07)
- [Continuous Integration](#continuous-integration-18)
- [Documentation](#documentation-103)
- [Unclassified](#unclassified-108)
- [0.7.13 (2017-05-03)](#0713-2017-05-03)
- [Documentation](#documentation-104)
- [Unclassified](#unclassified-109)
- [0.7.12 (2017-04-30)](#0712-2017-04-30)
- [Unclassified](#unclassified-110)
- [0.7.11 (2017-04-28)](#0711-2017-04-28)
- [Unclassified](#unclassified-111)
- [0.7.10 (2017-04-14)](#0710-2017-04-14)
- [Documentation](#documentation-105)
- [Unclassified](#unclassified-112)
- [0.7.9 (2017-04-02)](#079-2017-04-02)
- [Unclassified](#unclassified-113)
- [0.7.8 (2017-03-24)](#078-2017-03-24)
- [Documentation](#documentation-106)
- [Unclassified](#unclassified-114)
- [0.7.7 (2017-02-11)](#077-2017-02-11)
- [Unclassified](#unclassified-115)
- [0.7.6 (2017-02-11)](#076-2017-02-11)
- [Unclassified](#unclassified-116)
- [0.7.3 (2017-01-22)](#073-2017-01-22)
- [Unclassified](#unclassified-117)
- [0.7.2 (2017-01-02)](#072-2017-01-02)
- [Unclassified](#unclassified-118)
- [0.7.1 (2016-12-30)](#071-2016-12-30)
- [Unclassified](#unclassified-119)
- [0.7.0 (2016-12-30)](#070-2016-12-30)
- [Documentation](#documentation-107)
- [Unclassified](#unclassified-120)
- [0.6.10 (2016-12-26)](#0610-2016-12-26)
- [Unclassified](#unclassified-121)
- [0.6.9 (2016-12-20)](#069-2016-12-20)
- [Documentation](#documentation-108)
- [Unclassified](#unclassified-122)
- [0.6.8 (2016-12-06)](#068-2016-12-06)
- [Unclassified](#unclassified-123)
- [0.6.7 (2016-12-04)](#067-2016-12-04)
- [Unclassified](#unclassified-124)
- [0.6.6 (2016-12-04)](#066-2016-12-04)
- [Documentation](#documentation-109)
- [Unclassified](#unclassified-125)
- [0.6.5 (2016-11-28)](#065-2016-11-28)
- [Unclassified](#unclassified-126)
- [0.6.4 (2016-11-22)](#064-2016-11-22)
- [Unclassified](#unclassified-127)
- [0.6.3 (2016-11-17)](#063-2016-11-17)
- [Documentation](#documentation-110)
- [Unclassified](#unclassified-128)
- [0.6.2 (2016-11-05)](#062-2016-11-05)
- [Unclassified](#unclassified-129)
- [0.6.1 (2016-10-26)](#061-2016-10-26)
- [Documentation](#documentation-111)
- [Unclassified](#unclassified-130)
- [0.6.0 (2016-10-25)](#060-2016-10-25)
- [Unclassified](#unclassified-131)
- [0.5.8 (2016-10-06)](#058-2016-10-06)
- [Unclassified](#unclassified-132)
- [0.5.7 (2016-10-04)](#057-2016-10-04)
- [Unclassified](#unclassified-133)
- [0.5.6 (2016-10-03)](#056-2016-10-03)
- [Unclassified](#unclassified-134)
- [0.5.5 (2016-09-29)](#055-2016-09-29)
- [Unclassified](#unclassified-135)
- [0.5.4 (2016-09-29)](#054-2016-09-29)
- [Unclassified](#unclassified-136)
- [0.5.3 (2016-09-29)](#053-2016-09-29)
- [Documentation](#documentation-112)
- [Unclassified](#unclassified-137)
- [0.5.2 (2016-09-23)](#052-2016-09-23)
- [Unclassified](#unclassified-138)
- [0.5.1 (2016-09-22)](#051-2016-09-22)
- [Documentation](#documentation-113)
- [Unclassified](#unclassified-139)
- [0.4.3 (2016-09-03)](#043-2016-09-03)
- [Unclassified](#unclassified-140)
- [0.4.2-alpha.3 (2016-09-02)](#042-alpha3-2016-09-02)
- [Unclassified](#unclassified-141)
- [0.4.2-alpha.2 (2016-09-01)](#042-alpha2-2016-09-01)
- [Unclassified](#unclassified-142)
- [0.4.2-alpha.1 (2016-09-01)](#042-alpha1-2016-09-01)
- [Unclassified](#unclassified-143)
- [0.4.2-alpha (2016-09-01)](#042-alpha-2016-09-01)
- [Documentation](#documentation-114)
- [Unclassified](#unclassified-144)
- [0.4.1 (2016-08-18)](#041-2016-08-18)
- [Unclassified](#unclassified-145)
- [0.3.1 (2016-08-17)](#031-2016-08-17)
- [Documentation](#documentation-115)
- [Unclassified](#unclassified-146)
- [0.3.0 (2016-08-09)](#030-2016-08-09)
- [Unclassified](#unclassified-147)
- [0.2.0 (2016-08-09)](#020-2016-08-09)
- [Documentation](#documentation-116)
- [Unclassified](#unclassified-148)
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
# [0.0.0](https://github.com/ory/hydra/compare/v2.2.0...v0.0.0) (2024-06-13)
## Breaking Changes
Deleting consents no longer returns 404 in certain edge cases but instead always 204.
### Bug Fixes
* Correctly pass multiple token audiences and prompt parameters when performing the authorization code flow from the CLI ([#3736](https://github.com/ory/hydra/issues/3736)) ([632faef](https://github.com/ory/hydra/commit/632faef15228c2d0a2caedfc3d7c6a3782c2e131))
* Do not iteratively delete records ([#3766](https://github.com/ory/hydra/issues/3766)) ([5ef20a2](https://github.com/ory/hydra/commit/5ef20a2a2bc91ccde79517667ae4bf4a36c833ba)):
Resolves performance issues on some databases when deleting consent.
* Do not retry sending responses ([#3764](https://github.com/ory/hydra/issues/3764)) ([1bbfdb5](https://github.com/ory/hydra/commit/1bbfdb56e55525c5bc0526726fa901cf10af59e4))
* Error log when RP responds with status code 204 ([#3731](https://github.com/ory/hydra/issues/3731)) ([153e4b5](https://github.com/ory/hydra/commit/153e4b56e6de645ee44e4e7833c32a3890e43c54))
* Incorrect indices ([#3778](https://github.com/ory/hydra/issues/3778)) ([cb0004b](https://github.com/ory/hydra/commit/cb0004b67b2818b3bca397e98c1bb5bcbb62296f))
* Upgrade fosite and improve webhook integration ([#3727](https://github.com/ory/hydra/issues/3727)) ([89323e2](https://github.com/ory/hydra/commit/89323e24de470c2b0f3037e0cf8f99bc4373d4fd))
* Wrap authorize response in transaction ([#3763](https://github.com/ory/hydra/issues/3763)) ([5b106aa](https://github.com/ory/hydra/commit/5b106aadb0e71add56e3cc68e5a9e33cdb81dd39))
* Wrap token handler in transaction ([#3730](https://github.com/ory/hydra/issues/3730)) ([67a85cc](https://github.com/ory/hydra/commit/67a85cc799b5c6ef278db93aba131e695fd761e9))
### Features
* Add access token strategy parameter to cli ([#3718](https://github.com/ory/hydra/issues/3718)) ([7862dc3](https://github.com/ory/hydra/commit/7862dc337aba2899bdb945e94eb79d3ab3509202)), closes [#3717](https://github.com/ory/hydra/issues/3717)
* Add id parameter to create oauth2-client cli ([#3725](https://github.com/ory/hydra/issues/3725)) ([b372fd2](https://github.com/ory/hydra/commit/b372fd20169156efd7c34710f823e0c5b5dbf183)):
Fixes https://github.com/ory/hydra/issues/3724
* Add Inspect option to registry ([2013450](https://github.com/ory/hydra/commit/2013450a9a55af26523554c3aa01fc5243573f2c))
* Improve persistence logic ([#3756](https://github.com/ory/hydra/issues/3756)) ([50301e0](https://github.com/ory/hydra/commit/50301e0022ca64c9d0823544c7b664309620c70e))
### Unclassified
* update doc example for get oauth2-client ([5e70cde](https://github.com/ory/hydra/commit/5e70cde872f74758e22e89466c5b41e54d475533))
# [2.2.0](https://github.com/ory/hydra/compare/v2.2.0-pre.1...v2.2.0) (2024-02-12)
Ory Hydra, the OAuth2 and OpenID Connect server designed for web-scale deployments introduces its most advanced update with version 2.2!
Want to check out Ory Hydra yourself? Try common OAuth2 flows in the [Ory OAuth2 Get Started guide](https://www.ory.sh/docs/getting-started/ory-network-oauth2)!
This version significantly enhances performance, supporting six times more authorization flows than version 2.1, thanks to architectural improvements that minimize database interactions for login and consent processes.
Key improvements include:
- Enhanced integration with Ory Kratos, ensuring seamless synchronization of login and logout states across both services. Users logged out from Ory Hydra will automatically log out from Ory Kratos, enhancing security and user experience.
- The ability to bypass the logout consent screen for specific clients, streamlining the logout process.
- Simplified migration with the new feature to import OAuth2 Client IDs, making the transition to Ory Hydra smoother.
- Support for the OIDC Verifiable Credentials specification, expanding the server's capabilities in identity verification.
Thank all contributors who have made this release available!
### Bug Fixes
* Return empty slice if requested_scope or audience is null ([#3711](https://github.com/ory/hydra/issues/3711)) ([65165e7](https://github.com/ory/hydra/commit/65165e77718b37ee720a493f2fb6be20e6b04af6))
### Code Generation
* Pin v2.2.0 release commit ([57096be](https://github.com/ory/hydra/commit/57096be9befbde4a1436ef48338d253a248c91c4))
# [2.2.0-pre.1](https://github.com/ory/hydra/compare/v2.2.0-rc.3...v2.2.0-pre.1) (2024-02-01)
autogen: pin v2.2.0-pre.1 release commit
### Bug Fixes
* Correct id token type in token exchange response ([#3625](https://github.com/ory/hydra/issues/3625)) ([d1f9ba8](https://github.com/ory/hydra/commit/d1f9ba8edee45323e1f13dcf9c67eefbd524dc81)):
Closes https://github.com/ory/client-go/issues/2
* Dropped persistence/sql test errors ([#3670](https://github.com/ory/hydra/issues/3670)) ([22f0119](https://github.com/ory/hydra/commit/22f0119ad300c1e09c03e966a3d3411e57db444f))
* Handle logout double-submit gracefully ([#3675](https://github.com/ory/hydra/issues/3675)) ([5133cf9](https://github.com/ory/hydra/commit/5133cf972ecfca18d7799c00a7afeae6a4386fbf))
* Handle subject mismatch gracefully ([#3619](https://github.com/ory/hydra/issues/3619)) ([af0d477](https://github.com/ory/hydra/commit/af0d477e0eb1e336b01fa8d1321e9dce098c82a8)):
We now redirect to the original request URL if the subjects between
the remembered Hydra session and what was confirmed by the login
screen does not match.
* Handle token hook auth config ([#3677](https://github.com/ory/hydra/issues/3677)) ([1a40833](https://github.com/ory/hydra/commit/1a40833e2c87c98541d053f7c54b38f791dbb448)):
* fix: handle token hook auth config
* fix: bump golangci-lint
* Improved SSRF protection ([#3669](https://github.com/ory/hydra/issues/3669)) ([24c3be5](https://github.com/ory/hydra/commit/24c3be574a11a76e69f09a24754f20cf644b624c))
* Incorrect down migration ([#3708](https://github.com/ory/hydra/issues/3708)) ([8812e0e](https://github.com/ory/hydra/commit/8812e0e67b1f192de4ab6819c8f2bb98e6a5b7a7)), closes [/github.com/ory/hydra/pull/3705#discussion_r1471514014](https://github.com//github.com/ory/hydra/pull/3705/issues/discussion_r1471514014)
* Remove required mark ([#3693](https://github.com/ory/hydra/issues/3693)) ([3a764a0](https://github.com/ory/hydra/commit/3a764a053a3d7eab698668cf63d387ea76c1db40))
* Timeout in jwt-bearer grants when too many grants are available ([#3692](https://github.com/ory/hydra/issues/3692)) ([a748797](https://github.com/ory/hydra/commit/a748797761f5503b048df1b57bcc406f16cd40a3))
* Verifiable credentials JWT format ([#3614](https://github.com/ory/hydra/issues/3614)) ([0176adc](https://github.com/ory/hydra/commit/0176adc17848ab1dd021910ea31202dbdcd51737))
### Code Generation
* Pin v2.2.0-pre.1 release commit ([8168ee3](https://github.com/ory/hydra/commit/8168ee31161784b8a5e686a9a2c42f323e40b7bf))
### Documentation
* Fix typo ([#3649](https://github.com/ory/hydra/issues/3649)) ([f0501d2](https://github.com/ory/hydra/commit/f0501d2cd7f30c550cc07f6f583118efc9f12a5f))
### Features
* Add --skip-logout-consent flag to CLI ([#3709](https://github.com/ory/hydra/issues/3709)) ([f502d6e](https://github.com/ory/hydra/commit/f502d6e38747986cca2ce42b0854f194e85ed103))
* Add authentication options to hooks ([#3633](https://github.com/ory/hydra/issues/3633)) ([5c8e792](https://github.com/ory/hydra/commit/5c8e7923ed22f6d231ca748bb76e4261a87afb08))
* Add flag to export public keys ([#3684](https://github.com/ory/hydra/issues/3684)) ([62c006b](https://github.com/ory/hydra/commit/62c006b916351e7f74fb00e0006ea112801143d7))
* Add missing index for jwk table ([#3691](https://github.com/ory/hydra/issues/3691)) ([39ee5e1](https://github.com/ory/hydra/commit/39ee5e1f0cfa7fae5c4f9e1663a930cb5b8c2bc9))
* Add prompt=registration ([#3636](https://github.com/ory/hydra/issues/3636)) ([19857d2](https://github.com/ory/hydra/commit/19857d20b1d7d3b918de5388f17076de0660a6be)):
Ory Hydra now supports a `registration` value for the `prompt` parameter of
the authorization request. When specifying `prompt=registration`, Ory Hydra
will redirect the user to the URL found under `urls.registration`
(instead of `urls.login`).
* Add skip_logout_consent option to clients ([#3705](https://github.com/ory/hydra/issues/3705)) ([2a653e6](https://github.com/ory/hydra/commit/2a653e66803ddb03de02d981dbc8ea57b2ac0936)):
Adds a special field which disables the logout consent screen when performing OIDC logout.
* Allow injecting extra fosite strategies ([#3646](https://github.com/ory/hydra/issues/3646)) ([88b0b7c](https://github.com/ory/hydra/commit/88b0b7cfdf1a1968bf3a720cb2e6640451e2956b))
* Re-enable legacy client IDs ([#3628](https://github.com/ory/hydra/issues/3628)) ([5dd7d30](https://github.com/ory/hydra/commit/5dd7d306ba8181b1fff1225d056a2ee69183392e)):
This patch changes the primary key of the `hydra_client` table. We do not expect issues, as that table is probably not overly huge in any deployment. We do however highly recommend to test the migration performance on a staging environment with a similar database setup.
* Remove flow cookie ([#3639](https://github.com/ory/hydra/issues/3639)) ([cde3a30](https://github.com/ory/hydra/commit/cde3a30a92bc30cf072763503e9780a79ba44e43)):
This patch removes the flow cookie. All information is already tracked in the request query parameters as part of the {login|consent}_{challenge|verifier}.
* Remove login session cookie during consent flow ([#3667](https://github.com/ory/hydra/issues/3667)) ([5f41949](https://github.com/ory/hydra/commit/5f41949ad209c90d114dc427bd6ccde5e08f05da))
* Support multiple token URLs ([#3676](https://github.com/ory/hydra/issues/3676)) ([95cc273](https://github.com/ory/hydra/commit/95cc2735ed18374cc01d625c66417e42b600778d))
# [2.2.0-rc.3](https://github.com/ory/hydra/compare/v2.2.0-pre.0...v2.2.0-rc.3) (2023-08-16)
Introduces logout compatibility with Ory Kratos.
### Bug Fixes
* Add exceptions for internal IP addresses ([#3608](https://github.com/ory/hydra/issues/3608)) ([1f1121c](https://github.com/ory/hydra/commit/1f1121caef6dd2c99c2ab551bfeb82e3cd2d8cf2))
* Add kid to verifiable credential header ([#3606](https://github.com/ory/hydra/issues/3606)) ([9f1c8d1](https://github.com/ory/hydra/commit/9f1c8d192004e0e7d7f5c3383d4dd1df222dec81))
* Deflake ttl test ([6741a49](https://github.com/ory/hydra/commit/6741a49f7b4d55a270f3eb968921894b1e5f2989))
* Docker build ([#3609](https://github.com/ory/hydra/issues/3609)) ([01ff9da](https://github.com/ory/hydra/commit/01ff9da87e231a3cef8933c16a28ed425daa3355))
* Enable CORS with hot-reloaded origins ([#3601](https://github.com/ory/hydra/issues/3601)) ([6f592fc](https://github.com/ory/hydra/commit/6f592fc8425887fb403516cbb03838b63f85f87e))
* Only query access tokens by hashed signature ([a21e945](https://github.com/ory/hydra/commit/a21e94519416cc7801995b0804696348b18fa844))
* Racy random string generation ([#3555](https://github.com/ory/hydra/issues/3555)) ([1b26c4c](https://github.com/ory/hydra/commit/1b26c4cb96400b333fe214d2da892fc045bbc69f))
* Reject invalid JWKS in client configuration / dependency cleanup and bump ([#3603](https://github.com/ory/hydra/issues/3603)) ([1d73d83](https://github.com/ory/hydra/commit/1d73d83eb03e4ceef6edb4bd0738959007053118))
* Restore ability to override auth and token urls for exemplary app ([#3590](https://github.com/ory/hydra/issues/3590)) ([dfb129a](https://github.com/ory/hydra/commit/dfb129a5b7c8ae01e1c490fce1a127697abc7bee))
* Return proper error when the grant request cannot be parsed ([#3558](https://github.com/ory/hydra/issues/3558)) ([26f2d34](https://github.com/ory/hydra/commit/26f2d34459f55444e880e6e27e081c002d630246))
* Use correct tracer in middleware ([#3567](https://github.com/ory/hydra/issues/3567)) ([807cbd2](https://github.com/ory/hydra/commit/807cbd209af376b9b2d18c278cc927d1c43e6865))
### Code Generation
* Pin v2.2.0-rc.3 release commit ([ad8a4ba](https://github.com/ory/hydra/commit/ad8a4bab63b352c0b259a97d7b3f23247b0238b1))
### Features
* Add `hydra migrate status` subcommand ([#3579](https://github.com/ory/hydra/issues/3579)) ([749eb8d](https://github.com/ory/hydra/commit/749eb8db40fb8b2d6333d917fac6c25b6e5574ef))
* Add more resolution to events and collect client metrics ([#3568](https://github.com/ory/hydra/issues/3568)) ([466e66b](https://github.com/ory/hydra/commit/466e66bd1df7bf589c5a74ad5be399b1eaa80d9b))
* Add state override ([b8b9154](https://github.com/ory/hydra/commit/b8b9154077963492dad3ed0350a4d93d09a95602))
* Add support for OIDC VC ([#3575](https://github.com/ory/hydra/issues/3575)) ([219a7c0](https://github.com/ory/hydra/commit/219a7c068fa0ec423923f157553f430c80934c45)):
This adds initial support for issuing verifiable credentials
as specified in https://openid.net/specs/openid-connect-userinfo-vc-1_0.html.
Because the spec is still in draft, public identifiers are
suffixed with `draft_00`.
* Allow additional SQL migrations ([#3587](https://github.com/ory/hydra/issues/3587)) ([8900cbb](https://github.com/ory/hydra/commit/8900cbb770d6f39a5c3322fce488675ca6d0138a))
* Allow Go migrations ([#3602](https://github.com/ory/hydra/issues/3602)) ([8eed306](https://github.com/ory/hydra/commit/8eed306800fa330a1cda752dbb11ddf09faf25ad))
* Allow to disable claim mirroring ([#3563](https://github.com/ory/hydra/issues/3563)) ([c72a316](https://github.com/ory/hydra/commit/c72a31641ee79f090a2ac1b64a276be58312b2ee)):
This PR introduces another config option called `oauth2:mirror_top_level_claims` which may be used to disable the mirroring of custom claims into the `ext` claim of the jwt.
This new config option is an opt-in. If unused the behavior remains as-is to ensure backwards compatibility.
Example:
```yaml
oauth2:
allowed_top_level_claims:
- test_claim
mirror_top_level_claims: false # -> this will prevent test_claim to be mirrored within ext
```
Closes https://github.com/ory/hydra/issues/3348
* Bump fosite and add some more tracing ([0b56f53](https://github.com/ory/hydra/commit/0b56f53a491e165f68a53f013989328ce86928ba))
* **cmd:** Add route that redirects to the auth code url ([4db6416](https://github.com/ory/hydra/commit/4db64161699e4301c003b2787baecae22c912c17))
* Parallel generation of JSON web key set ([#3561](https://github.com/ory/hydra/issues/3561)) ([5bd9002](https://github.com/ory/hydra/commit/5bd9002db7baa2fe2c2529fee38825d66a68991f))
* Propagate logout to identity provider ([#3596](https://github.com/ory/hydra/issues/3596)) ([c004fee](https://github.com/ory/hydra/commit/c004fee69497a5a0f8af5ccb6a2ab8d104fd9249)):
* feat: propagate logout to identity provider
This commit improves the integration between Hydra and Kratos when logging
out the user.
This adds a new configuration key for configuring a Kratos admin URL.
Additionally, Kratos can send a session ID when accepting a login request.
If a session ID was specified and a Kratos admin URL was configured,
Hydra will disable the corresponding Kratos session through the admin API
if a frontchannel or backchannel logout was triggered.
* fix: add special case for MySQL
* chore: update sdk
* chore: consistent naming
* fix: cleanup persister
* Support different jwt scope claim strategies ([#3531](https://github.com/ory/hydra/issues/3531)) ([45da11e](https://github.com/ory/hydra/commit/45da11e4fb4f0a2f939f11682c095b8dbfcddb78))
# [2.2.0-pre.0](https://github.com/ory/hydra/compare/v2.2.0-rc.2...v2.2.0-pre.0) (2023-06-22)
Test release
### Code Generation
* Pin v2.2.0-pre.0 release commit ([116c1e8](https://github.com/ory/hydra/commit/116c1e89c423eebc333e2a9ff3e582090c5798a5))
### Features
* Add distroless docker image ([#3539](https://github.com/ory/hydra/issues/3539)) ([c1e1a56](https://github.com/ory/hydra/commit/c1e1a569621d88365dceee7372ca49ecd119f939))
* Add event tracing ([#3546](https://github.com/ory/hydra/issues/3546)) ([44ed0ac](https://github.com/ory/hydra/commit/44ed0ac89558bd83513e5240e8c937c908514d76))
# [2.2.0-rc.2](https://github.com/ory/hydra/compare/v2.2.0-rc.1...v2.2.0-rc.2) (2023-06-13)
This release optimizes the performance of authorization code grant flows by minimizing the number of database queries. We acheive this by storing the flow in an AEAD-encoded cookie and AEAD-encoded request parameters for the authentication and consent screens.
BREAKING CHANGE:
* The client that is used as part of the authorization grant flow is stored in the AEAD-encoding. Therefore, running flows will not observe updates to the client after they were started.
* Because the login and consent challenge values now include the AEAD-encoded flow, their size increased to around 1kB for a flow without any metadata (and increases linearly with the amount of metadata). Please adjust your ingress / gateway accordingly.
### Bug Fixes
* Version clash in apk install ([24ebdd3](https://github.com/ory/hydra/commit/24ebdd3feb302f655000a243dad032b04cf25afc))
### Code Generation
* Pin v2.2.0-rc.2 release commit ([b183040](https://github.com/ory/hydra/commit/b183040a0d6c33abd4db01eb21a1bb0e141ea9ec))
### Features
* Hot-reload Oauth2 CORS settings ([#3537](https://github.com/ory/hydra/issues/3537)) ([a8ecf80](https://github.com/ory/hydra/commit/a8ecf807b2c6bfa6cc2d8b474f527a2fda12daef))
* Sqa metrics v2 ([#3533](https://github.com/ory/hydra/issues/3533)) ([3ec683d](https://github.com/ory/hydra/commit/3ec683d7cf582443f29bd93c4c88392b3ce692a4))
# [2.2.0-rc.1](https://github.com/ory/hydra/compare/v2.1.2...v2.2.0-rc.1) (2023-06-12)
This release optimizes the performance of authorization code grant flows by minimizing the number of database queries. We acheive this by storing the flow in an AEAD-encoded cookie and AEAD-encoded request parameters for the authentication and consent screens.
BREAKING CHANGE:
* The client that is used as part of the authorization grant flow is stored in the AEAD-encoding. Therefore, running flows will not observe updates to the client after they were started.
* Because the login and consent challenge values now include the AEAD-encoded flow, their size increased to around 1kB for a flow without any metadata (and increases linearly with the amount of metadata). Please adjust your ingress / gateway accordingly.
## Breaking Changes
* The client that is used as part of the authorization grant flow is stored in the AEAD-encoding. Therefore, running flows will not observe updates to the client after they were started.
* Because the login and consent challenge values now include the AEAD-encoded flow, their size increased to around 1kB for a flow without any metadata (and increases linearly with the amount of metadata). Please adjust your ingress / gateway accordingly.
### Bug Fixes
* Cockroach migration error when hydra upgrades v2 ([#3536](https://github.com/ory/hydra/issues/3536)) ([be6e005](https://github.com/ory/hydra/commit/be6e005e8eb245d3844eba133d1f78f9e21b0d0d)):
Referring to issue https://github.com/ory/hydra/issues/3535 this PR is
intended to fix the Cockroach migration bug when upgrading Hydra from
v1.11.10 to v2.
### Code Generation
* Pin v2.2.0-rc.1 release commit ([262ebbb](https://github.com/ory/hydra/commit/262ebbb5a7a585a26117a8c0fba6c257fc97b7b4))
### Features
* Add metrics to disabled access log ([#3526](https://github.com/ory/hydra/issues/3526)) ([fc7af90](https://github.com/ory/hydra/commit/fc7af904407b27d1b5c0e5e62f82fd81ab81ecb2))
* Stateless authorization code flow ([#3515](https://github.com/ory/hydra/issues/3515)) ([f29fe3a](https://github.com/ory/hydra/commit/f29fe3af97fb72061f2d6d7a2fc454cea5e870e9)):
This patch optimizes the performance of authorization code grant flows by minimizing the number of database queries. We acheive this by storing the flow in an AEAD-encoded cookie and AEAD-encoded request parameters for the authentication and consent screens.
### Unclassified
* Revert "fix: cockroach migration error when hydra upgrades v2 (#3536)" (#3542) ([4d8622f](https://github.com/ory/hydra/commit/4d8622fedcd54308c2e3a402a54f9f6eb751c9ce)), closes [#3536](https://github.com/ory/hydra/issues/3536) [#3542](https://github.com/ory/hydra/issues/3542):
This reverts commit be6e005e8eb245d3844eba133d1f78f9e21b0d0d.
# [2.1.2](https://github.com/ory/hydra/compare/v2.1.1...v2.1.2) (2023-05-24)
We are excited to announce the next Ory Hydra release! This release includes the following important changes:
- Fixed a memory leak in the OpenTelemetry implementation, improving overall memory usage and stability.
- Added a missing index for faster janitor cleanup, resulting in quicker and more efficient cleanup operations.
- Fixed a bug related to SameSite in dev mode, ensuring proper functionality and consistency in handling SameSite attributes during development.
We appreciate your continuous support and feedback. Please feel free to reach out to us with any further suggestions or issues.
### Bug Fixes
* Add index on requested_at for refresh tokens and use it in janitor ([#3516](https://github.com/ory/hydra/issues/3516)) ([5b8e712](https://github.com/ory/hydra/commit/5b8e7121c49a0dfed6312b599a617e692f324fdb))
* Disable health check request logs ([#3496](https://github.com/ory/hydra/issues/3496)) ([eddf7f3](https://github.com/ory/hydra/commit/eddf7f3867e8977e58d09681c583e99bca503448))
* Do not use prepared SQL statements and bump deps ([#3506](https://github.com/ory/hydra/issues/3506)) ([31b9e66](https://github.com/ory/hydra/commit/31b9e663b183f8244d86ddd1ae9f55267e190a69))
* Proper SameSite=None in dev mode ([#3502](https://github.com/ory/hydra/issues/3502)) ([5751fae](https://github.com/ory/hydra/commit/5751fae7b37a2692ad484c785356e702928f1b9b))
* Sqa config values unified across projects ([#3490](https://github.com/ory/hydra/issues/3490)) ([1b1899e](https://github.com/ory/hydra/commit/1b1899e9472fecfbdeb07f5e99c27713b82478e5))
* **sql:** Incorrect JWK query ([#3499](https://github.com/ory/hydra/issues/3499)) ([13ce0d6](https://github.com/ory/hydra/commit/13ce0d6f39febed83c6b1e10b45b0be2ed75a415)):
`persister_grant_jwk` had an OR statement without bracket leading to not using the last part of the query.
### Code Generation
* Pin v2.1.2 release commit ([d94ed6e](https://github.com/ory/hydra/commit/d94ed6e4486ee270d8903e6e9376134931a742d9))
### Documentation
* Incorrect json output format example ([#3497](https://github.com/ory/hydra/issues/3497)) ([b71a36b](https://github.com/ory/hydra/commit/b71a36bf5c063a719a9e31ff348af594d87dc794))
### Features
* Add --skip-consent flag to hydra cli ([#3492](https://github.com/ory/hydra/issues/3492)) ([083d518](https://github.com/ory/hydra/commit/083d518cf51240c8977f0d9226897a9886cfbb50))
# [2.1.1](https://github.com/ory/hydra/compare/v2.1.0...v2.1.1) (2023-04-11)
Resolve a regression in looking up access and refresh tokens.
### Bug Fixes
* Double-hashed access token signatures ([#3486](https://github.com/ory/hydra/issues/3486)) ([8720b25](https://github.com/ory/hydra/commit/8720b250b92b49c651d87f6e727beda31c227dfe)), closes [#3485](https://github.com/ory/hydra/issues/3485)
### Code Generation
* Pin v2.1.1 release commit ([6efae7c](https://github.com/ory/hydra/commit/6efae7cfa7430cecaa145e2e71958699a2394115))
# [2.1.0](https://github.com/ory/hydra/compare/v2.1.0-pre.2...v2.1.0) (2023-04-06)
We are excited to share this year's Q1 release of Ory Hydra: v2.1.0!
Highlights:
* Support for Datadog tracing (#3431).
* Ability to skip consent for trusted clients (#3451).
* Setting access token type in the OAuth2 Client is now possible (#3446).
* Revoke login sessions by SessionID (#3450).
* Session lifespan extended on session refresh (#3464).
* Token request hooks added for all grant types (#3427).
* Reduced SQL tracing noise (#3481).
Don't want to run the upgrade yourself? Switch to [Ory Network](https://console.ory.sh/registration?flow=d1ae4761-3493-4dd9-b0ce-3200916b38aa)!
### Bug Fixes
* Reduce SQL tracing noise ([#3481](https://github.com/ory/hydra/issues/3481)) ([6e1f545](https://github.com/ory/hydra/commit/6e1f5454be3ff00b0016e3d72b121701ccd23625))
### Code Generation
* Pin v2.1.0 release commit ([3649832](https://github.com/ory/hydra/commit/3649832421bff09b5e4c172b37dc61027dac0869))
# [2.1.0-pre.2](https://github.com/ory/hydra/compare/v2.1.0-pre.1...v2.1.0-pre.2) (2023-04-03)
autogen: pin v2.1.0-pre.2 release commit
### Code Generation
* Pin v2.1.0-pre.2 release commit ([3b1d87e](https://github.com/ory/hydra/commit/3b1d87e3a16dd4b4b55725c5c78eb062fefc8f2f))
# [2.1.0-pre.1](https://github.com/ory/hydra/compare/v2.1.0-pre.0...v2.1.0-pre.1) (2023-04-03)
autogen: pin v2.1.0-pre.1 release commit
### Code Generation
* Pin v2.1.0-pre.1 release commit ([2289e6b](https://github.com/ory/hydra/commit/2289e6b8159becde96b31fc99aa2a218631d70ea))
# [2.1.0-pre.0](https://github.com/ory/hydra/compare/v2.0.3...v2.1.0-pre.0) (2023-03-31)
autogen: pin v2.1.0-pre.0 release commit
### Bug Fixes
* Append /v2 to module path ([f56e5fa](https://github.com/ory/hydra/commit/f56e5fad74632c1f0c5f3768a0de8465f351a533))
* Broken OIDC compliance images ([#3454](https://github.com/ory/hydra/issues/3454)) ([50bc1b4](https://github.com/ory/hydra/commit/50bc1b4267045a19845816af295b638179be9c2c))
* Clean up unused code ([488f930](https://github.com/ory/hydra/commit/488f930e4f2c39386b1c1ff68dd60d1aaf968cb9))
* Ensure RSA key length fullfills 4096bit requirement ([#2905](https://github.com/ory/hydra/issues/2905)) ([#3402](https://github.com/ory/hydra/issues/3402)) ([a663927](https://github.com/ory/hydra/commit/a6639277fcdee7ee2101bc6e40ab7facd7265d54))
* Migration typo ([#3453](https://github.com/ory/hydra/issues/3453)) ([ed27c10](https://github.com/ory/hydra/commit/ed27c1016fe8f8fea5a99a0e2203552c3bdc0ab3))
* No longer use separate public and private keys in HSM key manager ([#3401](https://github.com/ory/hydra/issues/3401)) ([375bd5a](https://github.com/ory/hydra/commit/375bd5a69c0ece3aea0714ab7374ff8d09672c10))
* Pin nancy ([0156556](https://github.com/ory/hydra/commit/0156556bb35278fcbc416b02504bc04511c468a7))
* Release issue ([115da11](https://github.com/ory/hydra/commit/115da11930ed3723c53a1334eca47fd5ab6160ac))
* Support allowed_cors_origins with client_secret_post ([#3457](https://github.com/ory/hydra/issues/3457)) ([ffe4943](https://github.com/ory/hydra/commit/ffe49430e31eee98ace65e829be5db3188c8fd4b)), closes [#3456](https://github.com/ory/hydra/issues/3456)
* Use correct default value ([#3469](https://github.com/ory/hydra/issues/3469)) ([2796d53](https://github.com/ory/hydra/commit/2796d53798c3a2fa36738fe40d287f93480f08d7)), closes [#3420](https://github.com/ory/hydra/issues/3420)
### Code Generation
* Pin v2.1.0-pre.0 release commit ([61f342c](https://github.com/ory/hydra/commit/61f342c2d9f266774885cf1242db796cb671ecad))
### Documentation
* Update security email ([#3465](https://github.com/ory/hydra/issues/3465)) ([751c8e8](https://github.com/ory/hydra/commit/751c8e8a2f7393c52cd395e899b8852595f8682a))
### Features
* Add ability to revoke login sessions by SessionID ([#3450](https://github.com/ory/hydra/issues/3450)) ([b42482b](https://github.com/ory/hydra/commit/b42482b7260d4e1771d01fc719e8216f5961ce65)), closes [#3448](https://github.com/ory/hydra/issues/3448):
API `revokeOAuth2LoginSessions` can now revoke a single session by a SessionID (`sid` claim in the id_token) and execute an OpenID Connect Back-channel logout.
* Add session cookie path configuration ([#3475](https://github.com/ory/hydra/issues/3475)) ([af9fa81](https://github.com/ory/hydra/commit/af9fa81ac0b3a877fe1a67505b6ae54d4ef58c00)), closes [#3473](https://github.com/ory/hydra/issues/3473)
* Add token request hooks for all grant types ([#3427](https://github.com/ory/hydra/issues/3427)) ([9bdf225](https://github.com/ory/hydra/commit/9bdf225d8f04c0b16dcdc4bbcc2d7bebc7534b4d)), closes [#3244](https://github.com/ory/hydra/issues/3244):
Added a generic token hook that is called for all grant types and includes `payload` with a single allowed value - `assertion` to cover the `jwt-bearer` grant type customization.
The existing `refresh token hook` is left unchanged and is considered to be deprecated in favor of the new hook logic. The `refresh token hook` will at some point be removed.
* Allow setting access token type in client ([#3446](https://github.com/ory/hydra/issues/3446)) ([a6beed4](https://github.com/ory/hydra/commit/a6beed4659febd0917379d6da1e51d8ef75bc859)):
The access token type (`jwt` or `opaque`) can now be set in the client configuration. The value set here will overwrite the global value for all flows concerning that client.
* Allow skipping consent for trusted clients ([#3451](https://github.com/ory/hydra/issues/3451)) ([4f65365](https://github.com/ory/hydra/commit/4f65365f14ea28f979ebab7eb9c3396cbb25d619)):
This adds a new boolean parameter `skip_consent` to the admin APIs of
the OAuth clients. This parameter will be forwarded to the consent app
as `client.skip_consent`.
It is up to the consent app to act on this parameter, but the canonical
implementation accepts the consent on the user's behalf, similar to
when `skip` is set.
* Extend session lifespan on session refresh ([#3464](https://github.com/ory/hydra/issues/3464)) ([7511436](https://github.com/ory/hydra/commit/751143644dbc842c5928b1961d2c04d55b76b06b)), closes [#1690](https://github.com/ory/hydra/issues/1690) [#1557](https://github.com/ory/hydra/issues/1557) [#2246](https://github.com/ory/hydra/issues/2246) [#2848](https://github.com/ory/hydra/issues/2848):
It is now possible to extend session lifespans when accepting login challenges.
* Render complete config schema during CI ([#3433](https://github.com/ory/hydra/issues/3433)) ([ae3e781](https://github.com/ory/hydra/commit/ae3e7811ae2ba031fc4f1569a889d8b4ba0c96fd)):
* chore: bump ory/x
* chore: script to render the complete config
* Support datadog tracing ([#3431](https://github.com/ory/hydra/issues/3431)) ([3ea014f](https://github.com/ory/hydra/commit/3ea014f98f72b1456909838e8f7c40ceade7b2f6))
# [2.0.3](https://github.com/ory/hydra/compare/v2.0.2...v2.0.3) (2022-12-08)
Bugfixes for migration and pagination regressions and a new endpoint.
### Bug Fixes
* Add `client_id` and `client_secret` to `revokeOAuth2Token` ([#3373](https://github.com/ory/hydra/issues/3373)) ([93bac07](https://github.com/ory/hydra/commit/93bac074b3f7bd347c329377bf8c14aed7f43c00))
* Docker build ([48217bd](https://github.com/ory/hydra/commit/48217bd203af9467eae570b2c47c777a6c1e929b))
* Introspect command CLI example ([#3353](https://github.com/ory/hydra/issues/3353)) ([4ee4456](https://github.com/ory/hydra/commit/4ee4456d884ef6925a74c26768537e9a1ca8a9a6))
* Invalidate tokens with inconsistent state ([#3385](https://github.com/ory/hydra/issues/3385)) ([542ea77](https://github.com/ory/hydra/commit/542ea771c9740a1ebf5bc0006cb59e9eaff688d2)), closes [#3346](https://github.com/ory/hydra/issues/3346):
This patch includes SQL migrations targeting environments which have not yet migrated to Ory Hydra 2.0. It removes inconsistent records which resolves issues during the migrations process. Please be aware that some users might be affected by this change. They might need to re-authorize certain apps. However, most active records should not be affected by this.
Installations already on Ory Hydra 2.0 will not be affected by this change.
* No longer auto-generate system secret ([c5fe043](https://github.com/ory/hydra/commit/c5fe0433be88dc3cbcd09b8c85c3a90819109681)):
This patch changes Ory Hydra's behavior to no longer auto-generate a temporary secret when no global secret was set. The APIs now return an error instead.
See https://github.com/ory/network/issues/185
* Prevent multiple redirections to post logout url ([#3366](https://github.com/ory/hydra/issues/3366)) ([50666b9](https://github.com/ory/hydra/commit/50666b96ef28a019f5dfd9758f50c0023ad4ae05)), closes [#3342](https://github.com/ory/hydra/issues/3342)
* Strip `public` from schema ([#3374](https://github.com/ory/hydra/issues/3374)) ([3831b44](https://github.com/ory/hydra/commit/3831b4482a525cf67b519064bfefd45fe9f3cbd3)), closes [#3367](https://github.com/ory/hydra/issues/3367)
* Token pagination ([#3384](https://github.com/ory/hydra/issues/3384)) ([e8d8de9](https://github.com/ory/hydra/commit/e8d8de9072fda61b6d651107005d12f7bac0cba7)), closes [#3362](https://github.com/ory/hydra/issues/3362)
### Code Generation
* Pin v2.0.3 release commit ([16831c5](https://github.com/ory/hydra/commit/16831c55c41e64dd73637e8e2ca8f22202fc7d87))
### Features
* List consent sessions by session id ([#2853](https://github.com/ory/hydra/issues/2853)) ([d275ad6](https://github.com/ory/hydra/commit/d275ad66a4e3cb9494eeae7756acf33a76c37892))
# [2.0.2](https://github.com/ory/hydra/compare/v2.0.1...v2.0.2) (2022-11-10)
This release resolves bugs and SDK publishing issues.
### Bug Fixes
* Add v2 suffix ([#3340](https://github.com/ory/hydra/issues/3340)) ([c54b9db](https://github.com/ory/hydra/commit/c54b9dbf9acf0cd066969b6c729605f1e52e943a))
* Correct migration file name ([01f80a8](https://github.com/ory/hydra/commit/01f80a850112ca4a30330eeaa8eca35af4a91467))
* Incorrect consent removal on authentication revokation ([ccf2388](https://github.com/ory/hydra/commit/ccf238863d381227a04229f5f4eb8c11bb8153a9)):
This patch resolves a regression where, in a certain condition, an accepted consent could be incorrectly deleted when the related authentication session was removed.
* Incorrect jwk import order ([#3344](https://github.com/ory/hydra/issues/3344)) ([729102f](https://github.com/ory/hydra/commit/729102ff0d87051f219cf88a1296ea3c8effc530)), closes [#3343](https://github.com/ory/hydra/issues/3343)
* Isolate transactions for crdb ([f22046f](https://github.com/ory/hydra/commit/f22046fcee445dbc0b8c8bc49a9eb053ed485dab))
* Scope type should be string instead of int ([#3337](https://github.com/ory/hydra/issues/3337)) ([f59f1c6](https://github.com/ory/hydra/commit/f59f1c68346f8083e3d4e1d47117e014e644c376)):
Closes https://github.com/ory/sdk/pull/223
### Code Generation
* Pin v2.0.2 release commit ([ce96826](https://github.com/ory/hydra/commit/ce968261a2043469860c6238701631c456268aba))
### Documentation
* Add refresh token grant type ([c752125](https://github.com/ory/hydra/commit/c752125315e1450c10d7604610d974a60e7f556a))
* Fix typo ([dcfd11f](https://github.com/ory/hydra/commit/dcfd11f026469347a5ae941ebd1aa6f127e65143))
* Standardize license headers ([#3216](https://github.com/ory/hydra/issues/3216)) ([d768cf6](https://github.com/ory/hydra/commit/d768cf6580b3410f7d0b3b9420760ce0818a5fe2))
* Update README link ([6184b6a](https://github.com/ory/hydra/commit/6184b6a0ad028ecf90bb1212a7b1429fdc798a1b))
### Features
* Enable simultaneous auth flows by creating client related csrf co… ([#3059](https://github.com/ory/hydra/issues/3059)) ([16bd568](https://github.com/ory/hydra/commit/16bd568fa2ae99db87603e3808b82ca1051b1726)), closes [#3019](https://github.com/ory/hydra/issues/3019)
### Tests
* Fix flaky test ([c417be1](https://github.com/ory/hydra/commit/c417be1e181f602a69f611a68c331be56f88937c))
* Resolve time race ([643e88c](https://github.com/ory/hydra/commit/643e88c3673da923a2c49157c5513d78c19777e8))
# [2.0.1](https://github.com/ory/hydra/compare/v2.0.0...v2.0.1) (2022-10-27)
Resolves an issues with post-release steps and adds the introspect command to the Ory Hydra CLI.
### Bug Fixes
* Add missing introspect command ([c43aba3](https://github.com/ory/hydra/commit/c43aba3ea4394d51eef16cfdf3bc4ca848989f16))
* Bump quickstart images to 2.0.0 ([8c763ad](https://github.com/ory/hydra/commit/8c763ad8b170bca1a7ef29bfa3f09d88cbbdae4c))
* Post-release steps with yq ([b6300e3](https://github.com/ory/hydra/commit/b6300e34af208e49ad0a5a5a230c85b03a2cb58d))
### Code Generation
* Pin v2.0.1 release commit ([403223c](https://github.com/ory/hydra/commit/403223cc50bc0722102be96ff5631709f2b4e9f0))
### Documentation
* Update README ([#3323](https://github.com/ory/hydra/issues/3323)) ([c48e481](https://github.com/ory/hydra/commit/c48e4811c571feb33a0a524ef995bc3d24101b75))
# [2.0.0](https://github.com/ory/hydra/compare/v1.11.10...v2.0.0) (2022-10-27)
This milestone release impacts most of Ory’s installed base. While we are thrilled to unveil Ory Hydra 2.0, we would strongly suggest reading this document carefully and to the end.
Open Source software is not easy. Besides the community version Ory Hydra 2.0, Ory now provides the Ory OAuth2 & OpenID service on the [Ory Network](https://www.ory.sh) making this release a major event for Ory and the entire Ory Community.
Ory Hydra 2.0 is available now. Install the Ory CLI for the best developer experience.
```shell
bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) -b . ory
sudo mv ./ory /usr/local/bin/
brew install ory/tap/cli
```
create a new project (you may also use [Docker](https://www.ory.sh/docs/hydra/5min-tutorial))
```
ory create project --name "Ory Hydra 2.0 Example"
project_id="{set to the id from output}"
```
and follow the quick & easy steps below.
Create an OAuth 2.0 Client, and run the OAuth 2.0 Client Credentials flow:
```shell
ory create oauth2-client --project $project_id \
--name "Client Credentials Demo" \
--grant-type client_credentials
client_id="{set to client id from output}"
client_secret="{set to client secret from output}"
ory perform client-credentials --client-id=$client_id --client-secret=$client_secret --project $project_id
access_token="{set to access token from output}"
ory introspect token $access_token --project $project_id
```
Try out the OAuth 2.0 Authorize Code grant right away!
By accepting permissions `openid` and `offline_access` at the consent screen, Ory refreshes and OpenID Connect ID token,
```shell
ory create oauth2-client --project $project_id \
--name "Authorize Code with OpenID Connect Demo" \
--grant-type authorization_code \
--response-type code \
--redirect-uri ttp://127.0.0.1:4446/callback
code_client_id="{set to client id from output}"
code_client_secret="{set to client secret from output}"
ory perform authorization-code \
--project $project_id \
--client-id $code_client_id \
--client-secret $code_client_secret
code_access_token="{set to access token from output}"
ory introspect token $code_access_token --project $project_id
```
What's changed in Ory Hydra 2.0?
[OAuth 2.0 Token Exchange (RFC8693)](https://datatracker.ietf.org/doc/html/rfc8693) is now fully supported, including the JSON Web Token profile!
Ory Identities is now compatible with the Ory OAuth2 Login and Consent Flow. This means, for example, that Ory Kratos can be the login provider for Ory Hydra with a bit of configuration.
The Ory Network enables has this integration as a default.
Ory Hydra 2.0 now natively supports key types such as ES256 for signing ID Tokens and OAuth 2.0 Access Tokens in JWT format.
Additionally, the key naming mechanism was updated to conform with industry best practices.
Ory Hydra 2.0 ships a complete refactoring of the internal database structure, reducing database storage at scale and optimizing query performance.
All primary keys are now UUIDs to avoid hotspots in distributed systems. Please note that as part of this change it is no longer possible to choose the OAuth 2.0 Client ID. Instead, Ory chooses the best-performing ID format for the petabyte scale.
Ory chose to denormalize tables that had a negative performance impact due to excessive JOIN statements.
Using BCrypt as the primary hashing algorithm for OAuth 2.0 Client Secrets creates excessive CPU consumption at scale. OAuth 2.0 Client Secrets are auto-generated in Ory Hydra 2.x, removing the need for excessive hashing costs.
The new PKBDF2 hasher can be fine-tuned to support hashing at scale without a significant threat model impact.
This section only applies in scenarios where Ory Hydra is working in a do-it-yourself fashion e.g. on Docker. An Ory Hydra 2.0 compatible service is already available on the [Ory Network](https://www.ory.sh).
The database schema changed significantly from the previous structure. Please be aware that there might be a period where the database tables will be locked for writes while the upgrade runs.
**A full backup of the database before upgrading is essential!** We recommend trying out the upgrade on a copy of a production database first.
To run the SQL migrations using:
```
hydra migrate sql $DSN
```
Ory Hydra 1.x is a crucial service at Ory. Version 2.0 streamlines the APIs and SDKs to follow Ory API’s semantics and specification.
To better support TB-scale environments, the OAuth2 Client HTTP API's query
parameters for pagination have changed from `limit` and `offset` to `page_token`
and `page_size`. The `page_token` is an opaque string contained in the HTTP
`Link` Header, which expresses the next, previous, first, and last page.
Administrative endpoints now have an `/admin` prefix (e.g. `POST /admin/keys` instead of `POST /keys`). Existing administrative endpoints will redirect to this new prefixed path for backward compatibility.
HTTP endpoint `/oauth2/flush`, used to flush inactive access tokens was deprecated and has been removed. Please use `hydra janitor` instead.
To conform with the Ory V1 SDK, several SDK methods and payloads were renamed. Please check the [CHANGELOG](https://github.com/ory/hydra/blob/master/CHANGELOG.md) for a complete list of changes.
The `iss` (issuer) value no longer appends a trailing slash but instead uses the raw value set in the config.
Setting
```yaml
urls:
self:
issuer: https://auth.example.com
```
has changed
```patch
- "iss": "https://auth.example.com/"
+ "iss": "https://auth.example.com"
```
To set a trailing slash make sure to set it in the config value:
```yaml
urls:
self:
issuer: https://auth.example.com/
```
Flags `--dangerous-allow-insecure-redirect-url` and `--dangerous-force-http` have been removed. Use the `--dev` flag instead to denote a development environment with reduced security restrictions.
We now recommend using the [Ory CLI](https://www.ory.sh/docs/guides/cli/installation) to manage OAuth2 resources. As part of this restructuring, some of the commands were renamed. Here are some examples:
```patch
- hydra client create
+ ory create oauth2-client
- hydra clients list
+ ory list oauth2-clients
```
Additionally, array arguments now use the singular form:
```patch
hydra create client \
- --redirect-uris foo --redirect-uris bar \
+ --redirect-uri foo --redirect-uri bar \
- --grant-types foo --grant-types bar \
+ --grant-type foo --grant-type bar \
- --response-types foo --response-types bar \
+ --response-type foo --response-type bar \
- --allowed-cors-origins foo --allowed-cors-origins bar \
+ --allowed-cors-origin foo --allowed-cors-origin bar \
- --post-logout-callbacks foo --post-logout-callbacks bar \
+ --post-logout-callback foo --post-logout-callback bar
```
To manage resources in a do-it-yourself installation, continue using the `hydra` CLI.
Please check the [CHANGELOG](https://github.com/ory/hydra/blob/master/CHANGELOG.md) for a complete list of changes.
Ory Hydra 2.0 ships with support for OpenTelemetry. The previous telemetry solution using OpenTracing format is deprecated with this release.
## Breaking Changes
SDK naming has changed for the following operations:
```patch
ory.
- V0alpha2Api.AdminDeleteOAuth2Token(context.Background()).
+ OAuth2Api.DeleteOAuth2Token(context.Background()).
ClientId("foobar").Execute()
ory.
- V0alpha2Api.RevokeOAuth2Token(
+ OAuth2Api.RevokeOAuth2Token(
context.WithValue(context.Background(), sdk.ContextBasicAuth, sdk.BasicAuth{
UserName: clientID,
Password: clientSecret,
})).Token(token).Execute()
ory.
- V0alpha2Api.AdminIntrospectOAuth2Token(context.Background()).
+ OAuth2Api.IntrospectOAuth2Token(context.Background()).
Token(token).
Scope("foo bar")).Execute()
```
SDK naming has changed for the following operations:
```patch
ory.
- V0alpha2Api.DiscoverJsonWebKeys(context.Background()).
+ WellknownApi.DiscoverJsonWebKeys(context.Background()).
Execute()
ory.
- V0alpha2Api.AdminGetJsonWebKeySet(context.Background(), setID).
+ JwkApi.GetJsonWebKeySet(context.Background(), setID).
Execute()
ory.
- V0alpha2Api.AdminGetJsonWebKey(context.Background(), setID, keyID).
+ JwkApi.GetJsonWebKey(context.Background(), setID, keyID).
Execute()
ory.
- V0alpha2Api.AdminCreateJsonWebKeySet(context.Background(), setID).
- AdminCreateJsonWebKeySetBody(hydra.AdminCreateJsonWebKeySetBody{
- Alg: "RS256",
- Use: "sig",
+ JwkApi.CreateJsonWebKeySet(context.Background(), setID).
+ CreateJsonWebKeySet(hydra.CreateJsonWebKeySet{
+ Alg: "RS256",
+ Use: "sig",
}).Execute()
ory.
- V0alpha2Api.AdminUpdateJsonWebKey(context.Background(), setID, keyID).
+ JwkApi.SetJsonWebKey(context.Background(), setID, keyID).
JsonWebKey(jsonWebKey).Execute()
ory.
- V0alpha2Api.AdminUpdateJsonWebKeySet(context.Background(), setID).
+ JwkApi.SetJsonWebKeySet(context.Background(), setID).
JsonWebKeySet(jsonWebKeySet).Execute()
ory.
- V0alpha2Api.AdminDeleteJsonWebKey(context.Background(), setID, keyID).
JwkApi.DeleteJsonWebKey(context.Background(), setID, keyID).
Execute()
ory.
- V0alpha2Api.AdminDeleteJsonWebKeySet(context.Background(), setID).
JwkApi.DeleteJsonWebKeySet(context.Background(), setID).
Execute()
```
SDK naming has changed for the following operations:
```patch
ory.
- V0alpha2Api.DiscoverJsonWebKeys(context.Background()).
+ WellknownApi.DiscoverJsonWebKeys(context.Background()).
Execute()
ory.
- V0alpha2Api.AdminGetJsonWebKeySet(context.Background(), setID).
+ JwkApi.GetJsonWebKeySet(context.Background(), setID).
Execute()
ory.
- V0alpha2Api.AdminGetJsonWebKey(context.Background(), setID, keyID).
+ JwkApi.GetJsonWebKey(context.Background(), setID, keyID).
Execute()
ory.
- V0alpha2Api.AdminCreateJsonWebKeySet(context.Background(), setID).
- AdminCreateJsonWebKeySetBody(hydra.AdminCreateJsonWebKeySetBody{
- Alg: "RS256",
- Use: "sig",
+ JwkApi.CreateJsonWebKeySet(context.Background(), setID).
+ CreateJsonWebKeySet(hydra.CreateJsonWebKeySet{
+ Alg: "RS256",
+ Use: "sig",
}).Execute()
ory.
- V0alpha2Api.AdminUpdateJsonWebKey(context.Background(), setID, keyID).
+ JwkApi.SetJsonWebKey(context.Background(), setID, keyID).
JsonWebKey(jsonWebKey).Execute()
ory.
- V0alpha2Api.AdminUpdateJsonWebKeySet(context.Background(), setID).
+ JwkApi.SetJsonWebKeySet(context.Background(), setID).
JsonWebKeySet(jsonWebKeySet).Execute()
ory.
- V0alpha2Api.AdminDeleteJsonWebKey(context.Background(), setID, keyID).
JwkApi.DeleteJsonWebKey(context.Background(), setID, keyID).
Execute()
ory.
- V0alpha2Api.AdminDeleteJsonWebKeySet(context.Background(), setID).
JwkApi.DeleteJsonWebKeySet(context.Background(), setID).
Execute()
```
SDK naming has changed for the following operations:
```patch
ory.
- V0alpha2Api.AdminRevokeOAuth2ConsentSessions(cmd.Context()).
+ OAuth2Api.RevokeOAuth2ConsentSessions(context.Background()).
Client(clientId).Execute()
ory.
- V0alpha2Api.AdminListOAuth2SubjectConsentSessions(cmd.Context(), id).
+ OAuth2Api.RevokeOAuth2ConsentSessions(context.Background()).
Client(clientId).Execute()
ory.
- V0alpha2Api.AdminListOAuth2SubjectConsentSessions(context.Background()).
+ OAuth2Api.ListOAuth2ConsentSessions(context.Background()).
Subject(subjectId).Execute()
ory.
- V0alpha2Api.AdminRevokeOAuth2LoginSessions(context.Background()).
+ OAuth2Api.RevokeOAuth2LoginSessions(context.Background()).
Subject(subjectId).Execute()
ory.
- V0alpha2Api.AdminGetOAuth2LoginRequest(context.Background()).
+ OAuth2Api.GetOAuth2LoginRequest(context.Background()).
LoginChallenge(challenge).Execute()
ory.
- V0alpha2Api.AdminAcceptOAuth2LoginRequest(context.Background()).
+ OAuth2Api.AcceptOAuth2LoginRequest(context.Background()).
AcceptOAuth2LoginRequest(body).
LoginChallenge(challenge).Execute()
ory.
- V0alpha2Api.AdminRejectOAuth2LoginRequest(context.Background()).
+ OAuth2Api.RejectOAuth2LoginRequest(context.Background()).
RejectOAuth2Request(body).
LoginChallenge(challenge).Execute()
ory.
- V0alpha2Api.AdminGetOAuth2ConsentRequest(context.Background()).
+ OAuth2Api.GetOAuth2ConsentRequest(context.Background()).
ConsentChallenge(challenge).Execute()
ory.
- V0alpha2Api.AdminAcceptOAuth2ConsentRequest(context.Background()).
+ OAuth2Api.AcceptOAuth2ConsentRequest(context.Background()).
AcceptOAuth2ConsentRequest(body).
ConsentChallenge(challenge).Execute()
ory.
- V0alpha2Api.AdminRejectOAuth2ConsentRequest(context.Background()).
+ OAuth2Api.RejectOAuth2ConsentRequest(context.Background()).
RejectOAuth2Request().
ConsentChallenge(challenge).Execute()
ory.
- V0alpha2Api.AdminAcceptOAuth2LogoutRequest(context.Background()).
+ OAuth2Api.AcceptOAuth2LogoutRequest(context.Background()).
LogoutChallenge(challenge).
Execute()
ory.
- V0alpha2Api.AdminRejectOAuth2LogoutRequest(context.Background()).
+ OAuth2Api.RejectOAuth2LogoutRequest(context.Background()).
LogoutChallenge(challenge).
Execute()
ory.
V0alpha2Api.AdminGetOAuth2LogoutRequest(context.Background()).
+ OAuth2Api.GetOAuth2LogoutRequest(context.Background()).
LogoutChallenge(challenge).
Execute()
- var AlreadyHandledError HandledOAuth2LoginRequest
+ var AlreadyHandledError ErrorOAuth2LoginRequestAlreadyHandled
- var AlreadyHandledError HandledOAuth2LoginRequest
+ var AlreadyHandledError ErrorOAuth2ConsentRequestAlreadyHandled
- var OAuth2SuccessResponse SuccessfulOAuth2RequestResponse
+ var OAuth2SuccessResponse OAuth2RedirectTo
```
Error models in the generated SDK have been renamed:
```patch
- oAuth2ApiError
+ errorOAuth2
```
The SDK API for the following has changed:
```patch
// Go example
ory.
- V0alpha2Api.AdminUpdateOAuth2Client(cmd.Context(), id)
+ Oauth2Api.SetOAuth2Client(cmd.Context(), id).
OAuth2Client(client).Execute()
ory.
- V0alpha2Api.AdminGetOAuth2Client(cmd.Context(), id).
+ Oauth2Api.GetOAuth2Client(cmd.Context(), id).
Execute()
ory.
- V0alpha2Api.AdminDeleteOAuth2Client(cmd.Context(), id).
+ Oauth2Api.DeleteOAuth2Client(cmd.Context(), id).
Execute()
ory.
- V0alpha2Api.AdminCreateOAuth2Client(cmd.Context()).
+ Oauth2Api.CreateOAuth2Client(cmd.Context()).
OAuth2Client(client).Execute()
ory.
- V0alpha2Api.DynamicClientRegistrationGetOAuth2Client(cmd.Context(), id).
+ OidcApi.GetOidcDynamicClient(cmd.Context(), id).
Execute()
ory.
- V0alpha2Api.DynamicClientRegistrationGetOAuth2Client(cmd.Context()).
+ OidcApi.CreateOidcDynamicClient(cmd.Context()).
OAuth2Client(client).Execute()
ory.
- V0alpha2Api.DynamicClientRegistrationDeleteOAuth2Client(cmd.Context()).
+ OidcApi.DeleteOidcDynamicClient(cmd.Context()).
OAuth2Client(client).Execute()
ory.
- V0alpha2Api.DynamicClientRegistrationUpdateOAuth2Client(cmd.Context(), id).
+ OidcApi.SetOidcDynamicClient(cmd.Context(), id).
Execute()
```
We removed compatibility with unsupported database versions (e.g. MySQL 5.6). Ory Hydra v2.x is now compatible with MySQL 8.0.13+, PostgreSQL 11.8+, CockroachDB v22.1.2+.
Configuration keys have changed:
```patch
serve: {
public: {
- access_log: {
+ request_log: {
disable_for_health: true
},
},
admin: {
- access_log: {
+ request_log: {
disable_for_health: true
},
}
}
```
Rename SDK method from `deleteOAuth2Token` to `adminDeleteOAuth2Token`.
Rename SDK method from `oauth2Token` to `performOAuth2TokenFlow`.
Rename SDK method from `introspectOAuth2Token` to `adminIntrospectOAuth2Token`.
Rename SDK method from `userinfo` to `getOidcUserInfo`.
Rename SDK method from `discoverOpenIDConfiguration` to `discoverOidcConfiguration`.
Rename SDK method from `listTrustedJwtGrantIssuers` to `adminListTrustedOAuth2JwtGrantIssuers`.
Rename SDK method from `deleteTrustedJwtGrantIssuer` to `adminDeleteTrustedOAuth2JwtGrantIssuer`.
Rename SDK method from `getTrustedJwtGrantIssuer` to `adminGetTrustedOAuth2JwtGrantIssuer`.
Rename SDK method from `trustJwtGrantIssuer` to `adminTrustOAuth2JwtGrantIssuer`.
Rename SDK method from `rejectLogoutRequest` to `adminRejectOAuth2LogoutRequest`.
Rename SDK method from `rejectConsentRequest` to `rejectOAuth2ConsentRequest`.
Rename SDK method from `acceptConsentRequest` to `adminAcceptOAuth2ConsentRequest`.
Rename SDK method from `getOAuth2ConsentRequest` to `adminGetOAuth2ConsentRequest`.
Rename SDK method from `rejectLoginRequest` to `rejectOAuth2LoginRequest`.
Rename SDK method from `acceptLoginRequest` to `adminAcceptOAuth2LoginRequest`.
Rename SDK method from `getLoginRequest` to `adminGetOAuth2LoginRequest`.
Rename SDK method from `revokeAuthenticationSession` to `adminRevokeOAuth2LoginSessions`.
Rename SDK method from `adminListSubjectConsentSessions` to `adminListOAuth2SubjectConsentSessions`.
Rename SDK method from `revokeConsentSessions` to `adminRevokeOAuth2ConsentSessions`
This release updates SDK services from `public` and `admin` to `v2`. Methods exposed at the admin interface are now prefixed with `admin` (e.g. `adminCreateJsonWebKeySet`). Administrative endpoints now have an `/admin` prefix (e.g. `POST /admin/keys`). Existing administrative endpoints will redirect to this new prefixed path for backwards compatibility.
This release updates SDK services from `public` and `admin` to `v2`. Methods exposed at the admin interface are now prefixed with `admin` (e.g. `adminCreateOAuth2Client`). Administrative endpoints now have an `/admin` prefix (e.g. `POST /admin/clients`). Existing administrative endpoints will redirect to this new prefixed path for backwards compatibility.
The default names of cookies have changed:
```patch
- oauth2_authentication_csrf
+ ory_hydra_login_csrf
- oauth2_consent_csrf
+ ory_hydra_consent_csrf
- oauth2_authentication_session
+ ory_hydra_session
```
Use the new configuration option to change the cookie names back to v1.x if required.
CLI flag `--dangerous-force-http` has been removed. Please use the `--dev` flag instead!
CLI flag `--dangerous-allow-insecure-redirect-url` has been removed. Please use the `--dev` flag instead!
The `hydra token revoke` command has been renamed to `hydra revoke token` and now supports structured output (JSON, tables, ...).
The `hydra token introspect` command has been renamed to `hydra introspect token` and now supports structured output (JSON, tables, ...).
The `hydra token delete` command has been renamed to `hydra delete access-tokens` and now supports structured output (JSON, tables, ...).
The `hydra token client` command has been renamed to `hydra perform client-credentials` and now supports structured output (JSON, tables, ...).
The `hydra keys create|delete|get|import` commands have changed to follow other Ory project's guidelines, including structured output and improved handling. They are now:
```
hydra create jwks
hydra get jwks
hydra delete jwks
hydra import jwk
```
Please head over to the documentation for more information or use the `--help` CLI flag for each command.
HTTP endpoint `/oauth2/flush`, used to flush inactive access token was deprecated and has been removed. Please use `hydra janitor` instead.
Command `hydra clients import` is now `hydra import client`.
Command `hydra clients update` is now `hydra update client`. Additionally, all flags are now singular:
```patch
hydra update client [client-id] \
- --redirect-uris foo --redirect-uris bar \
+ --redirect-uri foo --redirect-uri bar \
- --grant-types foo --grant-types bar \
+ --grant-type foo --grant-type bar \
- --response-types foo --response-types bar \
+ --response-type foo --response-type bar \
- --allowed-cors-origins foo --allowed-cors-origins bar \
+ --allowed-cors-origin foo --allowed-cors-origin bar \
- --post-logout-callbacks foo --post-logout-callbacks bar \
+ --post-logout-callback foo --post-logout-callback bar
```
To better support TB-scale environments, the OAuth2 Client HTTP API's query parameters for pagination have changed from `limit` and `offset` to `page_token` and `page_size`. The `page_token` is an opaque string contained in the HTTP `Link` Header, which expresses the next, previous, first, and last page.
Command `hydra clients list` is now `hydra list client`. Please notice that the pagination flags have changed to `--page-token` and `page-size`!
Command `hydra clients delete` is now `hydra delete client`.
Command `hydra clients get` is now `hydra get client`.
Command `hydra clients create` is now `hydra create client`. Additionally, all flags are now singular:
```patch
hydra create client \
- --redirect-uris foo --redirect-uris bar \
+ --redirect-uri foo --redirect-uri bar \
- --grant-types foo --grant-types bar \
+ --grant-type foo --grant-type bar \
- --response-types foo --response-types bar \
+ --response-type foo --response-type bar \
- --allowed-cors-origins foo --allowed-cors-origins bar \
+ --allowed-cors-origin foo --allowed-cors-origin bar \
- --post-logout-callbacks foo --post-logout-callbacks bar \
+ --post-logout-callback foo --post-logout-callback bar
```
This change is backwards compatible, but changes the default hashing algorithm to PBKDF2. To keep using BCrypt for hashing new OAuth2 Client Secrets set the following configuration option in your configuration file:
```
oauth2:
hashers:
algorithm: bcrypt
```
To improve security and scalability (in particular sharding), OAuth 2.0 Client IDs can no longer be chosen but are always assigned a random generated UUID V4. OAuth 2.0 Clients created with custom IDs before the v2.0 release will continue working with their legacy Client ID in Ory Hydra v2.x.
Additionally, the `hydra create client` command no longer supports flag `--id` and flag `--callbacks` has been renamed to `--redirect-uris`.
The `iss` (issuer) value no longer appends a trailing slash but instead uses the raw value set in the config.
Setting
```yaml
urls:
self:
issuer: https://auth.example.com
```
has changed
```patch
- "iss": "https://auth.example.com/"
+ "iss": "https://auth.example.com"
```
To set a trailing slash make sure to set it in the config value:
```yaml
urls:
self:
issuer: https://auth.example.com/
```
SDK object `PatchDocument` was renamed to `JsonPatchDocument`.
TLS is no longer enabled by default. We want to make deployments behind TLS termination easier. To expose Ory Hydra directly to the public internet, configure keys `serve.<public|admin>.tls`.
JSON Web Keys are no longer prefixed with `public` or `private`. This affects keys generated in Ory Hydra after upgrading to this patch. Existing keys are unaffected by this.
OAuth2 errors can no longer be returned in the legacy error format. Essentially, fields `error_hint`, `error_debug` have been removed. Option `oauth2.include_legacy_error_fields` has been removed.
The HS512 and HS256 JSON Web Key generators has been removed. It is now only possible to generate asymmetric keys in Ory Hydra. It will still be possible to save HS512 or HS256 keys.
if using MySQL, hydra_jwk/kid and hydra_oauth2_trusted_jwt_bearer_issuer/key_id may only contain ascii/utf-8 symbols 0-127
Encode MySQL columns hydra_oauth2_trusted_jwt_bearer_issuer/key_id and hydra_jwk/kid in ascii as
a workaround for the 3072-byte index entry size limit[1].
[1]: https://dev.mysql.com/doc/refman/8.0/en/innodb-limits.html
Signed-off-by: Grant Zvolsky <grant@zvolsky.org>
This patch merges four SQL Tables into a new table, deleting the old tables in the process. The migrations in this patch are expected to be applied offline. Please be aware that *there are no down migrations*, and if something goes wrong, data loss is possible. Always back up your database before applying migrations. For more information, see [Hydra 2.x Migration Guide](https://www.ory.sh/hydra/docs/guides/migrate-v2).
Rows with NULL login_challenge in `hydra_oauth2_consent_request` and corresponding `hydra_oauth2_consent_request_handled` are deleted as a side effect of the merge migration. This is done with the assumption that only a very small number of sessions, issued by pre-1.0 Hydra, will be affected. Please contact us if this assumption doesn't apply or if the deletion adversely affects your deployment.
Signed-off-by: Grant Zvolsky <grant@zvolsky.org>
### Bug Fixes
* `allowed_top_level_claims` set to nil ([#3245](https://github.com/ory/hydra/issues/3245)) ([cd2c252](https://github.com/ory/hydra/commit/cd2c252b4bb737bdcf7db95ccd181b35337d31c7))
* `max_age=0` forces authentication ([2597f19](https://github.com/ory/hydra/commit/2597f190e83b2fdc98818892b89da3ecab644303)), closes [#3034](https://github.com/ory/hydra/issues/3034)
* Add CORS to public health handler ([#3114](https://github.com/ory/hydra/issues/3114)) ([02c6d5d](https://github.com/ory/hydra/commit/02c6d5d4ea7e45f1ca89ab211f858b9552f20842)):
Co-authored-by: Reaper <barelyhuman@users.noreply.github.com>
Co-authored-by: Patrik <zepatrik@users.noreply.github.com>
Co-authored-by: Alano Terblanche <Benehiko@users.noreply.github.com>
Co-authored-by: Reaper <barelyhuman@users.noreply.github.com>
* Add json1 tag everywhere ([dd1d733](https://github.com/ory/hydra/commit/dd1d733b0a162b45c2d11ab7f8cd7ec9f8e5e73b))
* Add missing down migrations ([a98c067](https://github.com/ory/hydra/commit/a98c06714b0b55cb08a987685786cdbfe45961ee))
* Allow retries of unused login & consent requests ([51a586b](https://github.com/ory/hydra/commit/51a586b0b2d8882e515d3e37ad4c8d39d27c22b2)), closes [#2914](https://github.com/ory/hydra/issues/2914) [#3085](https://github.com/ory/hydra/issues/3085) [#2824](https://github.com/ory/hydra/issues/2824)
* Cache migration status ([7e25fdb](https://github.com/ory/hydra/commit/7e25fdbdeafa551430eb997d931f7e48573f0675))
* Client specific CORS ([9a4f9e9](https://github.com/ory/hydra/commit/9a4f9e9993ff78d317a8b3f979ddee408e982eef)), closes [#1754](https://github.com/ory/hydra/issues/1754)
* **cli:** Output format issues ([fe3c899](https://github.com/ory/hydra/commit/fe3c89900d416069d879e4647c6221153c8444b2))
* Cockroach migration fixes ([7bed244](https://github.com/ory/hydra/commit/7bed24454c83a3b8e2613aa4acf14a36b21116cb))
* Compile errors ([d1f5a0e](https://github.com/ory/hydra/commit/d1f5a0efbd7f245a0adca3e9d69907254f051700))
* Compile issue ([83983c2](https://github.com/ory/hydra/commit/83983c2bbccaad9117640db22c5322e37cfcf7bc))
* Compile issues ([68cb7d5](https://github.com/ory/hydra/commit/68cb7d511f60fd4693c16b8847ec9ded71eb4352))
* Conditionals in db-diff ([a006b04](https://github.com/ory/hydra/commit/a006b0488272b45fe98a332521a21984424a9787))
* **config:** Add default to supported types. ([f4812c8](https://github.com/ory/hydra/commit/f4812c85872e852219c0baffab7a845c64c5795b))
* **config:** Correct salt detection ([2b6350c](https://github.com/ory/hydra/commit/2b6350c0e6be0317a47896cda7102e6a6c22199c))
* **config:** Disallow additional properties ([9022769](https://github.com/ory/hydra/commit/902276991df4ff3d303d11c262fcbfc896b464b4))
* **config:** Support number ([ab6a9ee](https://github.com/ory/hydra/commit/ab6a9ee23dc4f05b3e8a8d8daff16be65a42b354))
* ConfirmLoginSession, missing FKs; add tests ([1f7bf40](https://github.com/ory/hydra/commit/1f7bf40e4f76c9864d92f4cb3f4f408f7b13c88d))
* Conformity health check ([e163c80](https://github.com/ory/hydra/commit/e163c803b33a9c643e3286cbf7e31b51693f779a))
* Consistently use RS256 in hot reloading ([6376135](https://github.com/ory/hydra/commit/63761357c2b186397c9023ff36ed9c9f1ce772d6))
* Default back to RS256 keys ([891fb55](https://github.com/ory/hydra/commit/891fb551ad24fa9f949bb3860cb8b79603781d81))
* Disable NID tests with HSM enabled ([142cd13](https://github.com/ory/hydra/commit/142cd13382200aad186f11c3b9269ff8e129b3e2)):
We currently don't support NID isolation in combination with HSM.
* Docker image build ([1d8a8ff](https://github.com/ory/hydra/commit/1d8a8fff8c41eece869c0fcc2c40d219ee2d0ff9))
* Docker image build ([#3247](https://github.com/ory/hydra/issues/3247)) ([05bda6b](https://github.com/ory/hydra/commit/05bda6bfcc8f3b19830ccdf4df15d921e48ff3b8))
* Docker instructions ([063f61b](https://github.com/ory/hydra/commit/063f61beb2e931844a9eb6e7cd6e8776182e46df))
* Dont close crdb for reuse purposes ([11587ae](https://github.com/ory/hydra/commit/11587aed8484fdf42b10420fc77d0df0346c23e7))
* Fix hydra_client pk change mysql down migration ([#2791](https://github.com/ory/hydra/issues/2791)) ([560acce](https://github.com/ory/hydra/commit/560accee306a6f3b599798561230152579981085))
* Fix unbatched select in flushInactiveTokens ([a5cc6ea](https://github.com/ory/hydra/commit/a5cc6eaea9be1369557a1164e7d01fb179c92959)):
chore: code review
chore: format
don't delete more tokens than expected.
correct test.
add nid in flush tokens.
* Handle server error when refresh token requests come same time ([#3207](https://github.com/ory/hydra/issues/3207)) ([b0196c0](https://github.com/ory/hydra/commit/b0196c046b09fa80dfa15a14f343c407ef3500b2))
* High db cpu utilisation on query ([#3260](https://github.com/ory/hydra/issues/3260)) ([4bf995d](https://github.com/ory/hydra/commit/4bf995d2610414abc69380885afdf6dce46e4042))
* Hsm compile issues ([8571a67](https://github.com/ory/hydra/commit/8571a6712f18567b72c2cac3c3755eefa5b9a9d7))
* HSM test ([ca748a1](https://github.com/ory/hydra/commit/ca748a1d54c56a6dea48e2e7aa4a7fc35efeb518))
* **hsm:** Public key extraction ([57cf46c](https://github.com/ory/hydra/commit/57cf46c4ff3f00d37a11133a3e9fbc989d86039a))
* **hsm:** Public key extraction everywhere ([c9c2e01](https://github.com/ory/hydra/commit/c9c2e0163b353419564e10ec142b782fa94e52a4))
* Ignore cypress screenshots in git ([668a319](https://github.com/ory/hydra/commit/668a31924a2211712fa499b7fcc6ce6641fc2885))
* Improve duration pattern ([6c8dda8](https://github.com/ory/hydra/commit/6c8dda8667efdd528df3184a1e9384c0213a8b91))
* Improve health check reporting ([1bd0c52](https://github.com/ory/hydra/commit/1bd0c52302ce0c14a901e4120cbef558dab54962))
* Improve jwk generator defaults ([ece5ca6](https://github.com/ory/hydra/commit/ece5ca6a5733170ab68db1940c5d8e45f6fb1dbb))
* Improve lazy initialization of JWKs ([8cffc5b](https://github.com/ory/hydra/commit/8cffc5b1241d1478ea693a013d91e05aa0e5928f))
* Improve migration status speed ([1a4abd6](https://github.com/ory/hydra/commit/1a4abd6da98874360ba18d0cdff26980a1dad461))
* Improve time validation ([b32ff33](https://github.com/ory/hydra/commit/b32ff33f586c97c8a4c8083378deb898ba11bcbd))
* Incorrect queries ([255b4e2](https://github.com/ory/hydra/commit/255b4e225bfaa7b6b9b61354d708be919527ee82))
* **jwk:** Expose correct metadata algorithms ([0a786b7](https://github.com/ory/hydra/commit/0a786b7cd35f4311f85b3b6b9cb3af0444e4ad53))
* Lazy load PKI ([d65aa3a](https://github.com/ory/hydra/commit/d65aa3a9b676deace57744dfb3632392eec90781))
* Lint issues ([72a5cd8](https://github.com/ory/hydra/commit/72a5cd8cf4b2e980e378d183760837fbf7c7fd21))
* Make servicelocator explicit ([3a26385](https://github.com/ory/hydra/commit/3a263854d86e63a75b5e6a73cab81ba7a60ccfe9))
* Missing data in JWT grant ([#3143](https://github.com/ory/hydra/issues/3143)) ([c51b21b](https://github.com/ory/hydra/commit/c51b21bb2334a0a5413a0d25ea54478696808444))
* Move to v0alpha2 api spec ([a364db4](https://github.com/ory/hydra/commit/a364db4ff2cbd65116358929f9e5bb37fde0cc88))
* Mysql slice delete ([c56b958](https://github.com/ory/hydra/commit/c56b9585ecd8201b710805812f7abbb6a475bfc8)):
- Add a workaround for [mysql slice delete](https://github.com/gobuffalo/pop/issues/699)
- Optimize logout verification (save 1 db rountrip)
- Update a test to use StaticContextualizer & revert CleanAndMigrate workaround
- Ensure a Client generated with faker satisfies the DB schema
- Remove unused argument from HandleConsentRequest
* **mysql:** Fix mysql key too long error ([ba16958](https://github.com/ory/hydra/commit/ba16958cdfcee071ae3c67bf6f24dfd963a29ae9))
* **oauth2:** Incorrect TTL override ([7893a98](https://github.com/ory/hydra/commit/7893a980387e3d29978e535e81331014ac41820a))
* Optimise sql update to avoid redundant writes ([#3289](https://github.com/ory/hydra/issues/3289)) ([1aa6cc4](https://github.com/ory/hydra/commit/1aa6cc43f2a270f1853b6634f5af26344d077a97)), closes [#3137](https://github.com/ory/hydra/issues/3137):
The SQL update here would potentially update a lot of rows, which did not need updating. In some DB engines, this would not be an issue, because the redundant writes are ignored. But on PostgreSQL engines, it is another story; here it would actually carry out the writes, leading to a potentially high number of redundant iops when the engine is vaccuming outdated records. With this change, the SQL update will only affect the rows which is not in the desired state already.
* Pop compile issue ([3e7b6b4](https://github.com/ory/hydra/commit/3e7b6b412ea524529cad8d716a23c785f7c3e466))
* Postgres migration script ([#3249](https://github.com/ory/hydra/issues/3249)) ([d6e7f94](https://github.com/ory/hydra/commit/d6e7f94f5eb678c43d43af8054b6707ea545c9b1))
* Prefix paths correctly with /admin ([e130dfa](https://github.com/ory/hydra/commit/e130dfa93c596f86b057dfb35bcea6e58874f76c))
* Proper introspection output format ([#3312](https://github.com/ory/hydra/issues/3312)) ([8b77f5a](https://github.com/ory/hydra/commit/8b77f5ada22261fdcf87fc1a3b362a023a565abc))
* Quickstart with SQLite ([e58d3d1](https://github.com/ory/hydra/commit/e58d3d15eb835f94757fb39868d4570265772a9b)), closes [#3050](https://github.com/ory/hydra/issues/3050)
* Regression in database layer ([1d78e79](https://github.com/ory/hydra/commit/1d78e79623af7bf7d59dd2e7d1ab741e838de95e))
* Remove deprecated config value ([8994190](https://github.com/ory/hydra/commit/8994190033ced6fac0a9e5aaffccd2d5e9428ac1))
* Remove goswagger generated client ([e2c8809](https://github.com/ory/hydra/commit/e2c8809bedf1cf78ce163f58232c23aaedd11593))
* Remove incorrect aliases ([2a20080](https://github.com/ory/hydra/commit/2a20080d1d1caa92d0483ec8fec5a5bf1e9d2267))
* Remove obsolete type patches ([e670d68](https://github.com/ory/hydra/commit/e670d68dad332824a49875e014d6957653eef4a2))
* Remove unnecessary load of TLS certificates at boot ([13691d3](https://github.com/ory/hydra/commit/13691d3995f4418c8a83caf3d22f5ca98152187a))
* Remove unused swagger struct ([4ff0690](https://github.com/ory/hydra/commit/4ff0690d895280b15b1a2f88540766b2adfe6f04))
* Replace of consent session expires values ([e1731ba](https://github.com/ory/hydra/commit/e1731baf51676d70cf04e6e674df697d4af3298c))
* Resolve a merge conflict in migration_test ([#2811](https://github.com/ory/hydra/issues/2811)) ([acb16c1](https://github.com/ory/hydra/commit/acb16c1c273e023c8c3854f7fc36ba653085c828))
* Resolve conformance build issues ([f6ee1d3](https://github.com/ory/hydra/commit/f6ee1d3bda00a3105815c12a7fa1f6fbc38a72a6))
* Resolve internal SDK regressions ([937e6ba](https://github.com/ory/hydra/commit/937e6baabf2df183ec6f5679b1507319a9988afa))
* Resolve merge conflicts ([6eee09c](https://github.com/ory/hydra/commit/6eee09cc72618121588d40877e0ee7bff3d5623c))
* Resolve migration regressions ([5552e4d](https://github.com/ory/hydra/commit/5552e4df97bb5990e05f19d38aca98b614b4f48a))
* Resolve test issues and regressions introduced by the new JWK generator ([77b1ac7](https://github.com/ory/hydra/commit/77b1ac749656e855092513fac3c459f439eefe54))
* Resolve token prefix regression ([1fd6ea3](https://github.com/ory/hydra/commit/1fd6ea3df64598095ba119350ec1cca3e2a44e72))
* Retry transient crdb transaction failures ([f0f3139](https://github.com/ory/hydra/commit/f0f3139efeb4b5ec74c875e350838aaf20045779))
* Revert latest docker image changes ([#3286](https://github.com/ory/hydra/issues/3286)) ([f2daa7d](https://github.com/ory/hydra/commit/f2daa7d6456e4bd27cb9e4b3aa89e2790e59f2b3)):
Closes https://github.com/ory/hydra/issues/3285
* Revert to normal crdb ([c9a248d](https://github.com/ory/hydra/commit/c9a248dd7cebe20009559e5625ab195a288eb656))
* **sdk:** GenericError type ([21c579a](https://github.com/ory/hydra/commit/21c579ad40d2802e91c3fcc6ee910e44499b07cb))
* **sdk:** Handle all error codes ([#3153](https://github.com/ory/hydra/issues/3153)) ([1ab345b](https://github.com/ory/hydra/commit/1ab345b9ee3e24231fe05d8a88f12f0698721f32)), closes [#2350](https://github.com/ory/hydra/issues/2350)
* **sdk:** Make session uniquely named ([468e27d](https://github.com/ory/hydra/commit/468e27d0ddd206839f24166b85989dbcebcc215d))
* **sdk:** Omit DefaultSession ([954aa5f](https://github.com/ory/hydra/commit/954aa5f3a142e70e2c98f5917b9170bb57df91fc))
* **sdk:** Remove pattern from scope parameter ([1332fe6](https://github.com/ory/hydra/commit/1332fe6c4dd8fcdef5861ebb451f36b0c388aafe)), closes [#3142](https://github.com/ory/hydra/issues/3142)
* **sdk:** Resolve type issues and regenerate SDK ([6880fea](https://github.com/ory/hydra/commit/6880feafb060d8df299aa75664aa4950dcad53c6))
* **sdk:** Use correct struct for response ([04b308f](https://github.com/ory/hydra/commit/04b308f35a389b8cb96341f8c431e2c0b521cb3f))
* Speed up health checks ([eafa2bb](https://github.com/ory/hydra/commit/eafa2bb488bf55e035d55f3974c0766e4ede123e))
* Support issuer with and without trailing slash ([d746fa4](https://github.com/ory/hydra/commit/d746fa499a73df617741e0a792f254970e1b504a)), closes [#1482](https://github.com/ory/hydra/issues/1482)
* Update benchmark script ([63a84de](https://github.com/ory/hydra/commit/63a84de3f51c1ffd06729f78ced488ba72acb0c5))
* Use --yes flag in db-diff ([36ddb61](https://github.com/ory/hydra/commit/36ddb6155786c5b5ac6d83a3e3761a4768bded82))
* Use config func everywhere ([d1af32d](https://github.com/ory/hydra/commit/d1af32dc9e72f26e4e758ff2f2fc8c9071a4dc4e))
* Use correct context ([3ceefd7](https://github.com/ory/hydra/commit/3ceefd738d363c910e47a456a353603612d5674a))
* Use correct sdk tag ([#3318](https://github.com/ory/hydra/issues/3318)) ([aea37d6](https://github.com/ory/hydra/commit/aea37d6a358f8c440ac2a3a138adec77d7544aab))
* Use CreateWith ([9fbbbdf](https://github.com/ory/hydra/commit/9fbbbdf425fea6f2a1218c489d4d9f65c03daf75))
* Use StringSliceJSONFormat instead of StringSlicePipeDelimiter ([#3112](https://github.com/ory/hydra/issues/3112)) ([1d9891d](https://github.com/ory/hydra/commit/1d9891dcf14cdb0e18aa071e053675475f5d787b)):
Closes https://github.com/ory/hydra/issues/2859
### Code Generation
* Pin v2.0.0 release commit ([4d83a28](https://github.com/ory/hydra/commit/4d83a289ac590fbdefca5ed933327b46c4abf65f))
### Code Refactoring
* `hydra keys` command ([e466d7c](https://github.com/ory/hydra/commit/e466d7c9d284da22742ad0769153f95e12daa9e8))
* `hydra token client` command ([81e79f2](https://github.com/ory/hydra/commit/81e79f2a34024c2c60b52bfd6f76518f0a179166))
* `hydra token delete` command ([aa338e1](https://github.com/ory/hydra/commit/aa338e1789e0d9946fe241d4dc2168f6dd17ca51))
* `hydra token introspect` command ([da3e2b4](https://github.com/ory/hydra/commit/da3e2b44382199dc601e8d01d9a3f4757a7c59a6))
* `hydra token revoke` command ([42e75c3](https://github.com/ory/hydra/commit/42e75c32c63cf029f4088bc277d4039059017771))
* CLI environment variables `HYDRA_URL` has been renamed to `ORY_SDK_URL` ([08bbbab](https://github.com/ory/hydra/commit/08bbbab1a9beb030cbea1487fd3d32e360a44c37)):
BREKAING CHANGE: To follow ecosystem convention, environment variables `HYDRA_URL`, `HYDRA_ADMIN_URL` have been renamed to `ORY_SDK_URL`.
* **client:** Make OAuth2 Client IDs system-chosen and immutable ([4002224](https://github.com/ory/hydra/commit/4002224439c681f9bc4aaa8af2793615fe5c0d95)), closes [#2911](https://github.com/ory/hydra/issues/2911)
* **client:** Rename SDK methods and introduce `/admin` prefix ([0752721](https://github.com/ory/hydra/commit/0752721dd87f8d5b447e8ba3fa413cf2fd5608ba))
* **client:** Replace limit and offset parameters with page_token and page_size ([23585b5](https://github.com/ory/hydra/commit/23585b579776f5fe058a95b06556c27a8d1da0c4))
* **consent:** Rename SDK method from `acceptConsentRequest` to `adminAcceptOAuth2ConsentRequest` ([5885ab3](https://github.com/ory/hydra/commit/5885ab31d91eebb70f1b701baf4df9ee6dab75e2))
* **consent:** Rename SDK method from `acceptLoginRequest` to `adminAcceptOAuth2LoginRequest` ([fa27d0c](https://github.com/ory/hydra/commit/fa27d0cfcc97bbfdaaf7a696e0d82872c6859ccf))
* **consent:** Rename SDK method from `adminListSubjectConsentSessions` to `adminListOAuth2SubjectConsentSessions` ([bb51ba0](https://github.com/ory/hydra/commit/bb51ba0c40ba59839a7ea383170cdd559b22a8be))
* **consent:** Rename SDK method from `getLoginRequest` to `adminGetOAuth2LoginRequest` ([9053040](https://github.com/ory/hydra/commit/9053040fe47164e4167f0f15270b9e6ade81604f))
* **consent:** Rename SDK method from `getOAuth2ConsentRequest` to `adminGetOAuth2ConsentRequest` ([475efbc](https://github.com/ory/hydra/commit/475efbcf8e49ea105653a914aecf8a622e3ae5c1))
* **consent:** Rename SDK method from `rejectConsentRequest` to `rejectOAuth2ConsentRequest` ([e0e3da9](https://github.com/ory/hydra/commit/e0e3da9e627f931495ab459462abf000446e9785))
* **consent:** Rename SDK method from `rejectLoginRequest` to `rejectOAuth2LoginRequest` ([37a8839](https://github.com/ory/hydra/commit/37a8839fb1f0b1226504b49bff179328c7010226))
* **consent:** Rename SDK method from `rejectLogoutRequest` to `adminRejectOAuth2LogoutRequest` ([cdffa1e](https://github.com/ory/hydra/commit/cdffa1e053d67190c59b927b966eddb0aba6ba64))
* **consent:** Rename SDK method from `revokeAuthenticationSession` to `adminRevokeOAuth2LoginSessions` ([0a5ebe8](https://github.com/ory/hydra/commit/0a5ebe8fa1eadd00756eb084a2bc654b349ed071))
* **consent:** Rename SDK method from `revokeConsentSessions` to `adminRevokeOAuth2ConsentSessions` ([1108409](https://github.com/ory/hydra/commit/1108409abd1c7e6fdefcf95d376a0c7e33e85cde))
* Deprecate `--dangerous-allow-insecure-redirect-url` flag ([46b5887](https://github.com/ory/hydra/commit/46b58874643b91073caae79668feae6aab5b08d5))
* Deprecate `--dangerous-force-http` flag ([062734e](https://github.com/ory/hydra/commit/062734e16aef0c0d1425ce51ead7c3abeca71ba0))
* Drop TLS by default ([edb042e](https://github.com/ory/hydra/commit/edb042e12fb87cb448dd1b6c2dfa6fee104704c1))
* Environment variable `DATABASE_URL` has been deprecated ([8023d2a](https://github.com/ory/hydra/commit/8023d2a75be4466a0112d747c4b327969879a636))
* Finalize consent SDK methods ([53d225a](https://github.com/ory/hydra/commit/53d225a9806a73a9b2c9fef585ebd63301272f34))
* Generated UUID variant & version test ([#2793](https://github.com/ory/hydra/issues/2793)) ([697813e](https://github.com/ory/hydra/commit/697813e185045cabe997bf3a95de02089eea1a0f)), closes [#2792](https://github.com/ory/hydra/issues/2792)
* Improve performance and reduce data use of consent persistence layer ([#2836](https://github.com/ory/hydra/issues/2836)) ([53862f2](https://github.com/ory/hydra/commit/53862f290c21e599822e11d7554d6437419ee502)):
This patch changes the internal data structure and reduces four (sort of redundant) tables into one. As part of this change, a few new tools have been added:
* Introduce the `hydra sql gen` command and a convenience Make target with autocompletion. The command reads migration templates from a source directory and produces migration files in a target directory. Its main function is to split a single source file into multiple files using split marks.
* Introduce the `hack/db-diff.sh` command to generate database schema diffs at different commits. This script is used to view and review the impact of migrations on the database schema.
* **jwk:** No longer prefix keys with `public` or `private` ([5e2ea0b](https://github.com/ory/hydra/commit/5e2ea0b6c65441983a7e85f9e8434f6068f4fcba))
* **jwk:** Rename SDK methods and introduce `/admin` prefix ([cd007bb](https://github.com/ory/hydra/commit/cd007bbb49bc8d544b5dcfa77088e76cf1ee0b2f))
* Make commands easier to consume ([cc9d9e5](https://github.com/ory/hydra/commit/cc9d9e5b5de070e6521f603ceef806c8284b849b))
* **oauth2:** Clean up changes ([c12b45c](https://github.com/ory/hydra/commit/c12b45cc446991e80acf5d5d0be4131c168fbeb7))
* **oauth2:** Rename SDK method from `deleteOAuth2Token` to `adminDeleteOAuth2Token` ([ea4caf7](https://github.com/ory/hydra/commit/ea4caf73415f131f3df9bf8e41961eac1af7d835))
* **oauth2:** Rename SDK method from `discoverOpenIDConfiguration` to `discoverOidcConfiguration` ([df467a0](https://github.com/ory/hydra/commit/df467a0605a941c4c60968b82b0380932b5e06b8))
* **oauth2:** Rename SDK method from `introspectOAuth2Token` to `adminIntrospectOAuth2Token` ([f2bd9a3](https://github.com/ory/hydra/commit/f2bd9a30a93c35ceb062be4d3c1178bc93e4b387))
* **oauth2:** Rename SDK method from `oauth2Token` to `performOAuth2TokenFlow` ([51b58e7](https://github.com/ory/hydra/commit/51b58e7eadf1b9686903e9c7e454754f02c29956))
* **oauth2:** Rename SDK method from `userinfo` to `getOidcUserInfo` ([4e554e7](https://github.com/ory/hydra/commit/4e554e7a938911f2a9a2a6b6ad2da602f0642095))
* Remove `/oauth2/flush` endpoint ([17c226c](https://github.com/ory/hydra/commit/17c226cc2ad54ed7afc7f7279646cbfabe9363ca))
* Remove `oauth2.include_legacy_error_fields` config ([148cadb](https://github.com/ory/hydra/commit/148cadb2009aabb9c5301bb3f4321e370259adcf))
* Remove HS512 and HS256 jwk key generator ([5fb3049](https://github.com/ory/hydra/commit/5fb3049ee8f04dc03b6365e52486d0fdae9ae0f6))
* Rename `access_log` to `request_log` ([223c8bc](https://github.com/ory/hydra/commit/223c8bc2b1ec002725f834e316735f2d9a34fe5b))
* Rename `hydra clients create` command ([76eb93c](https://github.com/ory/hydra/commit/76eb93c352d5f51bb6f76be82d6ac5fe3a7264be)):
Renames the command to `hydra create client` and changes CLI flags.
* Rename `hydra clients delete` command ([dea2fdd](https://github.com/ory/hydra/commit/dea2fdd0056770173aabad1c4a1497e8f5a8f38a)):
Renames the command to `hydra delete client` and changes CLI flags.
* Rename `hydra clients get` command ([edd4b43](https://github.com/ory/hydra/commit/edd4b43d279040534046f903cdd0f407322a7cf0)):
Renames the command to `hydra get client` and changes CLI flags.
* Rename `hydra clients import` command ([7de7841](https://github.com/ory/hydra/commit/7de78410fc90f8c1ce5b961e92ddb93be66353ba)):
The `hydra clients import` command now supports reading from STDIN as well as the file system, and ships with output formats such as `json` and `json-pretty`.
* Rename `hydra clients list` command ([1c0f971](https://github.com/ory/hydra/commit/1c0f971e8be56697d0f15f1cc59e6d68744f77ad)):
Renames the command to `hydra list client` and changes CLI flags.
* Rename `hydra clients update` command ([7482b77](https://github.com/ory/hydra/commit/7482b77c7124718da696564635094ba57d905922))
* Replace custom key generator with jose key generator ([d2d5512](https://github.com/ory/hydra/commit/d2d551230ede27296cb3b488dd23b00b19b65d1a)):
Closes https://github.com/ory/hydra/issues/1825
* **sdk:** Consent SDK ([e800002](https://github.com/ory/hydra/commit/e800002d09a01cee8f3331541ae6734c499315ac))
* **sdk:** JSON Web Key SDK API ([06d565e](https://github.com/ory/hydra/commit/06d565ebb7771c266d33d9b74cf3eeb500ac9896))
* **sdk:** OAuth 2.0 Trust Relationship SDK ([b0a2b05](https://github.com/ory/hydra/commit/b0a2b0533941e9a784f5925d60653e520269c126))
* **sdk:** OAuth2 SDK API ([142b55f](https://github.com/ory/hydra/commit/142b55f295f811d963cf32c3e7946b9ccd542489))
* **sdk:** Rename errors ([6b60156](https://github.com/ory/hydra/commit/6b601564c1a5c4e29a40d21dc216663c8d7a6fe9))
* **sdk:** Rename oauth2 client operations and payloads ([cb742ad](https://github.com/ory/hydra/commit/cb742ad0d61844aa7bdff2bd8e455c5e7ad49b21))
* **sdk:** Rename PatchDocument to JsonPatchDocument ([a54ea69](https://github.com/ory/hydra/commit/a54ea697412186981d6eb999d121f43ed92cd0ca))
* **trust:** Rename SDK method from `deleteTrustedJwtGrantIssuer` to `adminDeleteTrustedOAuth2JwtGrantIssuer` ([e0be7cf](https://github.com/ory/hydra/commit/e0be7cfe16bf30efa0ebb9f52b5bd8f2fe19e53f))
* **trust:** Rename SDK method from `getTrustedJwtGrantIssuer` to `adminGetTrustedOAuth2JwtGrantIssuer` ([210116e](https://github.com/ory/hydra/commit/210116e32af61cc4720f8bc8da5348bb076e0a1a))
* **trust:** Rename SDK method from `listTrustedJwtGrantIssuers` to `adminListTrustedOAuth2JwtGrantIssuers` ([cb7b9e0](https://github.com/ory/hydra/commit/cb7b9e00dd07ec2d7abbd6357b1cd334b2cb20fe))
* **trust:** Rename SDK method from `trustJwtGrantIssuer` to `adminTrustOAuth2JwtGrantIssuer` ([7edf8df](https://github.com/ory/hydra/commit/7edf8df16ac0c9bb6c6f365c147e16240f210a1e))
### Documentation
* Add required key to all versions in the version schema ([#3233](https://github.com/ory/hydra/issues/3233)) ([ac61740](https://github.com/ory/hydra/commit/ac617401718f11a09f77e41592166ec45a9b23cb))
* Clarify command usage strings ([34cde51](https://github.com/ory/hydra/commit/34cde517e36d88f3e5bde2f7f440d6dd51fd6699))
* Remove mention of CircleCI ([#3240](https://github.com/ory/hydra/issues/3240)) ([75f7b50](https://github.com/ory/hydra/commit/75f7b500394d6322f03d61678fb86d70a97eaab3))
* Update config key descriptions ([919170f](https://github.com/ory/hydra/commit/919170ffd689cd8eddd44f3eb47d9fb498adf922))
### Features
* Add `db.ignore_unknown_table_columns` configuration property ([#3192](https://github.com/ory/hydra/issues/3192)) ([#3193](https://github.com/ory/hydra/issues/3193)) ([5842946](https://github.com/ory/hydra/commit/5842946d156ec1f66c13585da7cfc2be4f6ebb68)):
The property allows to ignore scan errors when columns in the SQL result have no fields in the destination struct.
* Add ability to allow token refresh from hook without overriding the session claims ([#3146](https://github.com/ory/hydra/issues/3146)) ([afa2ea0](https://github.com/ory/hydra/commit/afa2ea030363a1fed82863cfa6c94e4379c9d062)), closes [#3082](https://github.com/ory/hydra/issues/3082)
* Add embedx helpers ([#3189](https://github.com/ory/hydra/issues/3189)) ([ee9032c](https://github.com/ory/hydra/commit/ee9032ce1005f930cd100bf52a170a5483fb3f79))
* Add new key `serve.public.tls.enabled` ([ecacc6d](https://github.com/ory/hydra/commit/ecacc6de1a206a93d700d1a38150bb83468d34a5))
* Add nid tests and resolve issues ([#3102](https://github.com/ory/hydra/issues/3102)) ([a84c5f5](https://github.com/ory/hydra/commit/a84c5f5064a935a745a52a42575fd57bc3dee94f))
* Add SQLite dependency to SQLite Dockerfile ([#3282](https://github.com/ory/hydra/issues/3282)) ([841a153](https://github.com/ory/hydra/commit/841a1535969e86ee6d2dc17c767c656f1908baae))
* Add tag descriptions ([c111a4c](https://github.com/ory/hydra/commit/c111a4ce2ccd33be592340d6cc28d85afa2f82dc))
* Add token prefixes ([60bab08](https://github.com/ory/hydra/commit/60bab0830591560900264d4bc8da3bf5b898cbf7)), closes [#2845](https://github.com/ory/hydra/issues/2845):
This patch adds token prefixes to access tokens (`ory_at_`), refresh tokens (`ory_rt_`), and authorize codes (`ory_ac_`). Token prefixes are useful when scanning for secrets in e.g. git repositories. Token prefixes are only issued for non-JWTs.
* Allow config context ([d894c97](https://github.com/ory/hydra/commit/d894c974d0dbb166ebb93478055cab5de18a5d11))
* Better control for cookie secure flag ([90d539f](https://github.com/ory/hydra/commit/90d539f53dd5d9bacf9dac5a20901990486799f1))
* **client:** Respect ip restrictions in client validation ([cafe89a](https://github.com/ory/hydra/commit/cafe89ad2285a141c642b26d079c2b865db60935))
* **cli:** Improve migrate command handling ([e252654](https://github.com/ory/hydra/commit/e2526547b1c1a7ed69543c2f2d4e005b17e6a016))
* **cli:** Significantly improved `create client` ([bb9c8ba](https://github.com/ory/hydra/commit/bb9c8ba4f7736b6e737528604445dbed05f1b997)), closes [#3091](https://github.com/ory/hydra/issues/3091):
This patch adds output formats to `hydra create client` and makes all client fields configurable as flags.
* Config hot reloading architecture ([bbe0406](https://github.com/ory/hydra/commit/bbe0406df63257a63ecc203bc9ff93417d9c6024))
* Custom client token ttl ([#3206](https://github.com/ory/hydra/issues/3206)) ([9ef671f](https://github.com/ory/hydra/commit/9ef671f284a95e69b60d032acd6da1a6a06219b5)), closes [#3157](https://github.com/ory/hydra/issues/3157):
This change introduces a new endpoint that allows you to control how long client tokens last. Now you can configure the lifespan for each valid combination of Client, GrantType, and TokenType.
* Deprecate autoincrement primary key in hydra_client ([#2784](https://github.com/ory/hydra/issues/2784)) ([6d01e2e](https://github.com/ory/hydra/commit/6d01e2e79b4925c84514d9d47dcd945aee2fafbf)), closes [#2781](https://github.com/ory/hydra/issues/2781)
* Deprecate autoincrement primary key in hydra_jwk ([#2789](https://github.com/ory/hydra/issues/2789)) ([b76a151](https://github.com/ory/hydra/commit/b76a1514b79a3e5ff178057b762b01053854e976)), closes [#2788](https://github.com/ory/hydra/issues/2788)
* Hot-reload TLS certificate ([#3265](https://github.com/ory/hydra/issues/3265)) ([1d13be6](https://github.com/ory/hydra/commit/1d13be6d3b2f03e45cb3f91e9a079e53861edc85))
* Implement NID ([b7fc2bf](https://github.com/ory/hydra/commit/b7fc2bff532aed6b87793d9f3236a69d1be322a1))
* Improve CLI messages ([e934c4f](https://github.com/ory/hydra/commit/e934c4f7769065d964ac9a441d901af8baac728a))
* Improve cloud cli compatibility ([93a626d](https://github.com/ory/hydra/commit/93a626d18a3132f3359e5223704b970a08cfb405))
* Improve cookie settings ([9717cad](https://github.com/ory/hydra/commit/9717cad6141a6c79f13170e7fcf15810fba39072))
* Improve refresh token error messages ([2769c9b](https://github.com/ory/hydra/commit/2769c9b369d133f1766912cdf07c4c0cf214d133))
* Improved cookie controls ([e7834ec](https://github.com/ory/hydra/commit/e7834ecb19e7c9dcb5fe591d991e3c8286f1b0ca)):
New cookie configuration options have been introduced, allowing a higher degree of control:
```yaml
serve:
cookies:
same_site_mode: Lax
same_site_legacy_workaround: false
domain: example.com
names:
login_csrf: ory_hydra_login_csrf
consent_csrf: ory_hydra_consent_csrf
session: ory_hydra_session
```
* Make all ui urls relative ([370a487](https://github.com/ory/hydra/commit/370a48747aea3e311d4ea87887533e9ed6d83b52))
* Make CORS config hot reloadable ([2d5c893](https://github.com/ory/hydra/commit/2d5c8930de693bbed56c9c9c890b744ef199df31))
* Make perform commands ory cloud-able ([954693f](https://github.com/ory/hydra/commit/954693feffbb619d65ac50ebccb8d7adb72c3ecf))
* Pass options from root ([2f91ef4](https://github.com/ory/hydra/commit/2f91ef471c53a6cc444331fbc840ec136e8a3fb7))
* Rebuild containers on start ([5b616d8](https://github.com/ory/hydra/commit/5b616d8ae6eb53071ccf73410c8509d85d415a23))
* Renaming to Ory Network ([#3298](https://github.com/ory/hydra/issues/3298)) ([fbcaaad](https://github.com/ory/hydra/commit/fbcaaade18f961c011e32ea713fb1f1fe0a1bb36))
* Replace hydra's transaction impl with ory/popx/transaction ([77d8dac](https://github.com/ory/hydra/commit/77d8dacb3007838407010c9998e31b62d452ade7))
* Respect local DNS restrictions ([7eb1d1c](https://github.com/ory/hydra/commit/7eb1d1c0ff7189bcd76792ac38e7425e9b7c6f86))
* **sdk:** Add missing bearer security definition ([a85bc7a](https://github.com/ory/hydra/commit/a85bc7ab52aa6bce20eec52985a465fc31544b57))
* **sdk:** Type nulls ([fe70395](https://github.com/ory/hydra/commit/fe70395ae58e52a573bfac7385941d4504a1e403))
* Support alternate hashing algorithms for client secrets ([ddba42f](https://github.com/ory/hydra/commit/ddba42f49837c48d4ee9bf9203ffa81f3b31757c)), closes [rfc6819#section-5](https://github.com/rfc6819/issues/section-5) [/datatracker.ietf.org/doc/html/rfc6819#section-5](https://github.com//datatracker.ietf.org/doc/html/rfc6819/issues/section-5):
This patch adds support for hashing client secrets using pbkdf2 instead of bcrypt, which might be a more appropriate algorithm in certain settings. As we assume that most environments fall in this category, we also changed the default to pbkdf2 with 25.000 rounds (roughly 1-3ms per hash on an Apple M1 Max core).
High hash costs are needed when hashing user-chosen passwords, as users often reuse passwords across sites. A high hash cost will make it much harder for the attacker to guess the user-chosen password and try using it on other sites (e.g. Google).
As most client secrets are auto-generated, using high hash costs is not useful. The password (OAuth2 Client Secret) is not user chosen and unlikely to be reused. As such, there is little point in using excessive hash costs to protect users. High hash costs in a system like Ory Hydra will cause high CPU costs from mostly automated traffic (OAuth2 Client interactions). It has also been a point of critizism from some who wish for better RPS on specific endpoints.
Other systems like Keycloak do not [hash client secrets at all](https://groups.google.com/g/keycloak-dev/c/TmsNfnol0_g), referencing more secure authentication mechanisms such as assertion-based client authentication.
* Support ES256 for generating JWTs ([9a080ad](https://github.com/ory/hydra/commit/9a080ad2fa75c932da6ec0a40602cbfdeee8fd94))
* Switch to otelx ([#3108](https://github.com/ory/hydra/issues/3108)) ([05eaf6d](https://github.com/ory/hydra/commit/05eaf6d3be68f52cbed4de2a8586bfa777d1187f))
* Switch to otelx ([#3108](https://github.com/ory/hydra/issues/3108)) ([47d0518](https://github.com/ory/hydra/commit/47d0518efe71fbb57d6c2e494e33c73ba652089f))
* Tls on public port can now be configured without restrictions ([73d9517](https://github.com/ory/hydra/commit/73d9517572e665ae5b6bcdb53c3666d18a6137c3))
* **tracing:** Add lots of tracing spans ([#3125](https://github.com/ory/hydra/issues/3125)) ([2ee9229](https://github.com/ory/hydra/commit/2ee922938b435fdb58ca804cb29c3136347d8930))
* Upgrade go-swagger ([cce8d60](https://github.com/ory/hydra/commit/cce8d60969a33d28227e59c39b598105d5544bf4))
### Tests
* Add test for access token strategy ([b4865dd](https://github.com/ory/hydra/commit/b4865dd1b7515c7a05a4c198dad7bc6b83ad08b2))
* **conformance:** Add directory ([f5d0885](https://github.com/ory/hydra/commit/f5d088538190e4032cf7705a529eb33272bcac3a))
* **conformity:** Revert admin prefix ([580f33b](https://github.com/ory/hydra/commit/580f33b1fffab2efbf37281a7fd96a2293f35fb3))
* **conformity:** Sdk regression ([15f3cfc](https://github.com/ory/hydra/commit/15f3cfcb56dcc1891f521c4c10ee47c46c73a2ce))
* **e2e:** Add trailing slash to issuer ([fa23960](https://github.com/ory/hydra/commit/fa23960730ce253ef4daf283a183ca84fa1dcdc4))
* **e2e:** Fix build instructions ([415658d](https://github.com/ory/hydra/commit/415658d88d50e291a74ebc3df397781f1a1c521c))
* **e2e:** Fix issuer URL ([03b2340](https://github.com/ory/hydra/commit/03b2340837724e3482bbecba4677152d7c1d8615))
* **e2e:** Fix jwt regression ([647822d](https://github.com/ory/hydra/commit/647822d7a6a032472dfc6ab2eba1e3f5902db655))
* **e2e:** Resolve test regressions ([30855d9](https://github.com/ory/hydra/commit/30855d9e491a7125d2d1cd5c5d1bc3358138f7be))
* **e2e:** Respect metadata ([7bea2e8](https://github.com/ory/hydra/commit/7bea2e8f8f903fcc5468410daf3558bc83dbc14e))
* **e2e:** Upgrade cypress ([40be7bb](https://github.com/ory/hydra/commit/40be7bb5d4a7438dfb073cb5b161e0cabb5d51b5))
* **e2e:** Upgrade jwks-rsa ([8ddf880](https://github.com/ory/hydra/commit/8ddf880c351ab772c156933cdd685da5017e373f))
* Fix a flaky test ([51600f4](https://github.com/ory/hydra/commit/51600f499d9e9ebc18ca6293230b94034b498798))
* Fix assertions on nil pointers ([8710590](https://github.com/ory/hydra/commit/87105903a7e0ceb3192ab13530c838b407abf3a4))
* Fix conformity issues ([2875c19](https://github.com/ory/hydra/commit/2875c190c42416d308483b1b5b7567e53e27a5d8))
* Fix failing master pipeline ([#3283](https://github.com/ory/hydra/issues/3283)) ([f979adb](https://github.com/ory/hydra/commit/f979adb447ded4cefda2f7914544167474d60491))
* Fix flaky equal check ([1100aba](https://github.com/ory/hydra/commit/1100aba1e1c5b9617a2560e42c45c43d6636835b))
* Fix flaky equal check ([2c4615c](https://github.com/ory/hydra/commit/2c4615cea945e1243f3231680f11f609650e5524))
* Fix resp.bodyclose lint error ([f0f5223](https://github.com/ory/hydra/commit/f0f5223a7c84c1599658d2e33eeae6e83dd5f734))
* **hsm:** Do not evaluate HSM private key ([3420026](https://github.com/ory/hydra/commit/3420026a40532074a6787383e33912e7371cd1ae))
* **hsm:** Resolve test issues ([8db9e5b](https://github.com/ory/hydra/commit/8db9e5bb239abf569fbdf1613c3871c560981113))
* Implement network test structure for clients ([8a09175](https://github.com/ory/hydra/commit/8a091750bf4cfc757b1019b0f90b87b1c87f81b9))
* Improve jwk test layout ([3b7a1a7](https://github.com/ory/hydra/commit/3b7a1a754a625c627c754858533a52e4a1b61d5d))
* **migratest:** Add missing cockroach migrations and debug test failures ([5e6c099](https://github.com/ory/hydra/commit/5e6c09952447093add986a2b367cb2089c550d24))
* Refactor migration tests to use fixtures ([#2936](https://github.com/ory/hydra/issues/2936)) ([7b96651](https://github.com/ory/hydra/commit/7b966515fd712ac7ed0416b5c806b2c7cc245a2f)), closes [#2901](https://github.com/ory/hydra/issues/2901)
* Remove unused fixture ([1cf5bd0](https://github.com/ory/hydra/commit/1cf5bd0fc9bbb1724410d97dee8e45e6a8d54c2b))
* Resolve test migration issues ([63b7303](https://github.com/ory/hydra/commit/63b7303d448ad2493e838fdc755349b1f53f6664))
* Test client update and double delete ([3a50926](https://github.com/ory/hydra/commit/3a50926a6996b88216cac3dbbedf8c6d394d89ee))
* Update fixtures ([e77c0d3](https://github.com/ory/hydra/commit/e77c0d35caab9cacc313fe217a4acd616689faa5))
* Update paths to reflect new admin api ([549deda](https://github.com/ory/hydra/commit/549deda85231b04d031f56ecd116e959c72d767d))
* Update resource limits ([9e9ea94](https://github.com/ory/hydra/commit/9e9ea94607c4d9b45e2951adc852d6cb7ffc2d96))
* Update snapshot ([1c9a0d2](https://github.com/ory/hydra/commit/1c9a0d2db34b4792ca4deebbb69ac90fc7af10f0))
* Update snapshots ([5f5c81e](https://github.com/ory/hydra/commit/5f5c81ea0883d83d5d1f6a52cca9c3a7148adfd8))
* Update snapshots ([01dbc0e](https://github.com/ory/hydra/commit/01dbc0eb54f92ecc8595a867bf03c3b6cfc382ce))
* Update snapshots ([34bc743](https://github.com/ory/hydra/commit/34bc743e4b6f3f7b3357237f9e43587a7195664c))
* Update snapshots ([c66a536](https://github.com/ory/hydra/commit/c66a536a08c8f4371df71fcec0a3db5db665c080))
* Use fixed time.Now function in pop ([08968aa](https://github.com/ory/hydra/commit/08968aa9b05bdac8c5dceeda6af837da582272b9))
### Unclassified
* unstaged - refactor sdk use across the board ([34dfc0f](https://github.com/ory/hydra/commit/34dfc0fe576c89514594df5d05e7dee7dc3fc198))
* code review: add missing nid ([2592451](https://github.com/ory/hydra/commit/2592451bbb9e2201a39299cf338563231adf73e8))
* code review ([8e961d0](https://github.com/ory/hydra/commit/8e961d0eb32fa5ca0d8d9dbb32d73231e9f5d80f))
* code review: contextualize config ([10c146b](https://github.com/ory/hydra/commit/10c146b49cb06f6498ec13c724d6be4fc3b35260))
* code review: make sure CreateClient doesn't use provided ID ([8eec85d](https://github.com/ory/hydra/commit/8eec85d35cf514ba59de29efa92226337b8015c5))
* code review: generate first NID randomly; add/update tests; fix db-diff ([00490cb](https://github.com/ory/hydra/commit/00490cbbc5111c07071eb118e3dac813825e2aa5))
* Create networks table ([a2c5e14](https://github.com/ory/hydra/commit/a2c5e142040c25e68668d881f7cfda8e360e4d8a))
# [1.11.10](https://github.com/ory/hydra/compare/v1.11.9...v1.11.10) (2022-08-25)
This release resolves a critical regression introduced in Ory Hydra v1.11.9. Upgrade to this version and skip Ory Hydra v1.11.9 if you have an existing system. The bug can break existing refresh tokens from working.
It includes no other significant changes.
### Bug Fixes
* Improve refresh webhook getter ([d40b1da](https://github.com/ory/hydra/commit/d40b1daf2b62cd9868032fa1c376e1301936c0e1))
* Omit null lifespans ([#3212](https://github.com/ory/hydra/issues/3212)) ([2d080a0](https://github.com/ory/hydra/commit/2d080a01dc39a3f7155cf05938501d59bc5f21bb))
* Regression in session store ([5c4321d](https://github.com/ory/hydra/commit/5c4321d8d605c5c09537e345f56b447ac5856f95))
* Remove special char from snapshot symbols ([7128ad2](https://github.com/ory/hydra/commit/7128ad2a066674c4c1252f2cb1619055e5fbbbd9))
* Revert config changes ([4da64de](https://github.com/ory/hydra/commit/4da64de7502a4de8cca4db6cfa35bdcf485ba7ef))
* Session unmarshalling ([3bb943a](https://github.com/ory/hydra/commit/3bb943a9ac2d4309b43d1cb9bf27bac7cabb86f9))
### Code Generation
* Pin v1.11.10 release commit ([1a6c220](https://github.com/ory/hydra/commit/1a6c22070fc9550796c14b271e816be1dd1b8d78))
# [1.11.9](https://github.com/ory/hydra/compare/v1.11.8...v1.11.9) (2022-08-01)
This release introduces two new features:
- The ability to specify token lifespans on a per-client basis using a new HTTP endpoint;
- The additional context in the refresh token hook.
### Bug Fixes
* Backport fix for client specific CORS ([#1754](https://github.com/ory/hydra/issues/1754)) ([#3163](https://github.com/ory/hydra/issues/3163)) ([996258d](https://github.com/ory/hydra/commit/996258d50ec620c89a8f55a98436320ab99db62b))
* **docs:** Correct the tracing service name environment variable ([6e2343c](https://github.com/ory/hydra/commit/6e2343c68fb662b4af3839f56acff4f85c428f79)):
While I believe this used to be specific to OTEL, it now appears to be
configurable "globally", according to `spec/config.json`.
* Fixed configuration editor for the documentation page ([#3105](https://github.com/ory/hydra/issues/3105)) ([0a77a06](https://github.com/ory/hydra/commit/0a77a069a9d3c7bea425694da44ac1cfbc37923a)):
Closes https://github.com/ory/docs/issues/722
* Handle server error when refresh token requests come same time ([#3207](https://github.com/ory/hydra/issues/3207)) ([e66ba3c](https://github.com/ory/hydra/commit/e66ba3c6b3277e5be772f786df26509f939840e7))
* Link OIDC Certification image ([#3124](https://github.com/ory/hydra/issues/3124)) ([17b517f](https://github.com/ory/hydra/commit/17b517f355f63788b237b2964984df02b56b8c63))
* Ping logic for SQL Registry ([#3095](https://github.com/ory/hydra/issues/3095)) ([a383b5a](https://github.com/ory/hydra/commit/a383b5a655688b203aba49c35c0f9c3cda84483d)), closes [#2734](https://github.com/ory/hydra/issues/2734)
* Swagger for dynamic client registration ([#3141](https://github.com/ory/hydra/issues/3141)) ([9902ec7](https://github.com/ory/hydra/commit/9902ec7333c6e2d271f47f8fc93c43176282d180))
* Updated process ending instructions ([#3176](https://github.com/ory/hydra/issues/3176)) ([b72491e](https://github.com/ory/hydra/commit/b72491ec81dc61ebf5d52ec0f30ae4561f37f9df)):
cmd + c doesn't end the process on macOS but ctrl + c does.
### Code Generation
* Pin v1.11.9 release commit ([8814e79](https://github.com/ory/hydra/commit/8814e7979cad87e454c1d68bb0eb758e28ab9473))
### Documentation
* Fix missing image ([7925597](https://github.com/ory/hydra/commit/79255970787c4793a57fe79d756aa0364b4a9490))
### Features
* Add session and requester to refresh token webhook data ([#3204](https://github.com/ory/hydra/issues/3204)) ([6d23859](https://github.com/ory/hydra/commit/6d23859009dafc8b8f51d0feec04b850c137e19a)), closes [#3203](https://github.com/ory/hydra/issues/3203)
* Add token_endpoint_auth_signing_alg to cli ([#3148](https://github.com/ory/hydra/issues/3148)) ([ed6eb30](https://github.com/ory/hydra/commit/ed6eb3017dfb82f1c1fa97f1d88d023211f1e034))
* Custom client token ttl ([#3206](https://github.com/ory/hydra/issues/3206)) ([9544c03](https://github.com/ory/hydra/commit/9544c03a3bc62de88f5348db30db2f6651c69597)), closes [#3157](https://github.com/ory/hydra/issues/3157):
This change introduces a new endpoint that allows you to control how long client tokens last. Now you can configure the lifespan for each valid combination of Client, GrantType, and TokenType.
# [1.11.8](https://github.com/ory/hydra/compare/v1.11.7...v1.11.8) (2022-05-04)
This release resolves issues in the log module, improves the SDK type definitions, and introduces new configuration options to HSM.
### Bug Fixes
* Add limit and offset to pagination ([#3062](https://github.com/ory/hydra/issues/3062)) ([51f6c5d](https://github.com/ory/hydra/commit/51f6c5d12e38ac82f80d6db34d9d0d788af2d985)), closes [#3033](https://github.com/ory/hydra/issues/3033)
* Add missing flags to config schema ([00100a1](https://github.com/ory/hydra/commit/00100a1bcb60d1836a2c3d6c6a4212e3161b1bda)), closes [#653](https://github.com/ory/hydra/issues/653)
* Configure audit logger ([#3022](https://github.com/ory/hydra/issues/3022)) ([3115dde](https://github.com/ory/hydra/commit/3115dde229a6be936ad4d844d778d6ee82279643))
* Do not use cached version ([422d422](https://github.com/ory/hydra/commit/422d4227e8b599a6eb32b60d432fd0cad95a717a))
* Generated consent model ([#3076](https://github.com/ory/hydra/issues/3076)) ([270dbe0](https://github.com/ory/hydra/commit/270dbe0842827b3ec362a7ec35a56acd33275603))
* Proper response types for 404 errors ([#3072](https://github.com/ory/hydra/issues/3072)) ([e711273](https://github.com/ory/hydra/commit/e711273e935d693d726dde2d97c296bd523f3a1e)), closes [#3064](https://github.com/ory/hydra/issues/3064)
* Remove extraneous call to driver.init() ([#3093](https://github.com/ory/hydra/issues/3093)) ([1590542](https://github.com/ory/hydra/commit/1590542c70f98955aed591e3d929309e2b3b7396))
* Remove unnecessary transaction ([#3029](https://github.com/ory/hydra/issues/3029)) ([d4b2696](https://github.com/ory/hydra/commit/d4b2696bd72b9fc98f3959b13be2fc28aa2263bc))
* **sdk:** Correct polymorph type for consent session ([#3074](https://github.com/ory/hydra/issues/3074)) ([646459a](https://github.com/ory/hydra/commit/646459a55528e7f0805934d34493d78b92476904)), closes [#3058](https://github.com/ory/hydra/issues/3058)
* **sdk:** Incorrect title ([#3014](https://github.com/ory/hydra/issues/3014)) ([d654911](https://github.com/ory/hydra/commit/d654911c0da2e2f9513e62916daf2284186d19de)):
Closes https://github.com/ory/sdk/issues/153
* Sync ports between Dockerfiles and comments ([#3027](https://github.com/ory/hydra/issues/3027)) ([ebd1694](https://github.com/ory/hydra/commit/ebd16940e270561c13aab60a969a4969391d5d80))
* Typo README ([#3078](https://github.com/ory/hydra/issues/3078)) ([7d378f1](https://github.com/ory/hydra/commit/7d378f186cfc140cbb0649557bfd0e2fadd96fff))
* Use default for env var ([2b024b4](https://github.com/ory/hydra/commit/2b024b4f8e98f3efe73018bd57e1d16738d50eeb))
### Code Generation
* Pin v1.11.8 release commit ([337ab3e](https://github.com/ory/hydra/commit/337ab3ec2e363292ff93d5e5641a9b0bb87dba0c))
### Documentation
* Update pricing ([c46f780](https://github.com/ory/hydra/commit/c46f780f4d736a325e63d4542ed3dfbe83431ae6))
* Update README ([#3032](https://github.com/ory/hydra/issues/3032)) ([980c2d8](https://github.com/ory/hydra/commit/980c2d843acc70a23a71dc9b4347d13d70dbc399))
### Features
* Add hsm key set prefix to support multiple hydra instances on the same hsm partition ([#3066](https://github.com/ory/hydra/issues/3066)) ([90523fd](https://github.com/ory/hydra/commit/90523fd0d31930666bd091efeb9346498d92978e)):
This pull request adds configuration option `hsm.key_set_prefix` to support multiple Ory Hydra instances to store keys on the same HSM partition. For example if `hsm.key_set_prefix=app1.` then key set `hydra.openid.id-token` would be generated/requested/deleted on HSM with `CKA_LABEL=app1.hydra.openid.id-token`
This will not affect Hydra API in any way. `GET /keys/hydra.openid.id-token` will return key set from HSM with label `app1.hydra.openid.id-token`.
* Add support for trust grants that can issue tokens for any subject ([#3012](https://github.com/ory/hydra/issues/3012)) ([a3c4304](https://github.com/ory/hydra/commit/a3c4304be2d3988843084d871aa5066d36803219)), closes [#2930](https://github.com/ory/hydra/issues/2930):
Previously, a trust relationship had to be setup for every subject
before the issuer could sign a JWT token for it. This change will allow
setting up token services that can issue tokens with any value in the
subject field.
* Async backchannel logout ([#2849](https://github.com/ory/hydra/issues/2849)) ([22e1ebb](https://github.com/ory/hydra/commit/22e1ebb5742477e924ebac83c711bec08bffd7ba))
* Backchannel request logging ([#3067](https://github.com/ory/hydra/issues/3067)) ([6dda48d](https://github.com/ory/hydra/commit/6dda48dc3e2eb6d4f57e41abcc8b49e71c38e80d))
* Make sensitive log value redaction text configurable ([#3040](https://github.com/ory/hydra/issues/3040)) ([536352c](https://github.com/ory/hydra/commit/536352c15bb054f123e9d62944690a06cff86ba0))
### Tests
* Ensure generator checks are executed ([#3061](https://github.com/ory/hydra/issues/3061)) ([d38f6e6](https://github.com/ory/hydra/commit/d38f6e626baef00cb4cf57cbe59c7b15bea76e06))
# [1.11.7](https://github.com/ory/hydra/compare/v1.11.6...v1.11.7) (2022-02-23)
Ory Hydra has a new place for documentation at [github.com/ory/docs](https://github.com/ory/docs) and [www.ory.sh/docs/hydra](https://www.ory.sh/docs/hydra)! Additionally, the CI/CD infrastructure was moved to GitHub actions.
### Code Generation
* Pin v1.11.7 release commit ([510615b](https://github.com/ory/hydra/commit/510615bcc66231f90c29c1186c28f61366da7e52))
# [1.11.6](https://github.com/ory/hydra/compare/v1.11.5...v1.11.6) (2022-02-23)
Ory Hydra has a new place for documentation at [github.com/ory/docs](https://github.com/ory/docs) and [www.ory.sh/docs/hydra](https://www.ory.sh/docs/hydra)! Additionally, the CI/CD infrastructure was moved to GitHub actions.
### Bug Fixes
* Pass token to render-version-schema ([#3003](https://github.com/ory/hydra/issues/3003)) ([a574689](https://github.com/ory/hydra/commit/a5746898abda877a9072739e519fedd44a2e81a9))
### Code Generation
* Pin v1.11.6 release commit ([49d0d75](https://github.com/ory/hydra/commit/49d0d754c9432b27c7282d39d9b3533f359bc08f))
# [1.11.5](https://github.com/ory/hydra/compare/v1.11.4...v1.11.5) (2022-02-21)
Ory Hydra has a new place for documentation at [github.com/ory/docs](https://github.com/ory/docs) and [www.ory.sh/docs/hydra](https://www.ory.sh/docs/hydra)! Additionally, the CI/CD infrastructure was moved to GitHub actions.
### Bug Fixes
* Only include needed openapi models ([3d4c16f](https://github.com/ory/hydra/commit/3d4c16ffb14b0ae94858a778b0e75a8ac0535229))
* Remove unused npm format in docs ([2519628](https://github.com/ory/hydra/commit/2519628dd9a512d452ef7fb49cfc12b4624cffd4))
* Update mailchimp list ids ([#2995](https://github.com/ory/hydra/issues/2995)) ([172ca9a](https://github.com/ory/hydra/commit/172ca9aabbf154f863233b8590a200617098a252))
### Code Generation
* Pin v1.11.5 release commit ([743468e](https://github.com/ory/hydra/commit/743468eced1c8329d9b11b7a4cd5410e101bb05b))
# [1.11.4](https://github.com/ory/hydra/compare/v1.11.3...v1.11.4) (2022-02-16)
Ory Hydra has a new place for documentation at [github.com/ory/docs](https://github.com/ory/docs) and [www.ory.sh/docs/hydra](https://www.ory.sh/docs/hydra)! Additionally, the CI/CD infrastructure was moved to GitHub actions.
### Bug Fixes
* Pass swag-spec-location to sdk-release ([#2994](https://github.com/ory/hydra/issues/2994)) ([b768bb5](https://github.com/ory/hydra/commit/b768bb5afd452d3eb59faf7b0066e146163cb88b))
### Code Generation
* Pin v1.11.4 release commit ([9e731b6](https://github.com/ory/hydra/commit/9e731b6e30b5aadd30fe3d7d8541db2331b11df2))
# [1.11.3](https://github.com/ory/hydra/compare/v1.11.2...v1.11.3) (2022-02-15)
No significant changes.
### Bug Fixes
* Comply with new fosite persister interface ([#2990](https://github.com/ory/hydra/issues/2990)) ([4c91a39](https://github.com/ory/hydra/commit/4c91a393c9c8bee50557a21b12b01923c874ff14))
### Code Generation
* Pin v1.11.3 release commit ([a3dd4ee](https://github.com/ory/hydra/commit/a3dd4ee051314730f14aa6b7731397fb6e9b90db))
# [1.11.2](https://github.com/ory/hydra/compare/v1.11.1...v1.11.2) (2022-02-11)
Ory Hydra moved from CircleCI to GitHub Actions!
### Code Generation
* Pin v1.11.2 release commit ([7c099f8](https://github.com/ory/hydra/commit/7c099f8b4479a63a1dd582b3c09ff65a7a1008fe))
# [1.11.1](https://github.com/ory/hydra/compare/v1.11.0...v1.11.1) (2022-02-11)
Ory Hydra moved from CircleCI to GitHub Actions!
### Bug Fixes
* Add context where needed ([#2985](https://github.com/ory/hydra/issues/2985)) ([784afd1](https://github.com/ory/hydra/commit/784afd1ab838221b86ba112fcfd57bf5dc9602fd))
* After hook ([2f25cc0](https://github.com/ory/hydra/commit/2f25cc02095ee97a62e5ac1e89fdbb4df8f89c65))
* Goreleaser post-hook ([16a5435](https://github.com/ory/hydra/commit/16a5435cf31b7a89b2512bce073fd5d5fd3abb50))
* Quickstart docker ([6a282a3](https://github.com/ory/hydra/commit/6a282a324918bf998d8b3fe9f8e00ae7f2a5d9bb))
* Remove outdated notice ([#2961](https://github.com/ory/hydra/issues/2961)) ([71c9ca4](https://github.com/ory/hydra/commit/71c9ca4984f3f5b8f45f721964e380ed0c460362))
* Revert back to PATs ([#2977](https://github.com/ory/hydra/issues/2977)) ([c47f537](https://github.com/ory/hydra/commit/c47f537a301a7d63592c34e7f0362fcbd460d71c))
* Use correct swagger methods ([#2966](https://github.com/ory/hydra/issues/2966)) ([3340baa](https://github.com/ory/hydra/commit/3340baa73ad4c9becee27bf44215cd08f570e5bb))
### Code Generation
* Pin v1.11.1 release commit ([d24ddbf](https://github.com/ory/hydra/commit/d24ddbfa4a9319ba057284c5d6d2e0bcca9ce314))
### Code Refactoring
* Migrate docs to ory/docs ([#2982](https://github.com/ory/hydra/issues/2982)) ([159c788](https://github.com/ory/hydra/commit/159c788f581bf9b072c2ebdd6ea2ac2025fa7add))
### Documentation
* Add cloud ([76d4d80](https://github.com/ory/hydra/commit/76d4d805b5f25bc5b9f8fdf2ab3b1660968f3ad3))
* Add options for using SQLite & Cockroach DB to 5min tutorial, fix typo in contribution guidelines ([#2970](https://github.com/ory/hydra/issues/2970)) ([05038de](https://github.com/ory/hydra/commit/05038deebc170258813839ea04caa351aec03639))
* Recommend to start with one container in prod to complete first-time setup. ([#2945](https://github.com/ory/hydra/issues/2945)) ([e257f3e](https://github.com/ory/hydra/commit/e257f3e6a4549b07533557aab941e5a1aa45337e)), closes [/github.com/ory/hydra/discussions/2943#discussioncomment-1997531](https://github.com//github.com/ory/hydra/discussions/2943/issues/discussioncomment-1997531):
This is to ensure multiple concurrent workers don't both generate JWKs needlessly, for example.
* Update readme ([2b1fb64](https://github.com/ory/hydra/commit/2b1fb6421dd25f38aacc6192895be950874fcb7e))
# [1.11.0](https://github.com/ory/hydra/compare/v1.10.7...v1.11.0) (2022-01-21)
Happy new year! We are excited to announce to you the next iteration of Ory Hydra: Version 1.11.0!
This version has significant new features contributed by the awesome Open Source Community - you! But not only that:
**Ory Hydra 2.0 is coming!**
While a major version, we intend to keep all APIs with as few breaking changes as possible. The efforts focus on some long-standing issues in the persistence layer. In particular, data growth rate and performance improvements are the focus areass! If you are interested to see what is going on, check out PR [#2796](https://github.com/ory/hydra/pull/2796)
And Ory Hydra 2.0 will be available as an API in Ory Cloud! If you are interested in Ory Cloud, apply to [Ory Acceleration Program](https://share-eu1.hsforms.com/1KWJxgKzNQWOjR9r5blC41wextgn) and receive a **one-year free subscription for Ory Cloud's Start-Up plan**. The Start-Up plan comes with convenient features such as custom domains and unlimited identities/tokens!
More on timelines and Ory Hydra 2.0 plans will follow later this year.
If these changes are not exciting enough already, Ory Hydra now supports loading Private and Public Keys from Hardware Security Modules, a physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, strong authentication, and other cryptographic functions. Thank you [@aarmam](https://github.com/aarmam) for this amazing work! For more information, please [read the guide](https://www.ory.sh/hydra/docs/next/guides/hsm-support).
Next up, Ory Hydra now natively supports the OpenID Connect Dynamic Client Registration and OAuth2 Dynamic Client Registration Protocol which can be enabled (optionally) in the configuration! Thank you [@fjvierap](https://github.com/fjvierap) for your hard work!
We do not stop there, [@Xopek](https://github.com/Xopek) and [@jagobagascon](https://github.com/jagobagascon) added the Support for JSON Web Token (JWT) Profile for OAuth 2.0 Authorization Grants (RFC7523) to Ory Hydra! This major improvement allows Ory Hydra to have an even better integration API than before!
For our Apple users and everyone eyeballing ARM64, we now distributed binaries and Docker Images for all platforms and CPU architectures, including Apple M1, Linux ARM (v6, v7, v8, ARM64), and - this is new - FreeBSD!
Lastly, we resolved a bug in the configuration loading which now allows loading complex configuration keys from environment variables without hassle!
**Please notice that this release requires SQL migrations to be applied! As always, please make a backup before applying them!**
## Breaking Changes
To celebrate this change, we cleaned up the ways you install Ory software. There is now one central brew / bash curl repository:
```patch
-brew install ory/hydra/hydra
+brew install ory/tap/hydra
-bash <(curl https://raw.githubusercontent.com/ory/kratos/master/install.sh)
+bash <(curl https://raw.githubusercontent.com/ory/meta/master/install.sh) hydra
```
Endpoint `PUT /clients` now returns a 404 error when the OAuth2 Client to be updated does not exist. It returned 401 previously. This change requires you to run SQL migrations!
Co-authored-by: fjviera <javier.viera@mindcurv.com>
Please notice that this change requires SQL migrations to be applied! As always, please make a backup before applying them!
Co-authored-by: aeneasr <3372410+aeneasr@users.noreply.github.com>
Co-authored-by: Jagoba Gascón <jagoba@arima.eu>
Co-authored-by: Gajewski Dmitriy <dmit8815@gmail.com>
### Bug Fixes
* Add hiring notice to README ([#2893](https://github.com/ory/hydra/issues/2893)) ([0a73d8b](https://github.com/ory/hydra/commit/0a73d8be3639372fe9830a65df1334842888814b))
* Bump deps ([#2868](https://github.com/ory/hydra/issues/2868)) ([b287287](https://github.com/ory/hydra/commit/b2872876ac97d8f2066e2044845f428adc0510dd))
* Contributors is upper case ([5bad542](https://github.com/ory/hydra/commit/5bad542ac7c34e564ae7d71832fc2afca47b14dd))
* Error handling in persister ([#2860](https://github.com/ory/hydra/issues/2860)) ([33d75d7](https://github.com/ory/hydra/commit/33d75d791d801b5bbb2ece442c7e2836fce3a657))
* FreeBSD build issue, env loading, add OTEL tracing ([5158faa](https://github.com/ory/hydra/commit/5158faae10e8f55f7134deefcc084d929480e6f1)), closes [#2597](https://github.com/ory/hydra/issues/2597) [#2912](https://github.com/ory/hydra/issues/2912):
This fix addresses an issue where configuration values in arrays could not be loaded from environment variables, which is now possible. For more information on how Ory Hydra parses configuration, [head over to the documentation](https://www.ory.sh/docs/ecosystem/configuring/)!
Additionally, this PR resolves a build issue on FreeBSD - making it now possible to compile Ory Hydra with the FreeBSD target.
Lastly, this change adds OpenTelemetry support!
* Missing imports ([42fec62](https://github.com/ory/hydra/commit/42fec62c074f79a88ac928e86902adc8afc1afd6))
* Missing stack traces ([#2858](https://github.com/ory/hydra/issues/2858)) ([1441658](https://github.com/ory/hydra/commit/144165845aac85f6b91e426872ea02daac541387))
* Patch should not reset client secret ([#2872](https://github.com/ory/hydra/issues/2872)) ([895de01](https://github.com/ory/hydra/commit/895de0120f27a903d97347a012961181bdb5f71f)), closes [#2869](https://github.com/ory/hydra/issues/2869)
* Remove codecov report for internal testhelpers ([52a77a3](https://github.com/ory/hydra/commit/52a77a3e563397c603aa7462899a2e1890c44386)), closes [#2871](https://github.com/ory/hydra/issues/2871)
* Remove contributors file ([565aa2d](https://github.com/ory/hydra/commit/565aa2d46ff12064d8cbef3d874e6e6216ea97f3))
* Update v1.10 installation instructions for linux ([#2799](https://github.com/ory/hydra/issues/2799)) ([45afd0d](https://github.com/ory/hydra/commit/45afd0d836adad948c13f3be6cf06b33deaceddb)):
The documentation for how to install hydra on linux is still using the old version tags
* Use pop/v6 ([b284353](https://github.com/ory/hydra/commit/b284353de64675337a857306610041d16266f63e))
* Version info nil on version api endpoint ([#2894](https://github.com/ory/hydra/issues/2894)) ([440e0b8](https://github.com/ory/hydra/commit/440e0b824289b821d82ac0add18a80a94c848323))
### Code Generation
* Pin v1.11.0 release commit ([5355a1a](https://github.com/ory/hydra/commit/5355a1abe709c92cf0bdb838395fd1933cd5e9c9))
### Documentation
* Fix grammar issues and typos ([#2830](https://github.com/ory/hydra/issues/2830)) ([49b582c](https://github.com/ory/hydra/commit/49b582c5b3b6df4c11845986f87693ce2df0c64b))
* ORY -> Ory to follow styleguides ([#2941](https://github.com/ory/hydra/issues/2941)) ([5895d03](https://github.com/ory/hydra/commit/5895d03a37ae8b1fd34db9dafdfbcfef449b4b3c))
* Update bash install ([5ca99e5](https://github.com/ory/hydra/commit/5ca99e5988c6e9262e341c2d5376c3b419909d5c))
* Update coverage badge ([1f89973](https://github.com/ory/hydra/commit/1f899732da3751c89d3b2d3ec298cc8159a4f5f5)), closes [#2871](https://github.com/ory/hydra/issues/2871)
* Use Ory instead of ORY in the documentation ([#2939](https://github.com/ory/hydra/issues/2939)) ([1b2f6a6](https://github.com/ory/hydra/commit/1b2f6a675e40bcb5bddbc1b8602e6f698cb40642))
### Features
* Add list of authors ([#2831](https://github.com/ory/hydra/issues/2831)) ([511a668](https://github.com/ory/hydra/commit/511a66898aae7191db922a25957fb84245cd7d26)), closes [#2829](https://github.com/ory/hydra/issues/2829)
* Add shellcheck to circleci ([#2835](https://github.com/ory/hydra/issues/2835)) ([38cbcc0](https://github.com/ory/hydra/commit/38cbcc02a0689fa28c1ccd892e7069d1b34516a6)), closes [#2832](https://github.com/ory/hydra/issues/2832)
* **docs:** Opentelemetry tracing ([74da7b6](https://github.com/ory/hydra/commit/74da7b6b0a0e92ec4162141b10de2df3c9fed587))
* ES256 for JWK generation ([#2828](https://github.com/ory/hydra/issues/2828)) ([5795bc3](https://github.com/ory/hydra/commit/5795bc3e650815a69c89e591925621eff4b63a11)), closes [#2453](https://github.com/ory/hydra/issues/2453)
* Hardware Security Module support ([#2625](https://github.com/ory/hydra/issues/2625)) ([7578aa9](https://github.com/ory/hydra/commit/7578aa9f3ad16beff669d6749e248d44b61359ae)):
This change introduces support for Hardware Security Modules, a physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, strong authentication, and other cryptographic functions.
If enabled, the Hardware Security Module is used to look up any keys. If no key is found, the software module is used as a fallback for lookup. This allows you to use the HSM for privileged keys, and the software module to manage lifecycle keys (e.g. for Token Exchange).
For more information, please [read the guide](https://www.ory.sh/hydra/docs/next/guides/hsm-support).
Thank you to [aarmam](https://github.com/aarmam) for this great contribution!
* Native ARM64 support in Docker and Binaries ([abffb09](https://github.com/ory/hydra/commit/abffb098cfc51ee4a045f833cc79b23ec4bacb31)):
This release adds important security updates for the base Docker Images (e.g. Alpine). Additionally, Ory Hydra now has full ARM support have been resolved and the binaries are now downloadable for all major platforms.
* OpenID Connect Dynamic Client Registration and OAuth2 Dynamic Client Registration Protocol ([#2909](https://github.com/ory/hydra/issues/2909)) ([6a18f62](https://github.com/ory/hydra/commit/6a18f62935bccaed85acadf6010e0e3a395ea538)), closes [#2568](https://github.com/ory/hydra/issues/2568) [#2549](https://github.com/ory/hydra/issues/2549):
This feature adds first-class support for two IETF RFCs and one OpenID Spec:
- [OpenID Connect Dynamic Client Registration 1.0](https://openid.net/specs/openid-connect-registration-1_0.html)
- [OAuth 2.0 Dynamic Client Registration Protocol](https://tools.ietf.org/html/rfc7591)
- [OAuth 2.0 Dynamic Client Registration Management Protocol](https://tools.ietf.org/html/rfc7592)
To enable this feature, which is disabled by default, set
```yaml
oidc:
dynamic_client_registration:
enabled: true
```
in your Ory Hydra configuration. Once enabled, endpoints `POST`, `GET`, `PUT`, and `DELETE` for `/connect/register` will be available at the public port!
* Support for urn:ietf:params:oauth:grant-type:jwt-bearer grant type RFC 7523 ([#2384](https://github.com/ory/hydra/issues/2384)) ([858f2cf](https://github.com/ory/hydra/commit/858f2cf362996f46a8f86841e359336e877436c5)), closes [#2229](https://github.com/ory/hydra/issues/2229):
This change adds support for JSON Web Token (JWT) Profile for OAuth 2.0 Authorization Grants (RFC7523).
Users of Ory Hydra will be able to grant permission for OAuth 2.0 Client to act on behalf of some Resource Owner using JWT Bearer Assertions.
For more information about this feature, please head over to the documentation: https://www.ory.sh/hydra/docs/next/guides/oauth2-grant-type-jwt-bearer
# [1.10.7](https://github.com/ory/hydra/compare/v1.10.6...v1.10.7) (2021-10-27)
Ory Hydra v1.10.7 ships an exciting new feature that enables the updating of access and ID tokens during a refresh flow via an HTTP webhook. To set it up, use the `oauth2.refresh_token_hook` configuration to set up an HTTP(S) endpoint which receives a POST request when a refresh token is about to be issued!
And even more exciting, we would like to invite you to our first developer conference which is happening tomorrow and the day after (October 28th and 29th, 2021). The event is [digital and tickets are free](https://www.ory.sh/summit21). After short keynotes from Ory's founders Aeneas (hackerman) and Thomas (tacurran), you will learn from fellow community members and contributors about building robust authorization and authentication, best practices for modern cloud infrastructure and many other developer topics! **[Grab your free tickets now!](https://www.ory.sh/summit21)**
Additionally, improvements to tracing, documentation, ID token claims have been merged. Also, Ory Hydra now no longer takes 3 seconds for the CLI to become responsive as we have found a transient dependency that caused slow initialization times:
```
$ time hydra
hydra 1.87s user 1.90s system 620% cpu 0.607 total
$ time ./hydra-v1.10.7
./hydra-patch 0.03s user 0.01s system 8% cpu 0.450 total
$ time ./hydra-v1.10.7
./hydra-patch 0.02s user 0.01s system 104% cpu 0.032 total
```
Please note that the location of our Homebrew tap has changed for Ory Hydra from `ory/ory/hydra` to `ory/tap/hydra`:
```patch
- brew install ory/ory/hydra
+ brew install ory/tap/hydra
```
All homebrew taps will move to this location, including Ory Kratos, Ory Oathkeeper, Ory Keto, and the Ory CLI!
## Breaking Changes
Please note that the location of our Homebrew tap has changed for Ory Hydra from `ory/ory/hydra` to `ory/tap/hydra`:
```patch
- brew install ory/ory/hydra
+ brew install ory/tap/hydra
```
### Bug Fixes
* Add content-type header to hook request ([#2775](https://github.com/ory/hydra/issues/2775)) ([8d0e5e6](https://github.com/ory/hydra/commit/8d0e5e65dddae4f510448c136be91c28e2d091e0))
* Broken note ([#2769](https://github.com/ory/hydra/issues/2769)) ([c84427d](https://github.com/ory/hydra/commit/c84427d334af0342bd06955054c8fc73199ada2e))
* Documentation correction mentioned in the issue ([#2732](https://github.com/ory/hydra/issues/2732)) ([#2773](https://github.com/ory/hydra/issues/2773)) ([ea7a20c](https://github.com/ory/hydra/commit/ea7a20c0f5dfedbbd02da046735163018391b55b))
* Ignore dockertest in sdk generator ([f9506db](https://github.com/ory/hydra/commit/f9506dbc0ba15dd883ae5c86bab627e3261e24fd))
* List oauth2 clients query parameter 'name' -> 'client_name' ([#2747](https://github.com/ory/hydra/issues/2747)) ([283c351](https://github.com/ory/hydra/commit/283c3514c63eba87d314013977c21bbebb9f1c6d)):
This commit renders the docs to be in parity with an earlier change [1]
Reference(s):
[1] https://github.com/ory/hydra/pull/2706
* Replace fatal error of jaeger initialization with print ([#2777](https://github.com/ory/hydra/issues/2777)) ([433ce74](https://github.com/ory/hydra/commit/433ce7467db29b13640ff10d9f3b81831f508cb6)), closes [#2642](https://github.com/ory/hydra/issues/2642)
* Resolve panic caused by new prometheus library ([ff0a43e](https://github.com/ory/hydra/commit/ff0a43ec66520dd97970f67c4c33cd6e71e5bbc8))
* Resolve prometheus panic ([f38511f](https://github.com/ory/hydra/commit/f38511fe38674977691a1d644c2f0879ec9153c4))
* Slow hydra start up time ([ce1b378](https://github.com/ory/hydra/commit/ce1b378021828f3c48340c0d8f22f820be77f883)):
Found a deeply nested dependency which was importing `https://github.com/markbates/pkger`, causing unreasonable CPU consumption and significant delay at start up time. With this patch, start up time was reduced from almost 2 seconds to 0.03s seconds for cold starts and ~0.02s for hot starts.
```
$ time hydra
hydra 1.87s user 1.90s system 620% cpu 0.607 total
$ time ./hydra-patch
./hydra-patch 0.03s user 0.01s system 8% cpu 0.450 total
$ time ./hydra-patch
./hydra-patch 0.02s user 0.01s system 104% cpu 0.032 total
```
* Sqlite regression ([5881c13](https://github.com/ory/hydra/commit/5881c1368b20fa7cd27e0142dcc6816ce96198e6))
* Update client filter to client_name ([#2706](https://github.com/ory/hydra/issues/2706)) ([dee4fa2](https://github.com/ory/hydra/commit/dee4fa278701010a20ca8617d59dd21d7be83583)), closes [#2691](https://github.com/ory/hydra/issues/2691)
* Upgrade regression ([da58453](https://github.com/ory/hydra/commit/da58453db1abf11ef120455b77a0edaec9952ed3))
### Code Generation
* Pin v1.10.7 release commit ([0a42535](https://github.com/ory/hydra/commit/0a425352a80867ab7457e89414c3c30efd7d645c))
### Code Refactoring
* Change location of homebrew tap ([1eeeeae](https://github.com/ory/hydra/commit/1eeeeae059549e50d6c8a5a0ff2c6be3037d73c4))
### Documentation
* Clarify endpoint ([#2757](https://github.com/ory/hydra/issues/2757)) ([d772748](https://github.com/ory/hydra/commit/d772748be7902dd76366c16359ead2e84b54b4c6)), closes [#2751](https://github.com/ory/hydra/issues/2751)
* Faq item ([#2678](https://github.com/ory/hydra/issues/2678)) ([856ccc0](https://github.com/ory/hydra/commit/856ccc0cd3a0b5f7bb58e25c15f4013000b29a50))
* K8s installation section ([#2724](https://github.com/ory/hydra/issues/2724)) ([aec73bb](https://github.com/ory/hydra/commit/aec73bb15c960bbd7cb8b3925c04b45289647a6b))
* Remove outdated information in doc configuration section ([#2723](https://github.com/ory/hydra/issues/2723)) ([3f16045](https://github.com/ory/hydra/commit/3f16045dcd000b1b2f87ab059d745869b5450bc6))
* Typos ([#2798](https://github.com/ory/hydra/issues/2798)) ([0274fcc](https://github.com/ory/hydra/commit/0274fcc3d6160d93ed9b8c3a9fc561a994ba8714))
* Typos in docs ([#2808](https://github.com/ory/hydra/issues/2808)) ([a2bacc8](https://github.com/ory/hydra/commit/a2bacc88b3b863375d0ac40f48f9963db12cfcc1))
* Update installation section helm command ([#2725](https://github.com/ory/hydra/issues/2725)) ([f6a4dc6](https://github.com/ory/hydra/commit/f6a4dc6d68d7551dc54361a5dd497ecbe9b1af92))
* Update k8s examples section part of the page ([#2719](https://github.com/ory/hydra/issues/2719)) ([048156d](https://github.com/ory/hydra/commit/048156dba821a24573c64f074b8e4023f31e89f2))
* Update k8s examples section part of the page ([#2720](https://github.com/ory/hydra/issues/2720)) ([1d6eeba](https://github.com/ory/hydra/commit/1d6eeba521429ca76bbfb88fe2a47a2b3579303a))
* Update oauth2 debug swction ([#2717](https://github.com/ory/hydra/issues/2717)) ([a2cdc08](https://github.com/ory/hydra/commit/a2cdc0869321e6a67c93dee2e1f07952efd62ef6))
### Features
* Add EdDSA support ([#2782](https://github.com/ory/hydra/issues/2782)) ([2ea49da](https://github.com/ory/hydra/commit/2ea49daca624ede51fba604ddf1f2c5ded9c523a))
* Add method to detect public keys without prefixing ([#2758](https://github.com/ory/hydra/issues/2758)) ([b12e70c](https://github.com/ory/hydra/commit/b12e70c9a08ad62490731f57b5bfcb52c64217f0)), closes [#2459](https://github.com/ory/hydra/issues/2459)
* Include amr claim in ID token ([#2770](https://github.com/ory/hydra/issues/2770)) ([f701310](https://github.com/ory/hydra/commit/f701310a8b78eef1f0fb090509ae9385150e1424)), closes [#1756](https://github.com/ory/hydra/issues/1756)
* Introduce cve scanning ([#2772](https://github.com/ory/hydra/issues/2772)) ([e5295c6](https://github.com/ory/hydra/commit/e5295c6bb7188978ba6310c049f33c47a407d7a7))
* Making use of the updated instrumentedsql version ([#2713](https://github.com/ory/hydra/issues/2713)) ([0a9df15](https://github.com/ory/hydra/commit/0a9df1579bb3196134c8b3ede8f28977365518e3))
* Refresh token hook to update claims ([#2649](https://github.com/ory/hydra/issues/2649)) ([1a7dcd1](https://github.com/ory/hydra/commit/1a7dcd1c464a9707237108a894f7b1d10f27c79a)), closes [#2570](https://github.com/ory/hydra/issues/2570):
This patch adds a new feature to Ory Hydra which allows the updating of access and ID tokens during the refresh flow. To set it up, use the `oauth2.refresh_token_hook` configuration to set up a HTTP(S) endpoint which receives a POST request when a refresh token is about to be issued.
* Support updating keys in CLI ([#2460](https://github.com/ory/hydra/issues/2460)) ([e874f4f](https://github.com/ory/hydra/commit/e874f4f300012f363c0bdf685458d0c56c5a8477)), closes [#2436](https://github.com/ory/hydra/issues/2436)
# [1.10.6](https://github.com/ory/hydra/compare/v1.10.5...v1.10.6) (2021-08-28)
This release primarily resolves issues with the SDK publishing pipeline.
### Bug Fixes
* Documentation SYSTEM_SECRET -> SECRETS_SYSTEM ([#2686](https://github.com/ory/hydra/issues/2686)) ([184a3c4](https://github.com/ory/hydra/commit/184a3c45a6fef792458af101778f1bd0c6719d83))
* Typo in errors.go ([#2699](https://github.com/ory/hydra/issues/2699)) ([df08c7f](https://github.com/ory/hydra/commit/df08c7fca52bee51a3a379ef675dc9ac71641b9f))
### Code Generation
* Pin v1.10.6 release commit ([f1771f1](https://github.com/ory/hydra/commit/f1771f13dd954b37330d4e90d89df41fc40be460))
### Documentation
* Section for debugging jwks based client errors ([#2680](https://github.com/ory/hydra/issues/2680)) ([87f4a58](https://github.com/ory/hydra/commit/87f4a58cbc9c2075ba5902d64118a073707c3ef7))
# [1.10.5](https://github.com/ory/hydra/compare/v1.10.3...v1.10.5) (2021-08-13)
This patch introduces a faster and better janitor (database clean up routine), the ability to filter OAuth2 Clients by owner and name, and resolves a regression when parsing config environment variables.
### Bug Fixes
* Docs generator ([564d18b](https://github.com/ory/hydra/commit/564d18b3e25e10ca1829433a1dc95dd63a9dc61c))
### Code Generation
* Pin v1.10.5 release commit ([0456f54](https://github.com/ory/hydra/commit/0456f54d6bada387c1c06fe5e89d334f247809a0))
### Documentation
* Add long flag --grant-types in 5min tutorial ([#2650](https://github.com/ory/hydra/issues/2650)) ([4083684](https://github.com/ory/hydra/commit/4083684bc685ec4c1a60f87bae10d67abd4a7287))
### Features
* Add owner/name filter to list clients ([#2637](https://github.com/ory/hydra/issues/2637)) ([ea6fdfd](https://github.com/ory/hydra/commit/ea6fdfd6318b964280606a83d733e1e01c4a5b30)), closes [#1485](https://github.com/ory/hydra/issues/1485)
* Improve delete queries for janitor command ([#2540](https://github.com/ory/hydra/issues/2540)) ([6ea0bf8](https://github.com/ory/hydra/commit/6ea0bf8f4dc990667c6911c92a1ad644733745be)), closes [#2513](https://github.com/ory/hydra/issues/2513):
This patch improves delete queries by separating the data extraction from actual delete. Extraction is made with a configurable limit, using the `--limit` CLI flag. Deletes use that list in batch mode with a configurable batch size (`--batch-size` CLI flag). Default value for limit is 100000 records and default value for batch size is 100 records.
To improve performance, `LEFT JOIN` is used to select also login and consent requests which did not result in a complete authentication, i.e. user requested login but timed out or user logged in and timed out at consent. Also, two independent `SELECT`s are used in the extraction of login and consent requests eligible for deletion. This solves a bug in the single `SELECT` causing deletion of consent requests where matching login requests were eligible for deletion and vice versa. With independent `SELECT`s we keep consent requests even if matching login request gets deleted.
# [1.10.3](https://github.com/ory/hydra/compare/v1.10.2...v1.10.3) (2021-07-14)
Ory Hydra v0.10.3 brings several bug fixes and configuration features, in particular:
1. Adding the `hydra keys import` command;
2. Passing the `client_id` in the logout request;
3. Resolving prometheus cardinality issues;
4. Moving to `go-jose` for JSON Web Keys and JSON Web Tokens;
5. Supporting PKCE discovery in `/.well-known/`;
6. Support for Instana tracing.
For a full list of changes, please check below!
### Bug Fixes
* Add RFC 8414 pkce info to OpenID Connect Discovery ([#2547](https://github.com/ory/hydra/issues/2547)) ([9693168](https://github.com/ory/hydra/commit/96931685da3b01b1b43c5286c6b5025ff505e50a)), closes [#2311](https://github.com/ory/hydra/issues/2311)
* Add the missing keys import command ([#2521](https://github.com/ory/hydra/issues/2521)) ([c4bc248](https://github.com/ory/hydra/commit/c4bc248b3fc6bc147b0d703e7bcba3ae7ddc399e)), closes [#2520](https://github.com/ory/hydra/issues/2520)
* Audience should include client ID ([#2455](https://github.com/ory/hydra/issues/2455)) ([8c70394](https://github.com/ory/hydra/commit/8c703945e91fed257432d63a1c1340a5af021e8a))
* Build issues ([5de255b](https://github.com/ory/hydra/commit/5de255b09ea308a10d004055f5145a80430ee4b4))
* Correct CodeFromRemote syntax ([#2626](https://github.com/ory/hydra/issues/2626)) ([d3ee859](https://github.com/ory/hydra/commit/d3ee8598316f5b71f6c3dff021d57026f700b538))
* Intro docs ([#2602](https://github.com/ory/hydra/issues/2602)) ([bc87822](https://github.com/ory/hydra/commit/bc8782247314835653303d147ad74a416507006e))
* No more windows workaround ([#2632](https://github.com/ory/hydra/issues/2632)) ([db73b44](https://github.com/ory/hydra/commit/db73b441916ea11713b5ebde9aafb60f7a9e426d)), closes [#2160](https://github.com/ory/hydra/issues/2160)
* **oauth2:** Enforce assertion check on userinfo aud field ([#2524](https://github.com/ory/hydra/issues/2524)) ([c463d9f](https://github.com/ory/hydra/commit/c463d9f8932f36857fd539b1221868ebaee0e736)):
This is so the check on the `ok` variable is effectual. Prior to this patch the type assertion on the *client.Client was setting the value of `ok`. Due to the fact the type assertion on *client.Client is already checked and on a false value it exits the func, this value will *always* be true.
* Prometheus URL label ([#2503](https://github.com/ory/hydra/issues/2503)) ([f588ec6](https://github.com/ory/hydra/commit/f588ec69d4fa03f602d3cbb20abd4188195a7375)), closes [#2502](https://github.com/ory/hydra/issues/2502)
* README exemplary apps ([#2579](https://github.com/ory/hydra/issues/2579)) ([60e7042](https://github.com/ory/hydra/commit/60e70426583c0bdd879ff498b19d84fc4fc095e7))
* Resolve config parsing regression ([58deacf](https://github.com/ory/hydra/commit/58deacf5b2e860e027d1cbf0f0220b92177d9a3d)), closes [#2518](https://github.com/ory/hydra/issues/2518)
* Resolve sdk build issues ([68976f8](https://github.com/ory/hydra/commit/68976f8f6fa3b465dd5b13272e989050e472714c))
* Resolve sdk build issues ([1807e89](https://github.com/ory/hydra/commit/1807e893fd3f94c2a840a353b542f29962f57b05))
* Resolve swagger generation issues ([#2610](https://github.com/ory/hydra/issues/2610)) ([53a50dd](https://github.com/ory/hydra/commit/53a50ddfb520939dd4fce76d9812398809dc300e))
* Use prebuilt ory cli and bump ory/x ([#2605](https://github.com/ory/hydra/issues/2605)) ([0f95e01](https://github.com/ory/hydra/commit/0f95e017056ca20eff641c862c668fe5f44b7769)), closes [#2596](https://github.com/ory/hydra/issues/2596)
* Wrong description ([#2589](https://github.com/ory/hydra/issues/2589)) ([5553a6f](https://github.com/ory/hydra/commit/5553a6f29d1f2c78da2adec3ea6d514acfda6100)), closes [#2587](https://github.com/ory/hydra/issues/2587)
* WWW-Authenticate header in userinfo handler ([#2454](https://github.com/ory/hydra/issues/2454)) ([f701b28](https://github.com/ory/hydra/commit/f701b28eaabe81df6834ee9a9d32beda5c2d2b33))
### Code Generation
* Pin v1.10.3 release commit ([ea93158](https://github.com/ory/hydra/commit/ea931581eb54ab5dc142ea1f81357f25b8e4156a))
### Code Refactoring
* Integrate with fosite `v0.40` (go-jose migration) ([#2526](https://github.com/ory/hydra/issues/2526)) ([5bdc4bc](https://github.com/ory/hydra/commit/5bdc4bc1561b8da28edc82afda027482e54e41f3))
### Documentation
* Clearer wording in SPA notice for HTML forms ([#2565](https://github.com/ory/hydra/issues/2565)) ([64a332a](https://github.com/ory/hydra/commit/64a332a98fc1c3a73e4b39b58b21b4cd61f5b240)):
See https://ory-community.slack.com/archives/C012RBW0F18/p1621977892051700
* Fix erroneous sidebar commit ([94ded27](https://github.com/ory/hydra/commit/94ded27cb85db9958491ca9f3960462446d8165a))
* Fix typo ('ROCP' to 'ROPC') ([#2633](https://github.com/ory/hydra/issues/2633)) ([00e15aa](https://github.com/ory/hydra/commit/00e15aa001e68698afb440097baf19e5423bfb15))
* Link to correct doc in help command ([#2631](https://github.com/ory/hydra/issues/2631)) ([3e5760f](https://github.com/ory/hydra/commit/3e5760f56d93b7797fb97a348624e2778ab864f4)), closes [#2366](https://github.com/ory/hydra/issues/2366)
* Move api docs to top level ([243a617](https://github.com/ory/hydra/commit/243a617343c01565aca2f412f16e63a36dfef997))
* New redoc api docs ([9fb505f](https://github.com/ory/hydra/commit/9fb505f25c57fff6316405cec41393b82caa3d3b))
* Rename sidebar api ([f14d2e7](https://github.com/ory/hydra/commit/f14d2e71a32f8a05220557c888ee6d4d604c432e))
* Replace `oryd` in examples with `ory` ([#2600](https://github.com/ory/hydra/issues/2600)) ([5796994](https://github.com/ory/hydra/commit/579699427c59fab84de65a28230dba4d1f4104e0))
### Features
* Add custom claims to top-level JWT payload ([#2545](https://github.com/ory/hydra/issues/2545)) ([63402de](https://github.com/ory/hydra/commit/63402dee7604141118fead91491abe6763150f1c)), closes [#1974](https://github.com/ory/hydra/issues/1974)
* Add instana as possible tracing provider ([#2548](https://github.com/ory/hydra/issues/2548)) ([f74fe90](https://github.com/ory/hydra/commit/f74fe90d585146984919d12e180b3ab5da702cdc))
* Add max_conn_idle_time flag ([#2551](https://github.com/ory/hydra/issues/2551)) ([81e0784](https://github.com/ory/hydra/commit/81e0784b7615da0ce5d56df50232cc7ccaf0096c))
* Import keys with a default key id ([#2563](https://github.com/ory/hydra/issues/2563)) ([cd3014c](https://github.com/ory/hydra/commit/cd3014cdf316c8c1256315d6460cd25a52a0df3a))
* Pass client in logout request ([#2483](https://github.com/ory/hydra/issues/2483)) ([43b391d](https://github.com/ory/hydra/commit/43b391d95f17cfd7414786cec0c602c15e29e956)), closes [#2468](https://github.com/ory/hydra/issues/2468)
# [1.10.2](https://github.com/ory/hydra/compare/v1.10.1...v1.10.2) (2021-05-04)
This maintenance release resolves regressions introduce in Ory Hydra v1.10.1. A big change is that Ory Hydra now support PATCH operations for OAuth2 Clients and is able to handle TLS for admin and public endpoints individually.
## Breaking Changes
This patch makes it so that already handled consent/login/logout requests respond with 410 Gone instead of 409 Conflict. Additionally, a URL is included that the user should be redirected to!
Co-authored-by: hackerman <3372410+aeneasr@users.noreply.github.com>
This patch changes how issuer and public URLs are used. Please be aware that going forward, the public URL is used for redirects. Previously, the issuer URL was used. If no public URL is set, the issuer URL will be used as before.
### Bug Fixes
* CookieStore MaxAge value ([#2485](https://github.com/ory/hydra/issues/2485)) ([#2488](https://github.com/ory/hydra/issues/2488)) ([aafc901](https://github.com/ory/hydra/commit/aafc901eb09cd26e1c11f2204f46fc1d67517b92)):
CookieStore MaxAge is set to 86400 * 30 by default. This prevents secure cookies retrieval with expiration > 30 days. MaxAge: 0 disables MaxAge check by SecureCookie, thus allowing sessions lasting > 30 days.
* Do not use error_hint anymore ([#2450](https://github.com/ory/hydra/issues/2450)) ([ff90c47](https://github.com/ory/hydra/commit/ff90c47ff52c30ffeb0f9740b870be0f5313fd04))
* Handled requests respond with 410 Gone and include redirect URL ([#2473](https://github.com/ory/hydra/issues/2473)) ([e3d9158](https://github.com/ory/hydra/commit/e3d9158aebb750386c4dd2ebed0dfdaf5b374805)), closes [#1569](https://github.com/ory/hydra/issues/1569)
* Link in documentation ([#2478](https://github.com/ory/hydra/issues/2478)) ([5fdd913](https://github.com/ory/hydra/commit/5fdd91302a8068956515c750a7d160dfa10057a6))
* Login and consent redirect behavior change since 1.9.x ([#2457](https://github.com/ory/hydra/issues/2457)) ([2f3a1af](https://github.com/ory/hydra/commit/2f3a1afb09c96400484f0e4b397c6b811fe72fe4)), closes [#2363](https://github.com/ory/hydra/issues/2363):
Allow #fragment in configured url to keep backwards compatibility.
* Make token user command work with public clients ([#2479](https://github.com/ory/hydra/issues/2479)) ([a033d6a](https://github.com/ory/hydra/commit/a033d6a732c13b2d15ba073f582a994d174e299c))
* Resolve clidoc issues ([f6e5958](https://github.com/ory/hydra/commit/f6e59589eba86f179ac4462f1b00fc1d2066d4b5))
* Resolve specignore issues ([1431167](https://github.com/ory/hydra/commit/143116732bdf86ba92a1e42928519edb23ed53b7))
* Use PublicURL where given ([#2441](https://github.com/ory/hydra/issues/2441)) ([eefefd5](https://github.com/ory/hydra/commit/eefefd514f691bbf0a7e59e395be1b9341668e90)), closes [#2422](https://github.com/ory/hydra/issues/2422)
* Valid JSON response for already handled requests ([#2517](https://github.com/ory/hydra/issues/2517)) ([ac61616](https://github.com/ory/hydra/commit/ac61616322e3f58319b5fd778441f442a6a9f156)), closes [#2515](https://github.com/ory/hydra/issues/2515)
* Version schema ([#2427](https://github.com/ory/hydra/issues/2427)) ([7781215](https://github.com/ory/hydra/commit/77812158ec414bc1529a7503bcd8d1fe84dfff4d))
### Code Generation
* Pin v1.10.2 release commit ([e8c3a06](https://github.com/ory/hydra/commit/e8c3a06e047f058986e29e0e9395db03aff731de))
### Code Refactoring
* Move unix socket support helpers into ory/x ([#2486](https://github.com/ory/hydra/issues/2486)) ([44fd4e4](https://github.com/ory/hydra/commit/44fd4e42f09ac2bccb4beb51f1646e11e85eca2b))
### Documentation
* Add dotnet sdk ([#2431](https://github.com/ory/hydra/issues/2431)) ([014c773](https://github.com/ory/hydra/commit/014c773d70e6fac0e856f5d78b5fe2feafd73e5a))
* Add php link sdk page & fix links ([#2469](https://github.com/ory/hydra/issues/2469)) ([47cf3c7](https://github.com/ory/hydra/commit/47cf3c76c3e9566763297fbd33a7f59af00cd74f))
* Change forum to discussions readme ([#2451](https://github.com/ory/hydra/issues/2451)) ([aa2919d](https://github.com/ory/hydra/commit/aa2919dc14fbfb2185638dd4de73401fc1b5e594)):
same as https://github.com/ory/kratos/pull/1220
* Fix uppercase id ([8ac186c](https://github.com/ory/hydra/commit/8ac186c207a4f50aaf929ddaf6349c5055cac92e))
* Guide for merging system.secrets ([#2448](https://github.com/ory/hydra/issues/2448)) ([5466d4e](https://github.com/ory/hydra/commit/5466d4e3e834b7c5114e074b8e7fb07e37c967f6))
### Features
* Add the MaxTagValueLength config for jaeger of tracing ([#2482](https://github.com/ory/hydra/issues/2482)) ([03c96ee](https://github.com/ory/hydra/commit/03c96ee22d781939a3fe9cf01763da44242a2308)), closes [#2447](https://github.com/ory/hydra/issues/2447)
* Enable "nbf" (not before) claim to be optional for Access Token ([#2437](https://github.com/ory/hydra/issues/2437)) ([666cd25](https://github.com/ory/hydra/commit/666cd2580def07735c6fdaca346dd194ea2edff5)), closes [#1542](https://github.com/ory/hydra/issues/1542)
* Global docs sidebar and added cloud pages ([#2495](https://github.com/ory/hydra/issues/2495)) ([7f7362b](https://github.com/ory/hydra/commit/7f7362b437fe073a022fd811635b14851c61bfb4))
* Implement partial client updates (PATCH) with JSON Patch syntax ([#2411](https://github.com/ory/hydra/issues/2411)) ([540c89d](https://github.com/ory/hydra/commit/540c89d68e7efbd9043cb0147e10781cd61021a6)):
Implements a new endpoint `PATCH /clients/{id}` which uses JSON Patch syntax to update an OAuth2 client partially. This removes the need to do `PUT /clients/{id}` with the full OAuth2 Client in the payload.
* Split TLS config into admin and public interfaces ([#2476](https://github.com/ory/hydra/issues/2476)) ([60704d4](https://github.com/ory/hydra/commit/60704d490c46840ccad966b3d0ef074913285fab)), closes [#1231](https://github.com/ory/hydra/issues/1231) [#1962](https://github.com/ory/hydra/issues/1962):
Adds the possibility to specify TLS certificates for admin and public endpoints individually. Also improves compatibility for internal networks (e.g. Kubernetes) by removing the need for having TLS termination on admin endpoints. This can be enabled by setting `serve.admin.tls.enabled` to false.
# [1.10.1](https://github.com/ory/hydra/compare/v1.9.2...v1.10.1) (2021-03-25)
We are excited to announce Ory Hydra v1.10.0!
This release adds significant data management improvements. As such, we introduce the new "hydra janitor" command which cleans up stale data and can be run, for example, as a (Kubernetes) CronJob.
The new janitor command is able to clean up invalid and expired access and refresh tokens as well as login and consent requests. This solves issues observed in installations with lots of traffic.
This patch refactors the internal file embed system by migrating to Go 1.16, simplifying and speeding up the build process.
To follow OAuth2 best-practice, refresh tokens will now invalidate the whole access and refresh token chain if reused.
### Bug Fixes
* Add docs/node_modules make target ([b302501](https://github.com/ory/hydra/commit/b302501b60da8263617966201eab5e99c733481e))
* Add network specific error message to avoid confusion ([#2367](https://github.com/ory/hydra/issues/2367)) ([56d71e6](https://github.com/ory/hydra/commit/56d71e67c4b985f03bc374faf998543b5bb21221)), closes [#2338](https://github.com/ory/hydra/issues/2338)
* Adds sqa section to config.schema.json ([#2360](https://github.com/ory/hydra/issues/2360)) ([89df8d7](https://github.com/ory/hydra/commit/89df8d7b3e295115fc930b6aabe4ec4148dd42f2)), closes [#2358](https://github.com/ory/hydra/issues/2358):
Move from viper to koanf caused env vars without corresponding
paths in config.schema.json to be ignored. This commit adds
missing sqa section, so the SQA_OPT_OUT env var has effect again.
* Adopt new cli renderer pipeline ([02483ce](https://github.com/ory/hydra/commit/02483ce4c00d53d897830a2aaa7ff0a6d540dc3a))
* Better http resiliency and sqlite updates ([883a84f](https://github.com/ory/hydra/commit/883a84f88721b75ff56c28796d00ab7e748e467b))
* Improve cache and update CI images to go 1.16 ([#2388](https://github.com/ory/hydra/issues/2388)) ([7803202](https://github.com/ory/hydra/commit/78032026e940ad10ac9df20eb42dff5cc2bd0be4))
* Increase conformance test timeout ([e9bd064](https://github.com/ory/hydra/commit/e9bd06421a8b3843280c6ef5aa41ba34eaab7d1d))
* Record cypress videos ([c9d0a26](https://github.com/ory/hydra/commit/c9d0a262c13087348454747b260e9b5d1b743384))
* Resolve clidoc issues ([8257cb2](https://github.com/ory/hydra/commit/8257cb29c896467324b362662de55ca811bfb181))
* Resolve docs build issues ([6612099](https://github.com/ory/hydra/commit/6612099b49c3f7e4f6aebe0dfbec7e74f696e0b9))
* Resolve e2e test issues ([4812f54](https://github.com/ory/hydra/commit/4812f5492fdc7ae97f4e7a1b11f46ab55ca10521))
* Resolve migrator duplicate files ([b1f63ff](https://github.com/ory/hydra/commit/b1f63fffe1cc5539f774aef5e82e6f872eee5474))
* Resolve migrator regression issues ([cdfc03d](https://github.com/ory/hydra/commit/cdfc03d800a1968b9a090a03f829c7b7208277d6))
* Revert mode default and maximum values ([#2349](https://github.com/ory/hydra/issues/2349)) ([b20fc48](https://github.com/ory/hydra/commit/b20fc48db6b494b1fb20d1745b748ae90aa325ba)):
I made a mistake in previous pull request, these socket mode values are in decimal, not octal format. Sorry.
* Update janitor help ([b7965c6](https://github.com/ory/hydra/commit/b7965c6fb4efb5c376417d77da8b7b9742da3ffd))
* Use appropriate migrations with precedence ([b61d05c](https://github.com/ory/hydra/commit/b61d05cebe14f99519ad38cca7ccb9ca0e0fb57b))
* Use gelf windows hotfix ([0cac0f1](https://github.com/ory/hydra/commit/0cac0f1e5ef098a6058bcc352d585b1a8e024eb3))
* Use go 1.16 in conformity suite ([3fbda05](https://github.com/ory/hydra/commit/3fbda05ab2bca1ecadedf2f5408687c8f6e03f1e))
### Code Generation
* Pin v1.10.1 release commit ([2287ac5](https://github.com/ory/hydra/commit/2287ac592fc5a06b1bd3e9f54340a67395452b46))
### Documentation
* Faq custom data ([#2334](https://github.com/ory/hydra/issues/2334)) ([471e85d](https://github.com/ory/hydra/commit/471e85d282e1a8fc731bdaaa1c9375d2fb964b87))
* Fix basic examples for the golang SDK ([#2399](https://github.com/ory/hydra/issues/2399)) ([6806865](https://github.com/ory/hydra/commit/680686512bc1a5261bc5a9034d88a7bef6a4922d))
* Fix subject identifier algorithms to match configuration ([#2400](https://github.com/ory/hydra/issues/2400)) ([dd19b86](https://github.com/ory/hydra/commit/dd19b86b015decdfda456289cd970c70f45f3270)):
On https://www.ory.sh/hydra/docs/reference/configuration/ under 'subject identifiers' the name for defining which subject identifier algorithms are supported it is called "supported_types", not "enabled" as in these pages.
* Improve readme tests section ([#2380](https://github.com/ory/hydra/issues/2380)) ([277afe9](https://github.com/ory/hydra/commit/277afe9d1a191ad3b2ec21e5197ecc09146def61))
* Quickstart config ([#2328](https://github.com/ory/hydra/issues/2328)) ([f20f645](https://github.com/ory/hydra/commit/f20f645998cadd066a3d027ceb78002b340442b9))
* Update config.schema.json default values ([#2348](https://github.com/ory/hydra/issues/2348)) ([8494822](https://github.com/ory/hydra/commit/849482209b6f270dfd7965a1f3d6de39feb3cd58)):
Updated wrong config schema values
* Update examples to new helm install command format ([#2369](https://github.com/ory/hydra/issues/2369)) ([f006556](https://github.com/ory/hydra/commit/f006556f584a63009af5117c449a52d11aa72a14)):
Tried example with helm 3.5.2 and it does not support `--name` flag. So I moved name and repository to first line of commands.
### Features
* Add --no-shutdown flag to "hydra token user" to prevent auto-termination ([#2382](https://github.com/ory/hydra/issues/2382)) ([#2386](https://github.com/ory/hydra/issues/2386)) ([a17d10e](https://github.com/ory/hydra/commit/a17d10e7c273069e9cac18a9ea0326200bc2b569))
* Add front/backchannel logout params to client cli ([#2387](https://github.com/ory/hydra/issues/2387)) ([055f801](https://github.com/ory/hydra/commit/055f801eb76e187b3fa70e6a474d68a0d56f766b)), closes [#1487](https://github.com/ory/hydra/issues/1487)
* Flush inactive/expired login and consent requests ([#2381](https://github.com/ory/hydra/issues/2381)) ([f039ebb](https://github.com/ory/hydra/commit/f039ebbdf315715deb44fc20fb3fdef3f4fa7b51)), closes [#1574](https://github.com/ory/hydra/issues/1574):
This patch resolves various table growth issues caused by expired/inactive login and consent flows never being purged from the database.
You may now use the new `hydra janitor` command to remove access & refresh tokens and login & consent requests which are no longer valid or used. The command follows the `notAfter` safe-guard approach to ensure records needed to be kept are not deleted.
To learn more, please use `hydra help janitor`.
This patch phases out the `/oauth2/flush` endpoint as the janitor is better suited for background tasks, is easier to run in a targeted fashion (e.g. as a singleton job), and does not cause HTTP timeouts.
* Flush refresh tokens for service oauth2/flush ([#2373](https://github.com/ory/hydra/issues/2373)) ([b46a14c](https://github.com/ory/hydra/commit/b46a14cd6d260a7dee748de34abfea54908f1a0b)), closes [/github.com/ory/hydra/issues/1574#issuecomment-736684327](https://github.com//github.com/ory/hydra/issues/1574/issues/issuecomment-736684327)
* Move to go 1.16 and static embed files ([6fa591c](https://github.com/ory/hydra/commit/6fa591c849c3d63b036d7a4001496f42f02b821b))
* Refresh token reuse detection ([#2383](https://github.com/ory/hydra/issues/2383)) ([bc349f1](https://github.com/ory/hydra/commit/bc349f1fbaf19340081d9a6c097de2b76e848e46)), closes [#2022](https://github.com/ory/hydra/issues/2022):
This patch adds support for Refresh Token reuse Detection introduced by https://github.com/ory/fosite/pull/567. Ory Hydra's persister no longer deletes refresh tokens when using them, but instead deactivates them - similar to how authorization codes work.
### Tests
* Bump cypress to newer version and add resilience ([c76309c](https://github.com/ory/hydra/commit/c76309cf9faba46162af7dc856a99cbccf6403a9))
* Bump ory/x and resolve regressions ([1a03c07](https://github.com/ory/hydra/commit/1a03c0778bc088bb7a7932fb6794fe3707bea4c2))
* Fix record arg ([b248406](https://github.com/ory/hydra/commit/b248406d44bd580b795d8e15f6e0f57eeb4f173b))
* Improve e2e script and add record option ([9d4764d](https://github.com/ory/hydra/commit/9d4764d80706941185ffb56fb0fff067f07ddd08))
* Resolve flaky cypress tests ([356b05f](https://github.com/ory/hydra/commit/356b05f600ca58029b22ed11af850b3ba369ae62))
* Resolve migration regression ([e59e2bc](https://github.com/ory/hydra/commit/e59e2bc9eb58b9bbf14d5e591ebaf04b7de19c6d))
* Use cypress fetchers ([2aa0980](https://github.com/ory/hydra/commit/2aa09804f670e4f24d8ee7df7feae94b12394ee3))
* Use go 1.16 in conformity ([ccd983d](https://github.com/ory/hydra/commit/ccd983d707fd6b98f848f1206e151a44fcfc3b51))
### Unclassified
* Do not send 404 on revoke consent / delete login ([#2397](https://github.com/ory/hydra/issues/2397)) ([854b9ee](https://github.com/ory/hydra/commit/854b9eed7916b098c35ddc466d01788d101491f3))
* Resolve oidc conformity regression ([1049602](https://github.com/ory/hydra/commit/10496024e5edbd96d6bdbb8342bb1724a2dd0a52))
# [1.9.2](https://github.com/ory/hydra/compare/v1.9.1...v1.9.2) (2021-01-29)
This release adds more telemetry data to the prometheus exporter.
### Code Generation
* Pin v1.9.2 release commit ([f0580e2](https://github.com/ory/hydra/commit/f0580e2581e202ec7299f45822db37228228aee9))
### Features
* Enable emittance of response time metrics ([#2323](https://github.com/ory/hydra/issues/2323)) ([c1f1ba5](https://github.com/ory/hydra/commit/c1f1ba5c9ed80fc27b1d4cad60dc843827587572))
# [1.9.1](https://github.com/ory/hydra/compare/v1.9.0...v1.9.1) (2021-01-27)
This release makes [Dart](https://pub.dev/packages/ory_hydra_client) and [Rust](https://crates.io/crates/ory-hydra-client) SDKs available for Ory Hydra!
### Code Generation
* Pin v1.9.1 release commit ([5cedc9e](https://github.com/ory/hydra/commit/5cedc9e2f84bcff27dd55d34064d2d5951cdcaa5))
### Documentation
* Add faq items ([8d31cb3](https://github.com/ory/hydra/commit/8d31cb34a23b2224cd8858ba51089ba5f3b155c5)):
Added two items to the FAQ that were sitting in meta/tmp.
* Add link endings. ([#2313](https://github.com/ory/hydra/issues/2313)) ([1316cc0](https://github.com/ory/hydra/commit/1316cc00439c1b256b780f7de6878a7dc6cda19a)), closes [#38](https://github.com/ory/hydra/issues/38)
* Add Rust and Dart SDKs ([c4b4f73](https://github.com/ory/hydra/commit/c4b4f73eb250db364eefe3d83fdf3780c7834f6f)):
We now support for Rust and Dart SDKs!
* Fix npm links ([#2303](https://github.com/ory/hydra/issues/2303)) ([341f3ed](https://github.com/ory/hydra/commit/341f3ede500bff4b0d07e7e8b8d264f2291f2baa))
* Quickstart cleanup ([#2324](https://github.com/ory/hydra/issues/2324)) ([a8ad705](https://github.com/ory/hydra/commit/a8ad70524c58d73e45fa690fe4b9f848013183ce))
* Reorg faq sidebar ([#2318](https://github.com/ory/hydra/issues/2318)) ([4fdb7f1](https://github.com/ory/hydra/commit/4fdb7f1c8e31fe5c024e1c562077d4516f934f52))
* Update before oauth2.mdx ([#2299](https://github.com/ory/hydra/issues/2299)) ([d2ee4f6](https://github.com/ory/hydra/commit/d2ee4f6cd308a2b61fd4ef7f8fcebb2901190a58)), closes [#2295](https://github.com/ory/hydra/issues/2295)
* Update javascript documentation ([a2b3a49](https://github.com/ory/hydra/commit/a2b3a49e56afa5ae18a522198f1744e43b4f779f)):
Closes https://github.com/ory/sdk/issues/22
* Update npm package name ([#2302](https://github.com/ory/hydra/issues/2302)) ([d05d82e](https://github.com/ory/hydra/commit/d05d82e926a726fd4fe0179363a140ca59e40c10)):
Changed npm client package from @oryd/hydra-client to @ory/hydra-client
# [1.9.0](https://github.com/ory/hydra/compare/v1.9.0-rc.0...v1.9.0) (2021-01-12)
Today, we are very excited to announce the stable release of ORY Hydra 1.9! This release contains significant internal code refactoring, making ORY Hydra more reliable, lightweight, and even more scalable! Also, for the first time ever, **ORY Hydra handled over 13.3 billion API requests in December 2020** in over **23.000 production environments** around the globe.
Let's talk features - in a TL;DR overview:
- Completely replacing the existing DBAL and switching to gobuffalo/pop.
- Support for SQLite, an embedded database, which can be used for testing and tiny deployments.
- Deprecating the existing configuration system [spf13/viper](https://github.com/spf13/viper) and moving to [knadh/koanf](https://github.com/knadh/koanf).
- Adding OpenID Connect Conformity Test Suite to the CI, guaranteeing that every code change is fully OpenID Connect compliant.
- Support for the OpenID Connect `response_mode=form_post` Response Mode.
- Compatibility with MITREid, allowing [easy migration from MITREid to ORY Hydra](https://www.ory.sh/hydra/docs/next/guides/migrating-from-MITREid).
- The TypeScript SDK moved from **@oryd/hydra-client to @ory/hydra-client**. Please update your dependencies!
If you wish to get into ORY Hydra, check out the new YouTube tutorial:
[](https://www.youtube.com/watch?v=tlO9p2E501A)
*See you on [slack](https://slack.ory.sh), signed [HACKERMAN](https://github.com/aeneasr).*
**ORY Kratos**
We would like to take a bit of your time and introduce you to [ORY Kratos](https://github.com/ory/kratos). ORY Kratos implements all the hard things related to users: [login](https://www.ory.sh/kratos/docs/self-service/flows/user-login), [registration](https://www.ory.sh/kratos/docs/self-service/flows/user-registration), [customizable profile fields](https://www.ory.sh/kratos/docs/concepts/identity-data-model/), [multi-factor authentication scheduled for v0.6](https://www.ory.sh/kratos/docs/self-service/flows/2fa-mfa-multi-factor-authentication), [secure account recovery](https://www.ory.sh/kratos/docs/self-service/flows/account-recovery), [email and SMS verification](https://www.ory.sh/kratos/docs/self-service/flows/verify-email-account-activation), [profile management](https://www.ory.sh/kratos/docs/self-service/flows/user-settings), [session and device management](https://github.com/ory/kratos/issues/655), [user administration](https://www.ory.sh/kratos/docs/admin/managing-users-identities), [social sign in and sign up](https://www.ory.sh/kratos/docs/concepts/credentials/openid-connect-oidc-oauth2/), and much, much more! Everything works with proven and ORY-hardened protocols in the same lightweight fashion you are used to from our other products. And it natively targets mobile, desktop, web, and robots! [ORY Kratos](https://github.com/ory/kratos) is essentially an open-source alternative to Auth0, Okta, and Google Firebase with the added benefit of avoiding the complexity of implementing OAuth2 and OpenID Connect for your first-party apps just to get login to work. So if you are wondering [**whether you really need OAuth2**](https://www.ory.sh/hydra/docs/concepts/before-oauth2), this is worth your time!
To get a feeling for ORY Kratos, check out our exemplary React Native app (available on [GitHub](https://github.com/ory/kratos-selfservice-ui-react-native), [Android](https://play.google.com/store/apps/details?id=com.ory.kratos_self_service_ui_react_native&hl=en&gl=US) and [iOS](https://apps.apple.com/de/app/ory-profile-app/id1536546333)) demonstrating user registration, login, and profile management. It uses APIs from ORY Cloud, which will be publicly announced this year. If you are interested in becoming an early adopter, [get in touch now](mailto:jared@ory.sh)! We have more super exciting stuff planned!
**Changes in-depth**
Let's break down the most significant changes in more detail:
**The configuration system has been reworked**
1. Configuration sourcing works from all sources (file, env, cli flags) with validation against the configuration schema. This makes changing or updating configuration much easier.
2. Configuration reloading is improved and works on Kubernetes.
3. Performance gains remove the need for a cache layer between the configuration system and ORY Hydra.
4. Loading of several config files is now possible using the `--config` flag.
5. Configuration values are now sent to the tracer (e.g. Jaeger) if tracing is enabled.
Please be aware that deprecated configuration flags have been removed with this change. It is also possible that ORY Hydra might complain about an invalid configuration due to a significantly improved validation process.
**The [OpenID Connect Conformity Test Suite](https://gitlab.com/openid/conformance-suite) is now part of the ORY Hydra CI pipeline.**
This means every PR and change will be checked for OpenID Connect Compliance. As part of these tests, we uncovered some regression issues which have since been resolved. Please be aware that fields `error_hint` and `error_debug` will no longer be sent. You can re-enable those legacy fields by setting `oauth2.include_legacy_error_fields` to `true`.
**Supporting `response_mode=form_post`**
Support OpenID Connect flows `response_mode=form_post` was added and has been tested with the OpenID Connect Conformity Test Suite, making it ready for production.
**Compatibility with MITREid**
Adds an option that allows granting the OAuth2 Client's authorized scope when performing a `client_credentials` flow without specifying a scope. This enables compatibility with MITREid and allows [migrating from MITREid to ORY Hydra](https://www.ory.sh/hydra/docs/next/guides/migrating-from-MITREid).
**Refactoring the internal DBAL**
We completely refactored the internal database abstraction layer (DBAL). We have been using [gobuffalo/pop](https://github.com/gobuffalo/pop) successfully in [ORY Kratos](https://github.com/ory/kratos) and decided to move the ORY Hydra DBAL to [gobuffalo/pop](https://github.com/gobuffalo/pop) as well. As part of this refactoring, ORY Hydra now supports SQLite for both in-memory as well as on-disk databases, de-duplicating the codebase and allowing for quick and easy persistence in test environments.
### Code Generation
* Pin v1.9.0 release commit ([7120b4f](https://github.com/ory/hydra/commit/7120b4f5d038f065df4fa80d7dbbb8aa8bd0b987)):
Bumps from v1.9.0-alpha.1
# [1.9.0-rc.0](https://github.com/ory/hydra/compare/v1.9.0-alpha.4.pre.0...v1.9.0-rc.0) (2021-01-12)
This is a pre-release for ORY Hydra 1.9.0
### Code Generation
* Pin v1.9.0-rc.0 release commit ([e8fc76b](https://github.com/ory/hydra/commit/e8fc76b94faaf18abf6df4d58bf89b085e849bb2)):
Bumps from v1.9.0-alpha.1
# [1.9.0-alpha.4.pre.0](https://github.com/ory/hydra/compare/v1.9.0-alpha.3...v1.9.0-alpha.4.pre.0) (2021-01-12)
autogen: pin v1.9.0-alpha.4.pre.0 release commit
### Bug Fixes
* Add 400 as possible reply to /oauth2/token ([24daede](https://github.com/ory/hydra/commit/24daede2a63ec94e6f556e220f316e854a186422)), closes [#2260](https://github.com/ory/hydra/issues/2260)
* Bump ory/x and update config usage ([#2248](https://github.com/ory/hydra/issues/2248)) ([4937a00](https://github.com/ory/hydra/commit/4937a00b9a09e6cbc6706978cc6aad74f80d4c75))
* Do not require unset pairwise ([4136aaf](https://github.com/ory/hydra/commit/4136aaf3da40d5fa548de23ae92cdb4c01c837fd))
* Improve version regex ([17d9599](https://github.com/ory/hydra/commit/17d9599559b0f9b6578c85054b12d12ac98d0c0b)), closes [#2255](https://github.com/ory/hydra/issues/2255)
* Update schema reference for subject_identifiers.supported_types ([0e14a08](https://github.com/ory/hydra/commit/0e14a08d338eaf9966fe2d15e15bfd2c4077929c)), closes [#2270](https://github.com/ory/hydra/issues/2270)
### Code Generation
* Pin v1.9.0-alpha.4.pre.0 release commit ([9766b27](https://github.com/ory/hydra/commit/9766b27122d19241948c0a77830eb006e7c4767b))
### Documentation
* Add note about mounting the config file when using docker ([#2235](https://github.com/ory/hydra/issues/2235)) ([766e8f1](https://github.com/ory/hydra/commit/766e8f1a6dd6fbf73a055ff9d49cf1b271a1cfd4)), closes [#2231](https://github.com/ory/hydra/issues/2231)
* Change deprecated fallback url ([#2275](https://github.com/ory/hydra/issues/2275)) ([0bf61aa](https://github.com/ory/hydra/commit/0bf61aa5e1c2f42108ad2cab47ca492c6ac6d64a)), closes [#2254](https://github.com/ory/hydra/issues/2254)
* Client api upper bound on limit parameter ([#2277](https://github.com/ory/hydra/issues/2277)) ([bc2bbd2](https://github.com/ory/hydra/commit/bc2bbd2f6253ca4ec76e6701ec2a9459dbf64c24)), closes [#2267](https://github.com/ory/hydra/issues/2267)
* Corrected a link within the docs ([#2257](https://github.com/ory/hydra/issues/2257)) ([0dd4e64](https://github.com/ory/hydra/commit/0dd4e64db8a5dccef96e2482b822ac08ee736bec))
* Fix incorrect version replacements ([70a6b8f](https://github.com/ory/hydra/commit/70a6b8fd520b361645312990433ad21548b76856))
* Fix typo ([#2264](https://github.com/ory/hydra/issues/2264)) ([82ba2df](https://github.com/ory/hydra/commit/82ba2dfdadfdd8e9530d7312aca3bab7d077d4ce))
* OAUTH2_ERROR_URL -> URLS_ERROR ([#2263](https://github.com/ory/hydra/issues/2263)) ([f9b8205](https://github.com/ory/hydra/commit/f9b820521b7aad121e2c746f276711e54ffdb910))
* Oidc.subject_identifiers config key change ([#2232](https://github.com/ory/hydra/issues/2232)) ([2172f25](https://github.com/ory/hydra/commit/2172f25ee599e2df016daffa6692f92e5f5ee277)):
oidc.subject_identifiers.enabled is now oidc.subject_identifiers.supported_types. Docs should get updated.
* Update install from source instructions ([bcfd9b7](https://github.com/ory/hydra/commit/bcfd9b72c68c6c9d2550a9ec511543363fc99d72))
# [1.9.0-alpha.3](https://github.com/ory/hydra/compare/v1.9.0-alpha.2...v1.9.0-alpha.3) (2020-12-08)
We are excited to present the next big step towards ORY Hydra 1.9! In this release we completely refactored the configuration internals and moved from [spf13/viper](https://github.com/spf13/viper) to [knadh/koanf](https://github.com/knadh/koanf):
1. Configuration sourcing works from all sources (file, env, cli flags) with validation against the configuration schema, greatly improving the developer experience when changing or updating configuration.
2. Configuration reloading has improved significantly and works excellently on Kubernetes.
3. Performance gains that remove the need for a cache layer between the configuration system and ORY Hydra.
4. Loading of several config files using the `--config` flag now possible.
5. Configuration values are now sent to the tracer (e.g. Jaeger) if tracing is enabled.
Please be aware that deprecated configuration flags have finally been removed with this change. It is also possible that ORY Hydra might complain about an invalid configuration due to a significantly improved validation process.
In addition, this release includes the new OpenID Connect Conformity Test Suite as part of the ORY Hydra CI pipeline. This means every PR and change will be checked for OpenID Connect Compliance. As part of these tests, we uncovered some regression issues which have since been resolved. Please be aware that fields `error_hint` and `error_debug` will no longer be sent. You can re-enable those legacy fields by setting `oauth2.include_legacy_error_fields` to `true`.
Furthermore, support for OpenID Connect flows `response_mode=form_post` was added and has been tested with the OpenID Connect Conformity Test Suite, making it ready for production.
Several other bugs have been resolved and we have completely overhauled the tests, deprecating test tables in favor of test suites. This greatly improves the readability of our tests and allows new contributors to more easily understand what is going on!
If you wish to get into ORY Hydra, check out the newly published YouTube tutorial:
[](https://www.youtube.com/watch?v=tlO9p2E501A)
## Breaking Changes
After battling with [spf13/viper](https://github.com/spf13/viper) for several years we finally found a viable alternative with [knadh/koanf](https://github.com/knadh/koanf). The complete internal configuration infrastructure has changed, with several highlights:
1. Configuration sourcing works from all sources (file, env, cli flags) with validation against the configuration schema, greatly improving developer experience when changing or updating configuration.
2. Configuration reloading has improved significantly and works flawlessly on Kubernetes.
3. Performance increased dramatically, completely removing the need for a cache layer between the configuration system and ORY Hydra.
4. It is now possible to load several config files using the `--config` flag.
5. Configuration values are now sent to the tracer (e.g. Jaeger) if tracing is enabled.
Please be aware that deprecated configuration flags have finally been removed with this change. It is also possible that ORY Hydra might complain about an invalid configuration, because the validation process has improved significantly.
This patch requires running SQL Migrations. Please be aware that a NOT NULL column is being dropped which could require a lot of time when the `authentication_session` table contains a lot of data.
This patch removes `error_hint` and `error_debug` fields from OAuth2 responses. These are now all merged into `error_description` which is according to the OAuth2 and OpenID Connect specification. If you wish to keep the old behavior around, set `oauth2.include_legacy_error_fields` to `true` in your ORY Hydra configuration.
Applying this patch requires running SQL migrations. The SQL migrations will remove a UNIQUE constraint and add new INDEX to several tables which should speed up certain operations. Please be aware that this might cause certain databases to lock which could be problematic if there are many rows affected.
This changes the OAuth2 Token Introspection response to ensure compliance with the OAuth2 Token Introspection specification. Previously, `token_type` would return `access_token` or `refresh_token`. The specification however mandates that `token_type` is always `Bearer`. This patch resolves that issue. The previous behaviour of `token_type` has now been moved to `token_use` which can be `access_token` or `refresh_token`.
### Bug Fixes
* Add encrypt_at_rest option to config schema ([3219c16](https://github.com/ory/hydra/commit/3219c16d640e4630161a72b2895fc52fac0b1590))
* Add required aud, jti claims to userinfo response ([d0697fa](https://github.com/ory/hydra/commit/d0697fab291e73b2a8f32e655ac4d4127f53b782))
* Add standardized client registration errors ([02a9137](https://github.com/ory/hydra/commit/02a91370e75485abcc19a4bf8163a6ae9816becd)):
Adds new errors to fully comply with the OpenID Connect Dynamic Client Registration specification.
* Allow all request object signing algs per default ([edc54c2](https://github.com/ory/hydra/commit/edc54c25eba9a4fde818e9974e2c03fcebe49e2b)):
This patch resolves an issue where RS256 would be the only allowed request object signing algorithm. The spec however mandates that all algorithms are allowed if the client does not explicitly set the request object signing algorithm.
* Allow lower bcrypt values and add tests ([812a21c](https://github.com/ory/hydra/commit/812a21cf42318d32d57982dbdbf2b1683b808653))
* Document describe error ([#2208](https://github.com/ory/hydra/issues/2208)) ([b59bdf8](https://github.com/ory/hydra/commit/b59bdf8582e61dff6bea72a94874a44744160298))
* Ensure consistent auth_time in session handling ([e973ffe](https://github.com/ory/hydra/commit/e973ffe04c34520f6f3ea3452bbfd954f307a6e1))
* Increase parallelism to 4 ([ae02706](https://github.com/ory/hydra/commit/ae027064d2afd004b4efc1aaaffff1c693e4eb28))
* Mark false gosec positive ([206d1ee](https://github.com/ory/hydra/commit/206d1eee8b3a627a0b9111dfd3fee9c73037cdde))
* Nonce is not required for hybrid flows ([c708ada](https://github.com/ory/hydra/commit/c708adadfb0647fa09f7001ef15db1da749ea319))
* Quickstart yml ([5ebd984](https://github.com/ory/hydra/commit/5ebd984f8b6d157fc61269784dc773cc4f772f8e))
* Remove session from store on logout ([4495f56](https://github.com/ory/hydra/commit/4495f56fcd737fb6873cd5891deee062221d20b6)):
This patch resolves an issue where the session would not be purged from the store when performing an RP-initiated logout request from a client, if said client does not purge the authentication session properly because the client does not have access to it or because the client misbehaves.
* Remove unrelated quickstart entry ([#2214](https://github.com/ory/hydra/issues/2214)) ([a583d78](https://github.com/ory/hydra/commit/a583d78d62f6f959c3271d726bb32612a5da7ec6)), closes [#2213](https://github.com/ory/hydra/issues/2213)
* Request_id should not be unique ([a8ca333](https://github.com/ory/hydra/commit/a8ca333bb65fe591d1795ce5b33760c97ff54d65)):
This patch resolves an issue where certain OpenID Connect Hybrid flows would error with a UNIQUE violation. The cause of this issue was an incorrect UNIQUE constraint on the `request_id` field of the access, refresh, pkce, and other, similar tables.
* Resolve broken quickstart ([95a1dfb](https://github.com/ory/hydra/commit/95a1dfb2c06a56235ba1da1c9789f8356382b75c))
* Update deprecated config in quickstart ([1c1433a](https://github.com/ory/hydra/commit/1c1433ab3ae0b3b50a0f911bb4a909cb4ff774fb))
* Update invalid quickstart config ([8d076a5](https://github.com/ory/hydra/commit/8d076a5e47c806a3340ffcb48731da14518cd4a9))
* Update package lock ([18bfc96](https://github.com/ory/hydra/commit/18bfc96fefdf012a31cfc30b376b3ccc65b2cecd))
* Update schema to support new koanf ([29763c8](https://github.com/ory/hydra/commit/29763c8f938e5e690179c79771ed63684545f8bf))
### Code Generation
* Pin v1.9.0-alpha.3 release commit ([05809d2](https://github.com/ory/hydra/commit/05809d25cb4b667dd91610cc9862fb37aec7b956))
### Code Refactoring
* Deprecate driver semantics ([8fc3e2e](https://github.com/ory/hydra/commit/8fc3e2e3ce27b633df04d05dc1e82e589a4a9de6))
* Move oauth2 cors to own package ([3beddbd](https://github.com/ory/hydra/commit/3beddbdabf7c589bdd4b36f6680f37ab4d1cf5a7))
* Rename `token_type` to `token_use` in introspection ([152fd5d](https://github.com/ory/hydra/commit/152fd5d46e9a22e1e03ac80643c0d01fabb3a3b6)), closes [#1762](https://github.com/ory/hydra/issues/1762)
* Replace viper with koanf config management ([8c12b27](https://github.com/ory/hydra/commit/8c12b27a59dd75ad4a4e5f6d3178dd25e7e17406))
### Documentation
* Add config debug section ([c53f036](https://github.com/ory/hydra/commit/c53f0364ab2ac5ac2429334f804e58bae14d7b7d))
* Add contributing to sidebar ([#2209](https://github.com/ory/hydra/issues/2209)) ([21f3b1f](https://github.com/ory/hydra/commit/21f3b1f17b67ed1b28d4ef2a898413cc62ac81f1)):
Added Contributing Guidelines to the introduction menu point on the sidebar.
I think it should be as obvious as possible.
Another good solution would be to add them to the top bar?
If this is merged, I will do the same changes for Kratos/Oathkeeper/Keto.
* Add newsletter banner ([5b63aa4](https://github.com/ory/hydra/commit/5b63aa4bae56d6d66871ba95ca8ab8394e0c6027))
* Add quickstart video ([#2220](https://github.com/ory/hydra/issues/2220)) ([d4aa981](https://github.com/ory/hydra/commit/d4aa98147f3c7efae37f17e9bc21f4cc61e74b77))
* Bcrypt reference config ([#2161](https://github.com/ory/hydra/issues/2161)) ([e7eece2](https://github.com/ory/hydra/commit/e7eece2d4c25fb27b76f20877c692540c9a2f11b)), closes [#2077](https://github.com/ory/hydra/issues/2077)
* Deps are installed automagically and make deps was removed ([#2157](https://github.com/ory/hydra/issues/2157)) ([25e96e2](https://github.com/ory/hydra/commit/25e96e27c889a764d7d3ace05c16a0cd6ad197d1)), closes [#2154](https://github.com/ory/hydra/issues/2154)
* Fix omissions in consent flow description ([#2194](https://github.com/ory/hydra/issues/2194)) ([d9d719a](https://github.com/ory/hydra/commit/d9d719afbbd63773a9fad30e62204c20593ddb77))
* Minor improvements to the concepts/consent page ([#2168](https://github.com/ory/hydra/issues/2168)) ([1128cfc](https://github.com/ory/hydra/commit/1128cfc5176fd80d80cc857985ffe7fb04434c27))
* Update links and fix typos ([#2169](https://github.com/ory/hydra/issues/2169)) ([409f2f4](https://github.com/ory/hydra/commit/409f2f4b300f5375b6f582ae7fe5319425fb3523))
* Update toc ([#2158](https://github.com/ory/hydra/issues/2158)) ([ee4a9ed](https://github.com/ory/hydra/commit/ee4a9edf642ec23516530611363e1508975d03e8)), closes [#2153](https://github.com/ory/hydra/issues/2153)
* Use codefromremote for consent samples ([51c0874](https://github.com/ory/hydra/commit/51c0874cd60ea8e8df1972b1926ca2e8e74c556a))
### Features
* Add ability to override oidc discovery urls ([bb8b982](https://github.com/ory/hydra/commit/bb8b9824e88249f58a55efe2410d1df357c7f519)):
Added config options `webfinger.oidc_discovery.token_url`, `webfinger.oidc_discovery.auth_url`, `webfinger.oidc_discovery.jwks_url`.
* Add new `request_object_signing_alg_values_supported` to oidc discovery ([4220959](https://github.com/ory/hydra/commit/4220959c022ae6e8134f9135d65bb40e2d74d843))
* Add oidc conformity tests ([651f424](https://github.com/ory/hydra/commit/651f4244566f8ebba63bfbe085b5487228e8fe56))
* Add support for ElasticAPM tracing ([#2155](https://github.com/ory/hydra/issues/2155)) ([7792715](https://github.com/ory/hydra/commit/77927158ee8e90b4b83d829eb2a448885e4d06d9))
* Improve and clean up error handling ([b727367](https://github.com/ory/hydra/commit/b7273676dd79478bf5678046a86f5b5135714559))
* Improve error responses for consent handler ([44ab747](https://github.com/ory/hydra/commit/44ab7472dc84c01c26e20ea2cb8d95c9a479cf29))
* Improve error stack trace wrapping ([fdf142c](https://github.com/ory/hydra/commit/fdf142cc7c5a195ceca4004d5244fbf89ece7e61))
* Only set state-param if it was passed ([#2183](https://github.com/ory/hydra/issues/2183)) ([568434a](https://github.com/ory/hydra/commit/568434ac393591d7ba0c2a3ec4eb45be576ffb86)):
Using `state` in the logout flow is optional, so `state` can be empty. In order to avoid an ugly `/post-logout-redirect-uri?state=` URI, the state should only be appended if it is not empty.
* Remove legacy error fields unless configured to do so ([e2a7135](https://github.com/ory/hydra/commit/e2a7135fad56d1666ef7910bd98e79a027a00258))
* Support OpenID Connect's `response_mode=form_post` ([8ab9eff](https://github.com/ory/hydra/commit/8ab9eff6a50a4f9339310b31024b37b6f93b1416)), closes [#1621](https://github.com/ory/hydra/issues/1621):
This patch adds support for the `response_mode` parameter as defined in [OAuth 2.0 Form Post Response Mode](https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html). Additionally, values `fragment` and `query` are supported as defined in [OAuth 2.0 Multiple Response Type Encoding Practices](https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html).
* Support pkger ([07a360e](https://github.com/ory/hydra/commit/07a360e37da8543d5556be0c2fd8afaddc02a59d))
### Tests
* Add timeout to wait ([90dfaf5](https://github.com/ory/hydra/commit/90dfaf56bad60f7be89cf1713c361dc4971b7b04))
* Completely refactor consent tests ([defc063](https://github.com/ory/hydra/commit/defc063e414f77a2cf32f6aff5a73c02bb09dd34))
* Fix jwt e2e tests ([1b480d8](https://github.com/ory/hydra/commit/1b480d82e104b8ce5aa0cf74697f664efd3c012d))
* Improve github action conformity tests ([1015e49](https://github.com/ory/hydra/commit/1015e49e17818fb4df091f2a7afe833304cd87a2))
* Improve TestClientCredentialsGrantAllScopes ([19409b4](https://github.com/ory/hydra/commit/19409b4d2dbe86085facea6c71c2a04b248f6674))
* Increase timeout for conformity ([a65d289](https://github.com/ory/hydra/commit/a65d289261bab04a34c8e22927f839c1f9962f3f))
* Oidc conformity tests should run as workflow dispatch ([5b8fa0a](https://github.com/ory/hydra/commit/5b8fa0aedc6ce1539410f2ffa1bca630c1b4a3c2))
* Refactor client credential tests ([b74cffa](https://github.com/ory/hydra/commit/b74cffa8d2b01b154c1b707a9219ea2568dcc74f))
* Refactor consent logout tests and add failing case ([ef12c06](https://github.com/ory/hydra/commit/ef12c068df3011c9b4e684058f1f32c6046dabda))
* Refactor oauth2 auth code tests ([c376473](https://github.com/ory/hydra/commit/c376473c37bce38a85f2cc8763cf0680d572c4a7))
* Resolve conformity test suite concurrency issues ([ef312c3](https://github.com/ory/hydra/commit/ef312c3999acba2f43719546618120a160329540))
* Resolve e2e startup issues ([5af4cef](https://github.com/ory/hydra/commit/5af4cef937ed3085427b6a108aaaa1d9aac70b62))
* Resolve e2e test failures ([03f5e8e](https://github.com/ory/hydra/commit/03f5e8e5fdcc3d08bd4225679be7cbef328392e2))
* Resolve failing rotation key tests ([8e8b943](https://github.com/ory/hydra/commit/8e8b943c9cb3dc18e15d26ed4183d9fd09f5f2a4))
* Resolve flaky test issue ([e17a074](https://github.com/ory/hydra/commit/e17a074774eafc93f4cb5620f2f186e87a9ec96e))
* Resolve incorrect retry loop ([ef141c2](https://github.com/ory/hydra/commit/ef141c28ba4f9d4973da4f62b0cbfac35d7fd029))
* Retry conformity failures ([409ae42](https://github.com/ory/hydra/commit/409ae424da31b4634f4a538604fb7cb1acd2605c))
* Retry interrupted tests ([c72367b](https://github.com/ory/hydra/commit/c72367b0dcda02a21fee727e81c427fe712e10dc))
* Skip preloading in migration tests ([14272f2](https://github.com/ory/hydra/commit/14272f2aa257cb38d385f2c801f9943650f54841))
* Update config to pass validation ([6931461](https://github.com/ory/hydra/commit/69314615a12fe56bd7ad3e739d0f9bd10fecf011))
* Use 16 workers for conformance ([9cf0e65](https://github.com/ory/hydra/commit/9cf0e653122db9deea8641dd354bf98749803b7b))
* Use correct test context ([45bc907](https://github.com/ory/hydra/commit/45bc9072eb2e5f9545f6300bdf3c343719fdef74))
* Use prebuilt images for conformity testing ([4dd7a62](https://github.com/ory/hydra/commit/4dd7a6214763149352e97de9fcea0e670f7be16d))
### Unclassified
* Format ([5f08ff2](https://github.com/ory/hydra/commit/5f08ff2a25634d7d186d35a98c6494cf51b9cadc))
# [1.9.0-alpha.2](https://github.com/ory/hydra/compare/v1.9.0-alpha.1...v1.9.0-alpha.2) (2020-10-29)
This release addresses an issue in the update routine of OAuth2 Clients (see [kratos#2148](https://github.com/ory/hydra/issues/2148)) and adds an option which makes ORY Hydra compatible with MITREid.
### Bug Fixes
* Add docs format to make format ([cfa50fe](https://github.com/ory/hydra/commit/cfa50fe0dd12ec756e43b2db6fc3ab534db8494a))
* Client update breaks primary key ([#2150](https://github.com/ory/hydra/issues/2150)) ([7662917](https://github.com/ory/hydra/commit/7662917015d07ab9f7ee5c2c5b7a66c97995b815)), closes [#2148](https://github.com/ory/hydra/issues/2148)
* Explicitly use no-CGO images for non-SQLite ([1ec2d1d](https://github.com/ory/hydra/commit/1ec2d1dffa07fdf733abc4cfb889c52447592217))
* Force brew install statement ([0252b5a](https://github.com/ory/hydra/commit/0252b5a2830abb313cae1622b1e2022829802943))
* Update install script ([c614c0b](https://github.com/ory/hydra/commit/c614c0b98f2bca897828848fa5088f8eed125704))
### Code Generation
* Pin v1.9.0-alpha.2 release commit ([1a7fe91](https://github.com/ory/hydra/commit/1a7fe9137293699b7d5d8880aac26f33fdd7e302))
### Documentation
* Add missing trailing slash ([97bc47d](https://github.com/ory/hydra/commit/97bc47d63940fabd0bec65b3e8051fc171d38011))
* Replace dex with keycloak ([fa877d7](https://github.com/ory/hydra/commit/fa877d76b37e9a60e35080447bd27857010ad2a8)), closes [#2128](https://github.com/ory/hydra/issues/2128)
* Version bash-curl script ([71b0592](https://github.com/ory/hydra/commit/71b0592361c973753024e25d00140dd1c605804a)), closes [#2145](https://github.com/ory/hydra/issues/2145)
### Features
* Add configuration option to grant default client_credential scope when no scope is requested ([#2144](https://github.com/ory/hydra/issues/2144)) ([0b1de34](https://github.com/ory/hydra/commit/0b1de34a5c4a1a99f958c6f24cd2062c398211ec)), closes [#2141](https://github.com/ory/hydra/issues/2141):
Adds an option which allows granting the OAuth2 Client's authorized scope when performing a `client_credentials` flow without specifying a scope. This enables compatibility with MITREid.
### Tests
* Fix misused id field ([#2152](https://github.com/ory/hydra/issues/2152)) ([511e8d2](https://github.com/ory/hydra/commit/511e8d270e0ecebf46405639d4ecf0af9269d6ab))
# [1.9.0-alpha.1](https://github.com/ory/hydra/compare/v1.8.5...v1.9.0-alpha.1) (2020-10-20)
This release focuses on a complete refactor of the internal database abstraction layer (DBAL). We have been using [gobuffalo/pop](https://github.com/gobuffalo/pop) successfully in [ORY Kratos](https://github.com/ory/kratos) and decided to move the ORY Hydra DBAL to [gobuffalo/pop](https://github.com/gobuffalo/pop) as well. As part of this refactoring, ORY Hydra now supports SQLite for both in-memory as well as on-disk databases, de-duplicating the codebase and allowing for quick and easy persistence in test environments.
This is an alpha release as we want to gather feedback from the community regarding performance and other potential issues before tagging the v1.9.0 version branch as stable.
### Bug Fixes
* Add support for tracing to SQL ([b3dda7c](https://github.com/ory/hydra/commit/b3dda7c8c97f3c6dce36a9789d2980ff53bf387f))
* Address pop inconsistencies and update tests ([8f3462f](https://github.com/ory/hydra/commit/8f3462ff522de44f74ada8b80342e40779eaa7c6))
* CGO build issues on Windows and Go 1.15+ ([1c1fe19](https://github.com/ory/hydra/commit/1c1fe19241bee2ee78f8fd96886d9f0d106748eb))
* Do not require sqlite and CGO for other databases ([8069205](https://github.com/ory/hydra/commit/80692052133f72e532730cca720faebf3183509f))
* Do not run migrations in background ([308edb9](https://github.com/ory/hydra/commit/308edb99af7328259a1e1cbfabe2676a96324f8a))
* Explicitly set pwd in makefile ([aeb1090](https://github.com/ory/hydra/commit/aeb10903fd467a6f228168316de3748d9556fb6b))
* Goreleaser add docker images ([7a81908](https://github.com/ory/hydra/commit/7a81908a8875bdc6d632e8b2a320272c8ffa0b8d))
* Improve cli flags and add `-c` config flag ([bf3be84](https://github.com/ory/hydra/commit/bf3be849c053cfe9f36b077606d31f2ec3f487fc))
* Improve schema typing for tracing ([4cc25c3](https://github.com/ory/hydra/commit/4cc25c34e52afa0c5d113a440c474ffe3daf3fd0))
* Improve tests and pop adapter ([1354611](https://github.com/ory/hydra/commit/135461107e157a303975e429a3d4c1035d751ffd))
* Remove explicit cve allowlist ([90caeda](https://github.com/ory/hydra/commit/90caedae8ac2ae76be72eca33947e144bcf9529c)), closes [#2117](https://github.com/ory/hydra/issues/2117)
* Remove obsolete makefile targets ([dc5d37f](https://github.com/ory/hydra/commit/dc5d37ff16ccf48050878bf415d31374254e2bd7))
* Remove unnecessary transactions ([1df50ec](https://github.com/ory/hydra/commit/1df50ec02ef09d57b2314e09a95f31bc90dd4e37))
* Remove websocket direct dep ([d525983](https://github.com/ory/hydra/commit/d525983c9f06d52ff225f66d664cb1a4ed37f698)), closes [#2111](https://github.com/ory/hydra/issues/2111)
* Run tests only once ([4e1d0f6](https://github.com/ory/hydra/commit/4e1d0f6f3dae8277f3d729c31845829552c3b443))
* Set context in connection getter ([644967a](https://github.com/ory/hydra/commit/644967a818c5f6e229c7e3601728191fcb1ab17b))
* Update docker and quickstart examples ([b01c246](https://github.com/ory/hydra/commit/b01c2467840c03f6e520f8aee53c503e5e69f5ad))
* Update format to goimports ([c4438b0](https://github.com/ory/hydra/commit/c4438b0eb2cc8a99ecdd2ef0ce6126b5399749e2))
* Use context in transaction creator ([db0ac86](https://github.com/ory/hydra/commit/db0ac86103a5bd3a6983e50b5e437eb6311e91e8))
* Use sqlite for standalone ([e5b7147](https://github.com/ory/hydra/commit/e5b7147abdd33bc613c7de7539d0e2da2275f477))
### Code Generation
* Pin v1.9.0-alpha.1 release commit ([a270e4c](https://github.com/ory/hydra/commit/a270e4cafbded0e3e3c1c7bef061b60f6351a52e))
### Code Refactoring
* Move Dockerfiles to .docker directory ([5508f2a](https://github.com/ory/hydra/commit/5508f2aba6ff56730d402f163e2b41387676a30f))
* Use gobuffalo/pop for SQL abstraction ([#2059](https://github.com/ory/hydra/issues/2059)) ([56bce67](https://github.com/ory/hydra/commit/56bce678cb8a3e308313895e5fecd9b112ead4ae)), closes [#1730](https://github.com/ory/hydra/issues/1730):
This patch replaces the existing SQL and memory managers with a pop based persister. Existing SQL migrations are compatible as they have been migrated to the new SQL abstraction in version 1.7.x. As a goodie, ORY Hydra now supports SQLite for both in-memory as well as on-disk (useful for development and very small deployments) databases!
### Documentation
* Add hypnoglow terraform provider ([7ed8870](https://github.com/ory/hydra/commit/7ed887032431886c5fdc14462467ed3b5c0937de)), closes [#1304](https://github.com/ory/hydra/issues/1304)
* Correct port ([#2101](https://github.com/ory/hydra/issues/2101)) ([487e733](https://github.com/ory/hydra/commit/487e733579a97dcab0f81365fd63214818e34492)), closes [#2100](https://github.com/ory/hydra/issues/2100)
* Correct port ([#2102](https://github.com/ory/hydra/issues/2102)) ([7aca301](https://github.com/ory/hydra/commit/7aca301a3e5d88273402765f32f521f2dac99df2)), closes [#2100](https://github.com/ory/hydra/issues/2100)
* Fix typo ([71a4495](https://github.com/ory/hydra/commit/71a4495d367bc9ac52025ccc1c5e75367dc227a5))
* Remove obsolete doc section ([443a225](https://github.com/ory/hydra/commit/443a225775ffefe3fd75df416924803ec965cbee))
* Swagger route headline capitalization ([4540ece](https://github.com/ory/hydra/commit/4540ece1285b814307335bab97824e6e1aebb0ca)), closes [#2015](https://github.com/ory/hydra/issues/2015)
* Update code listings and image tags ([3cd22c4](https://github.com/ory/hydra/commit/3cd22c4d25de9b7a66336603135e9342555c278e))
* Update sql instructions ([bfed7f2](https://github.com/ory/hydra/commit/bfed7f22414e25da48ef8b4ee241c2a9684e63e2))
* Updates kubernetes helm chart url ([6d63a73](https://github.com/ory/hydra/commit/6d63a730d42dc8185f3f6ce589dc977b425e0503))
### Features
* Implement docker for quickstart ([8e64202](https://github.com/ory/hydra/commit/8e64202f43b13890138d6e0cabdac1853d05d8e0))
* Re-enable freebsd ([2f19837](https://github.com/ory/hydra/commit/2f1983702140e0bbfb56b28b8de9254283014799)), closes [#2116](https://github.com/ory/hydra/issues/2116) [#2115](https://github.com/ory/hydra/issues/2115)
* Support sqlite in goreleaser ([e946487](https://github.com/ory/hydra/commit/e946487a1e1a0642f46b3a36c53a1737c3d8613e))
### Tests
* Fix confusing expected/got ([#2135](https://github.com/ory/hydra/issues/2135)) ([14b6db2](https://github.com/ory/hydra/commit/14b6db206cbe2ccf3e4b71fe8f621aa3d87f33f5)):
And fixed assert.EqualError params in right order in TestStrategyLoginConsent
* Move tests to persistence ([46d0571](https://github.com/ory/hydra/commit/46d0571e3ebf1db7ded4fc3f6018a9ddbf3d2677))
* Remove unused expectSession variable ([#2134](https://github.com/ory/hydra/issues/2134)) ([eda8532](https://github.com/ory/hydra/commit/eda8532ee77576ad92020c474926925f18cd4fe7))
* Write migrate logs to file ([9a1fbd8](https://github.com/ory/hydra/commit/9a1fbd800cf2bc94ddb507caa164922c3141578c))
# [1.8.5](https://github.com/ory/hydra/compare/v1.8.0-pre.1...v1.8.5) (2020-10-03)
This is a security-focused release with fixes for [CVE-2020-15234](https://github.com/ory/fosite/security/advisories/GHSA-grfp-q2mm-hfp6), [CVE-2020-15223](https://github.com/ory/fosite/security/advisories/GHSA-7mqr-2v3q-v2wm), [CVE-2020-15233](https://github.com/ory/fosite/security/advisories/GHSA-rfq3-w54c-f9q5). Additionally, several system dependencies (e.g. Golang) have been upgraded.
A few things have changed as part of these patches:
- OAuth 2.0 Redirection URL error parameters `error_hint`, `error_debug` have been deprecated and are now part of `error_description`. The parameters are still included for compatibility reasons but will be removed in a future release.
- OAuth 2.0 Error `revocation_client_mismatch` was not standardized and has been removed. Instead, you will now receive `unauthorized_client` with a description explaining why the flow failed.
Additionally, the TypeScript SDK generator has changed from OpenAPI's `typescript-node` to `typescript-axios` making the SDK compatible with both browser as well as node environments, which was not the case previously. Please be aware that some of the SDK's API signatures - especially responses - have changed and check your TypeScript output for instructions on upgrading. You may still use an older version of the SDK as none of ORY Hydra's HTTP APIs have changed.
Due to several complex CI issues and regressions, build versions v1.8.0 - v1.8.4 failed. v1.8.5 the first and only stable release in the current 1.8.x branch.
New features have been added and bugs have been closed. No migrations are required when applying this release. Please check the list below for an in-depth overview.
### Code Generation
* Pin v1.8.5 release commit ([951870e](https://github.com/ory/hydra/commit/951870edef14332f2a65342e0bc8f361c2cfb42c)):
Bumps from v1.8.0-pre.0
# [1.8.0-pre.1](https://github.com/ory/hydra/compare/v1.8.0-pre.0...v1.8.0-pre.1) (2020-10-03)
autogen: pin v1.8.0-pre.1 release commit
### Bug Fixes
* Resolve gosec issues and false positives ([0832138](https://github.com/ory/hydra/commit/083213814c160304312f7cf529ec38cc154a769f))
### Code Generation
* Pin v1.8.0-pre.1 release commit ([861fdb7](https://github.com/ory/hydra/commit/861fdb7d5d5e9ce1a6183b9e0f56e746a0b9927e))
### Features
* Bump golangci-lint and add lint job ([5ea6fb6](https://github.com/ory/hydra/commit/5ea6fb65e6599e4ff0718922a17a0a054638a738))
# [1.8.0-pre.0](https://github.com/ory/hydra/compare/v1.7.4...v1.8.0-pre.0) (2020-10-02)
This is a security-focused release with fixes for [CVE-2020-15234](https://github.com/ory/fosite/security/advisories/GHSA-grfp-q2mm-hfp6), [CVE-2020-15223](https://github.com/ory/fosite/security/advisories/GHSA-7mqr-2v3q-v2wm), [CVE-2020-15233](https://github.com/ory/fosite/security/advisories/GHSA-rfq3-w54c-f9q5). Upgrading is strongly advised!
A few things have changed as part of these patches:
- OAuth2 Redirection URL error parameters `error_hint`, `error_debug` have been deprecated and are now part of `error_description`. The parameters are still included for compatibility reasons but will be removed in a future release.
- OAuth2 Error `revocation_client_mismatch` was not standardized and has been removed. Instead, you will now receive `unauthorized_client` with a description explaning why the flow failed.
Additionally, the TypeScript SDK generator has changed from OpenAPI's `typescript-node` to `typescript-axios` making the SDK compatible with both browser as well as node environments, which was not the case previously. Please be aware that some of the SDK's API signatures - especially responses - have changed and check your TypeScript output for instructions on upgrading. You may still use an older version of the SDK as none of ORY Hydra's HTTP APIs have changed.
New features have been added and bugs have been closed. No migrations are required when applying this release. Please check the list below for an in-depth overview.
## Breaking Changes
As part of this patch, a few things have changed in a breaking fashion:
- OAuth2 Redirection URL error parameters `error_hint`, `error_debug` have been deprecated and now part of `error_description`. The parameters are still included for compatibility reasons but will be removed in a future release.
- OAuth2 Error `revocation_client_mismatch` was not standardized and has been removed. Instead, you will now receive `unauthorized_client` with a description explaning why the flow failed.
### Bug Fixes
* Bump deps to patch CVE-2020-15223 ([#2067](https://github.com/ory/hydra/issues/2067)) ([b36073a](https://github.com/ory/hydra/commit/b36073af4880f47da7702e3cc86d56edd5e3f514))
* Bump ory/fosite to v0.34.1 to address CVEs ([0561d74](https://github.com/ory/hydra/commit/0561d74014775a656f8c8afa5ad20134e93aed20))
* Delete obsolete patch ([1b99ce3](https://github.com/ory/hydra/commit/1b99ce32fff1fc4ecc4982156ac1086ecc2f8bef))
* Downgrade log level for access rejections ([#2038](https://github.com/ory/hydra/issues/2038)) ([82208c4](https://github.com/ory/hydra/commit/82208c43a1a2e5d382db5ab35885b6b5042c9d54)), closes [#2031](https://github.com/ory/hydra/issues/2031)
* Ignore x/net false positives ([fd14ad3](https://github.com/ory/hydra/commit/fd14ad30110d3ce1865e69dfaf8735f01dd40743))
* Remove docker-e2e file ([096bc0c](https://github.com/ory/hydra/commit/096bc0c5a7908946eb5f76ffe634e5d372a47563)):
The file and build pipeline have moved to https://github.com/ory/e2e-env.
* Support HTTP POST method for logout ([#2043](https://github.com/ory/hydra/issues/2043)) ([29b2af4](https://github.com/ory/hydra/commit/29b2af4add8902f4461f9c53b2f59474b231d9c8))
* Update link to config docs displayed on `hydra serve help` ([#2071](https://github.com/ory/hydra/issues/2071)) ([d619fab](https://github.com/ory/hydra/commit/d619fabc2eb159805f82089f2cfe1b28df0f4f31)), closes [#2065](https://github.com/ory/hydra/issues/2065)
### Code Generation
* Pin v1.8.0-pre.0 release commit ([293c3ac](https://github.com/ory/hydra/commit/293c3ac7856d8cba1a745d8220b21bca4b2393fc))
### Documentation
* Add missing word in sentence ([#2082](https://github.com/ory/hydra/issues/2082)) ([7a72083](https://github.com/ory/hydra/commit/7a7208344600b48829e70ed1be51703e3a17e89d))
* Corrected documentation links ([#2045](https://github.com/ory/hydra/issues/2045)) ([#2047](https://github.com/ory/hydra/issues/2047)) ([9e8c2e3](https://github.com/ory/hydra/commit/9e8c2e3556a920c9670896640dede5ce80cb2de8))
* Fix broken link ([ab3afec](https://github.com/ory/hydra/commit/ab3afec294b47412507a2e6a54eb577ed12ab09b))
* Fix dead image links ([#2053](https://github.com/ory/hydra/issues/2053)) ([759ab16](https://github.com/ory/hydra/commit/759ab1637a0dec12aaa760f04a8638cf35032a59))
* Fix regression issues and OOM build error ([f20f844](https://github.com/ory/hydra/commit/f20f8444cfff57d061218f95dff735df1f2d78eb))
* Fix relative path in consent flow doc ([#2063](https://github.com/ory/hydra/issues/2063)) ([2b0f87f](https://github.com/ory/hydra/commit/2b0f87f09656bd700f4fe7336efe1750bf3ca325))
* Fix typo "pariwise" on advanced flows page ([bcd2de0](https://github.com/ory/hydra/commit/bcd2de01bdbadeef9ac08580d4b91ea948e7eed7))
* Fix typo ([#2052](https://github.com/ory/hydra/issues/2052)) ([d1f5ecc](https://github.com/ory/hydra/commit/d1f5ecc9bb85d418737826b8cce8efb0d9c4562c)):
s̶i̶g̶n̶l̶e̶ ̶p̶a̶g̶e̶ ̶a̶p̶p̶ ➡️ single page app
* Gitlab hydra integration ([#2014](https://github.com/ory/hydra/issues/2014)) ([e2bc127](https://github.com/ory/hydra/commit/e2bc12701d3f61f549ac1cd8d92c5f00dc9e551c))
* Improve before-oauth2 ([8bcb8c9](https://github.com/ory/hydra/commit/8bcb8c9d25c9e7b16383e7e4392da36ea385c5eb))
* Minor typo in limitations.md ([#2048](https://github.com/ory/hydra/issues/2048)) ([42d85ee](https://github.com/ory/hydra/commit/42d85eebbb0540f1698d1fe0b05378d11dc30a44)):
It said "an maximum" but I believe it should be "a maximum".
* Resolve broken link ([eedb1f8](https://github.com/ory/hydra/commit/eedb1f85924719b4134b00235c1258553334d4cd))
* Update logout flow docs based on new spec ([#2044](https://github.com/ory/hydra/issues/2044)) ([d8d4f1e](https://github.com/ory/hydra/commit/d8d4f1e581504b5111e9051a46636140c31a3a86)), closes [#1994](https://github.com/ory/hydra/issues/1994)
* Update pkg.go.dev link in README ([#2084](https://github.com/ory/hydra/issues/2084)) ([ce3515f](https://github.com/ory/hydra/commit/ce3515f6f7e271dd36196d68288bd25bfd709d3c)):
Remove www from the pkg.go.dev path.
* Use relative paths ([5107e58](https://github.com/ory/hydra/commit/5107e58778f44319f7148cc3794f5ca3ec799b9a))
### Features
* Add client update command in cli ([444d26d](https://github.com/ory/hydra/commit/444d26d4d0f8065f33e6c332f828893e6f65b33b))
* Add DataDog support ([#2056](https://github.com/ory/hydra/issues/2056)) ([5a0236a](https://github.com/ory/hydra/commit/5a0236acff7ef945cb37929aa288c6ca5df436f2)), closes [#1957](https://github.com/ory/hydra/issues/1957)
* Allow to automatically set GOMAXPROCS according to linux container quota ([#2034](https://github.com/ory/hydra/issues/2034)) ([39652ac](https://github.com/ory/hydra/commit/39652acb2d148a4deb0614725de27c1bf895c05b))
* API for deleting a client's access tokens ([#2058](https://github.com/ory/hydra/issues/2058)) ([077c54a](https://github.com/ory/hydra/commit/077c54ab5143041d4189d5e79ca52920b91bc9b0)), closes [#1728](https://github.com/ory/hydra/issues/1728)
* Improving the client update command description ([85b6e86](https://github.com/ory/hydra/commit/85b6e86d1957b270fe66de2cb917bcd0e21a6918))
* Metrics prometheus endpoint should not require x-forwarded-proto header ([#2074](https://github.com/ory/hydra/issues/2074)) ([7d3a1c8](https://github.com/ory/hydra/commit/7d3a1c8605b38950a5eed41fd159ab1f18ec8ffd)), closes [#2072](https://github.com/ory/hydra/issues/2072):
- moved MetricsPrometheusPath constant to metrics/prometheus/metrics.go
- added rule to allow insecure requests for MetricsPrometheusPath endpoint
- arranged tls_termination_test.go test to cover all cases in RejectInsecureRequests function
# [1.7.4](https://github.com/ory/hydra/compare/v1.7.3...v1.7.4) (2020-08-31)
This release resolves several minor bugs and one slow query. Please be aware that applying this version requires running SQL migrations.
### Bug Fixes
* Update e2e docker image ([2ce0f14](https://github.com/ory/hydra/commit/2ce0f14fc44e2592e743f596226446e8cd7f1117))
### Code Generation
* Pin v1.7.4 release commit ([ff980e6](https://github.com/ory/hydra/commit/ff980e6d6c5a5f17b7a0c55e7593a9ec75ea76ef)):
Bumps from v1.7.1
# [1.7.3](https://github.com/ory/hydra/compare/v1.7.1...v1.7.3) (2020-08-31)
This release resolves several minor bugs and one slow query. Please be aware that applying this version requires running SQL migrations.
### Code Generation
* Pin v1.7.3 release commit ([a72fac3](https://github.com/ory/hydra/commit/a72fac3c46caf30865e1a5495a6a27167bc77ee6))
# [1.7.1](https://github.com/ory/hydra/compare/v1.7.0...v1.7.1) (2020-08-31)
This release resolves several minor bugs and one slow query. Please be aware that applying this version requires running SQL migrations.
## Breaking Changes
This patch changes the SQL schema and thus requires running the SQL Migration command (e.g. `... migrate sql`).
Never apply SQL migrations without backing up your database prior.
### Bug Fixes
* Add (client_id, subject) index to access and refresh tables ([#2001](https://github.com/ory/hydra/issues/2001)) ([6c830d2](https://github.com/ory/hydra/commit/6c830d2dbfcc83f0076b155db80ec4362149b236)), closes [#1997](https://github.com/ory/hydra/issues/1997) [#2000](https://github.com/ory/hydra/issues/2000):
This patch adds an index over `(client_id, subject)` to access and refresh token tables which improves performance significantly in certain API calls.
* Deprecate client flags in introspection CLI ([eeaa3ac](https://github.com/ory/hydra/commit/eeaa3ac90360657485682043442a0bb434329822))
### Code Generation
* Pin v1.7.1 release commit ([2ecfe4b](https://github.com/ory/hydra/commit/2ecfe4be685c801444a01610e2231a62f56a439d))
### Code Refactoring
* Use ory/x tracing package ([#2008](https://github.com/ory/hydra/issues/2008)) ([97615fa](https://github.com/ory/hydra/commit/97615fa327969ed9c2cbead03eb79423ab6e7652))
### Documentation
* Add milestones to sidebar ([8a19f53](https://github.com/ory/hydra/commit/8a19f53efea6b5a346ed7238c845044c6492debd))
* Add note about refresh token invalidation ([7ce7a7e](https://github.com/ory/hydra/commit/7ce7a7e49b8eae406f3620951b638f7e2fbf872a)), closes [#2021](https://github.com/ory/hydra/issues/2021)
* Add note about refresh token invalidation ([#2021](https://github.com/ory/hydra/issues/2021)) ([5add779](https://github.com/ory/hydra/commit/5add7798bf6a10dd113a1d5294c9f09308f73bc1))
* Add pkg.go.dev badge ([#2009](https://github.com/ory/hydra/issues/2009)) ([b9bf968](https://github.com/ory/hydra/commit/b9bf9688c0452aa0aef069a99970fb6ea3cc86ce))
* Capitalize swagger titles in NYT style ([#2023](https://github.com/ory/hydra/issues/2023)) ([595e3b0](https://github.com/ory/hydra/commit/595e3b0edabf2fa51d2977923f5070dab35717b2)), closes [#2015](https://github.com/ory/hydra/issues/2015)
* Clarify that fallback URL shows an error ([e077e83](https://github.com/ory/hydra/commit/e077e831349930b65f6dbec20de1201bbfc63aea)), closes [#1931](https://github.com/ory/hydra/issues/1931)
* Fix access control section ([152ccf0](https://github.com/ory/hydra/commit/152ccf0b1f898270759a4d120873666c781a8dd7)), closes [#1992](https://github.com/ory/hydra/issues/1992)
* Fix typos and correct legend ([94c9872](https://github.com/ory/hydra/commit/94c98725dba57f782a292d5cbf38819c2f472d02)), closes [#1930](https://github.com/ory/hydra/issues/1930)
* Improve deprecation notice ([dedcafe](https://github.com/ory/hydra/commit/dedcafe0ca9a5504ff8b670170db455c7811dc46))
* Remove duplicate tempalte ([3e32aa5](https://github.com/ory/hydra/commit/3e32aa57e37fdbf86e53e719a198532568341968))
* Remove introspect security spec ([#2002](https://github.com/ory/hydra/issues/2002)) ([973d57b](https://github.com/ory/hydra/commit/973d57b8307e7986097ca3018f5753ca4ede2299)), closes [#1520](https://github.com/ory/hydra/issues/1520)
* Spelling fix ([d9b00e3](https://github.com/ory/hydra/commit/d9b00e38cba9a743be4c449e534263d42f0e29b7))
* Update 5 minute tutorial ([17f893f](https://github.com/ory/hydra/commit/17f893fdac9fbed064da69d5480abd63d61d8eae))
* Update repository templates ([08cafb1](https://github.com/ory/hydra/commit/08cafb1794ae64507b977b77ddec0535d9496f1b))
* Update repository templates ([aebc122](https://github.com/ory/hydra/commit/aebc122aed5ee96f12f7c52d6786187b4ba70211))
* Update repository templates ([#2028](https://github.com/ory/hydra/issues/2028)) ([d61fd57](https://github.com/ory/hydra/commit/d61fd57fb608a9a9fae2d8771e19898df1263934))
* Use NYT style capitalization for swagger ([#2019](https://github.com/ory/hydra/issues/2019)) ([066a6cd](https://github.com/ory/hydra/commit/066a6cd5fb4a194696ede66d8cf1fde1dbccf740))
### Features
* Add and automate version schema ([#2012](https://github.com/ory/hydra/issues/2012)) ([ab6cd6f](https://github.com/ory/hydra/commit/ab6cd6ff2e725cb66967f6c2595d38ef76d6dc04))
### Unclassified
* fix spelling (#2010) ([1543511](https://github.com/ory/hydra/commit/1543511b704334c3f470844d90579b4226951cb8)), closes [#2010](https://github.com/ory/hydra/issues/2010)
# [1.7.0](https://github.com/ory/hydra/compare/v1.6.0...v1.7.0) (2020-08-14)
The new SameSite attribute is now enforced on Google Chrome and may cause issues with your current ORY Hydra deployment:
`SameSite=None` no longer works without `secure` flag cookies. If you are using the `--dangerous-force-http` flag and have not configured `SameSite=Lax` your users will no longer be able to perform OAuth2 flows.
The next FireFox release will follow this implementation as well. To prevent your users from experiencing issues:
- Remove `--dangerous-force-http` from your deployment. This flag should never be set outside of local development machines anyways!
- Set environment variable `SERVE_COOKIES_SAME_SITE_MODE=Lax` or configuration value `serve.cookies.same_site_mode = Lax`.
By applying this release, the above recommendations will be set per default, for example using `Lax` when `--dangerous-force-http` is set.
Many of you reached out in the past asking about managed / SaaS offerings from ORY, for more support, automated updates, and automated fixes for issues like the `SameSite` behavior above. We would like to invite those interested in that kind of an offering and service to engage in a dialogue to better help us understand how you are using ORY, what requirements your businesses have and how we can better help and service you. Together, we can shape some of this journey together. If you like to be part of this conversation please send an email to jared@ory.sh so we can get in touch directly and begin talking about what an ideal and fully supported offering from ORY would look like for you.
This patch additionally includes a breaking API change for the "Revoke Consent Sessions API endpoint" - please check the breaking changes below. Bugfixes are included in this release as well - such as pretty JSON format logging, fixes to Jaeger configuration, and more!
## Breaking Changes
Previously, '/oauth2/auth/sessions/consent?subject=foo@bar.com' would revoke all consent sessions of that user. This may be problematic in cases where the caller forgot to specify the client ID as all tokens for that user are revoked. To prevent that, a "failsave" `all=true` is now required to make this explicit: '/oauth2/auth/sessions/consent?subject=foo@bar.com&all=true'.
### Bug Fixes
* Add json_pretty to possible log.format values ([cc96359](https://github.com/ory/hydra/commit/cc963595d5bc4e485e3a342777e7bbc48ce6b292))
* Add uri to jaeger's local_agent_address ([#1982](https://github.com/ory/hydra/issues/1982)) ([4d5df3e](https://github.com/ory/hydra/commit/4d5df3eb1a758d58ff4b25ed1815d479c2634605)), closes [#1956](https://github.com/ory/hydra/issues/1956)
* Bump clidoc ([7800049](https://github.com/ory/hydra/commit/7800049e94441436e5fea851505f259beb7b8e4a))
* Remove duplicate html tags ([#1960](https://github.com/ory/hydra/issues/1960)) ([819fe6c](https://github.com/ory/hydra/commit/819fe6cd68178ed2ce434dc15e2ea4135f82e2b5))
* Send total item count in X-Total-Count header ([#1983](https://github.com/ory/hydra/issues/1983)) ([5f9f294](https://github.com/ory/hydra/commit/5f9f294fdb671ca62f808b4060b3f1384fee6f6d)), closes [#1666](https://github.com/ory/hydra/issues/1666)
* Use SameSite=Lax for dev environments per default ([534203c](https://github.com/ory/hydra/commit/534203c541ee797c0968f299e59f7da018ac3e9c))
* Use SameSite=Lax for quickstart ([379f5f0](https://github.com/ory/hydra/commit/379f5f08a5350b7409323fd2307cd5b755f5a790)), closes [#1988](https://github.com/ory/hydra/issues/1988) [#1981](https://github.com/ory/hydra/issues/1981)
### Code Generation
* Pin v1.7.0 release commit ([ff4b81e](https://github.com/ory/hydra/commit/ff4b81efd78b072f733d74a1b552cf56d202bcd5))
### Code Refactoring
* Cleanup the code for CORS handling ([#1959](https://github.com/ory/hydra/issues/1959)) ([5a53d28](https://github.com/ory/hydra/commit/5a53d28f3e38c6d462b199c8cb7a5a52cefd661d)), closes [#1754](https://github.com/ory/hydra/issues/1754)
### Documentation
* Access token time config ([#1966](https://github.com/ory/hydra/issues/1966)) ([f066cc1](https://github.com/ory/hydra/commit/f066cc124258639584ca8e2a499858e9d9f8a9b3)):
Adds a short guide how to configure access token expiration time.
* Add expiry-time sidebar item ([#1967](https://github.com/ory/hydra/issues/1967)) ([5f8e58b](https://github.com/ory/hydra/commit/5f8e58be3928adc4c995685d06f9582fe474d0e3)):
Adds token-expiration to sidebar.
* Add sdk samples for tls termination and tls verify skip ([#1968](https://github.com/ory/hydra/issues/1968)) ([6619e59](https://github.com/ory/hydra/commit/6619e59dcbdac604162c70df3df11afe2b5ae796))
* Add section on oauth2 limitations at beginning ([4254363](https://github.com/ory/hydra/commit/425436303af59c3d78dff15f1232d84733db7ca0))
* Adopt new sidebar.json ([8faf070](https://github.com/ory/hydra/commit/8faf070adac29551c50f4d0b5ce8ecde6d659b7e))
* Clarify secure flag in chrome ([f01ac17](https://github.com/ory/hydra/commit/f01ac17089ce5d245c440ced37645310d0aaa245))
* Clarify when to use oauth2 ([4c58601](https://github.com/ory/hydra/commit/4c586012bff2d23d60bd58fe2815017f9e56ad63))
* Document SameSite woes on Chrome ([921f8c2](https://github.com/ory/hydra/commit/921f8c23d507ed84ed36792dfa343f235da2e501))
* Fix broken links ([b3c6c5a](https://github.com/ory/hydra/commit/b3c6c5adf752615ae0dc331487004c40f3943248))
* Fix invalid links ([3838cdc](https://github.com/ory/hydra/commit/3838cdc580ad0a684b4120fb9dc057aa328a11b3))
* Fix typos ([#1964](https://github.com/ory/hydra/issues/1964)) ([83ce657](https://github.com/ory/hydra/commit/83ce6578110f89ebd7e6a9eb7d76c4f9bd7cfbcd))
* Fixed link ([#1969](https://github.com/ory/hydra/issues/1969)) ([ba1f14b](https://github.com/ory/hydra/commit/ba1f14b3b7bc81b58e86300e2c04bbce8c5be13a))
* Update oauth2 limitation section ([62e6fdf](https://github.com/ory/hydra/commit/62e6fdfcc6e8cccb06ed50da96e7298f579207e8))
* Update TLS example to quote strings not spawn a subshell ([#1961](https://github.com/ory/hydra/issues/1961)) ([0e6ed29](https://github.com/ory/hydra/commit/0e6ed291216582163305c8f8eb4837b79b8d27e5))
### Features
* Add audit and debug logs for cookies ([08813b3](https://github.com/ory/hydra/commit/08813b312307ec7ffef193097ba1ce92ceb093bc))
* Add clidoc task and program ([e44d256](https://github.com/ory/hydra/commit/e44d25627714372843f8a73a73fb915363b21728))
* Revoke consent sessions of a subject only if explicitly requested ([#1952](https://github.com/ory/hydra/issues/1952)) ([fb925cf](https://github.com/ory/hydra/commit/fb925cf8c3e738efab018cbf659e288d76eb4cd2)), closes [#1951](https://github.com/ory/hydra/issues/1951):
This patch adds query parameter `all` to `/oauth2/auth/sessions/consent`. If `all=true`, then all consent sessions of a certain subject will be revoked.
### Unclassified
* Add 1.5 notes to UPGRADING.md ([270b89a](https://github.com/ory/hydra/commit/270b89a3bdde7c9d4e79dd43d058f27bc6318f0e))
* Whitelist new session cookies and set log level to trace ([6e75638](https://github.com/ory/hydra/commit/6e75638901743ddb0aecd30506589ceb6d8c0ae8))
# [1.6.0](https://github.com/ory/hydra/compare/v1.5.2...v1.6.0) (2020-07-20)
We focused on reworking the ORY Hydra documentation in this release.
Even though no breaking changes were introduced with this release, we decided
to bump to the next minor (1.6) version to signal the significance of the
documentation changes.
We also refactored the NodeJS example implementation to use lightweight
TypeScript and the official TypeScript SDK.
### Bug Fixes
* Correct hydra-login-consent-node image ([2bc777d](https://github.com/ory/hydra/commit/2bc777d89324ddc75ef52b6ff9be2fec5217ba1f)), closes [#1955](https://github.com/ory/hydra/issues/1955)
* Improve nancy pipeline with nancy-ignore and bump ci ([aaabb6f](https://github.com/ory/hydra/commit/aaabb6ff37b0108491abbb95fabe1a67f36f4004))
* Improve structured logging ([#1935](https://github.com/ory/hydra/issues/1935)) ([82c5302](https://github.com/ory/hydra/commit/82c5302f54115a16cb7916cb88b24724b3ad9576)), closes [#1683](https://github.com/ory/hydra/issues/1683)
* Logout error hint ([#1949](https://github.com/ory/hydra/issues/1949)) ([2f1f832](https://github.com/ory/hydra/commit/2f1f83282dd4f7ef615f36c7013aacc0f7a75338))
* SDK generation at Makefile ([#1954](https://github.com/ory/hydra/issues/1954)) ([e7a8322](https://github.com/ory/hydra/commit/e7a8322953641b70662339d44f57b32067431059))
* Use correct assertion in test ([9a5593b](https://github.com/ory/hydra/commit/9a5593b656c637b4b6f9317e37b02ecac4d91f0b))
### Code Generation
* Pin v1.6.0 release commit ([90faa60](https://github.com/ory/hydra/commit/90faa60c5d517fccf071e8205da5f63f46636c82))
### Documentation
* Add scaling hydra section ([e812bfa](https://github.com/ory/hydra/commit/e812bfa8902f0768a977140fc67171cb050c8abf))
* Annotate code samples ([c6099ec](https://github.com/ory/hydra/commit/c6099ecc234f71d003afc62285dac3e32fc76836))
* Clean up concept section ([13c593c](https://github.com/ory/hydra/commit/13c593c0d909554e13f1d80bdde14451fe28a911))
* Improve csrf debug help ([48e50da](https://github.com/ory/hydra/commit/48e50daaa5214b6f36f756e3f704e13ace1b6006))
* Move helm chart docs from ory/k8s ([5185368](https://github.com/ory/hydra/commit/518536817ed63f69ea0aea4ae1b40cb29537be38))
* Refactor documentation ([2b23437](https://github.com/ory/hydra/commit/2b23437041da5d2fab86aee2ac311ea50e22d3d5))
* Remove duplicate heading ([74cb812](https://github.com/ory/hydra/commit/74cb8126ce52151b53e631826ca8281ac07c06d5))
* Update openid certification ([5f8c0d4](https://github.com/ory/hydra/commit/5f8c0d4bd27d4ac26dc0bdce0c6376b4bd802149))
### Unclassified
* Exclude health endpoints ([#1932](https://github.com/ory/hydra/issues/1932)) ([7bf91c2](https://github.com/ory/hydra/commit/7bf91c229fc0309fb97022b34d7e4e4004bffd4c)), closes [#1924](https://github.com/ory/hydra/issues/1924)
# [1.5.2](https://github.com/ory/hydra/compare/v1.5.1...v1.5.2) (2020-06-23)
This release contains mostly minor bug fixes and allows more granular control
for listening on unix sockets.
### Bug Fixes
* Bump pop to v5.2 ([#1922](https://github.com/ory/hydra/issues/1922)) ([5097805](https://github.com/ory/hydra/commit/50978054737e7ae7c54adf5ec9ee478e9feb174f)), closes [#1892](https://github.com/ory/hydra/issues/1892)
* Do not log error at login/consent cancelation ([#1914](https://github.com/ory/hydra/issues/1914)) ([379eed3](https://github.com/ory/hydra/commit/379eed3db3b3e4b8f13f12145f7f48048ab0cf8e)), closes [#1912](https://github.com/ory/hydra/issues/1912)
* Improve Makefile dependency management ([#1918](https://github.com/ory/hydra/issues/1918)) ([5359276](https://github.com/ory/hydra/commit/5359276ac96a27cfe07c39647b4dee8a581d2dae)), closes [#1916](https://github.com/ory/hydra/issues/1916):
This install dependencies only when you make a target that needs it.
This also removes the check that certain system dependencies (e.g. go)
are installed. Instead, we simply let the target fail. This ensures we
only test for the desired dependencies.
### Code Generation
* Pin v1.5.2 release commit ([4d2cd48](https://github.com/ory/hydra/commit/4d2cd48ee6e43175331febc8463159204b5ae40b))
### Features
* Allow modifying unix socket permissions ([#1915](https://github.com/ory/hydra/issues/1915)) ([b19b7cf](https://github.com/ory/hydra/commit/b19b7cfd2eadf3dc7a1ef904756b435f5205a273)):
This allows the reverse proxy to actually read the unix socket, since
- The default permissions are 0755
- Hydra is usually run as a user different than the reverse proxy
- One needs read and write permissions to connect to the socket
With the commit, one can set the group to be a group that contains the
reverse proxy user and permissions to 0770
# [1.5.1](https://github.com/ory/hydra/compare/v1.5.0...v1.5.1) (2020-06-16)
The 1.5.1 release includes several big changes to the internal code base and introduces exciting new features! It combines several beta releases that have been battle-tested by the community. Please use the 1.5.1 release instead of the 1.5.0 release which had issues with the CI pipeline! This release
* changes how migrations work internally. It does not contain breaking changes but please run `hydra migrate sql` **once you have backed up the database**;
* improves CockroachDB ZigZag query performance;
* OAuth2 clients are now able to use other token_endpoint_auth_signing_algorithms than RS256
* introduces Zipkin tracing support;
* improves the documentation in several locations;
* greatly improves structured logging output;
* supports unix sockets in the ORY Hydra CLI;
* uses the new ORY CLI as part of the toolchain;
* and resolves several other bugs and issues!
We would like to thank our amazing community and all contributors that have helped in making this release possible (in no particular order):
* https://github.com/rickwang7712
* https://github.com/bayansar
* https://github.com/sawadashota
* https://github.com/ka3de
* https://github.com/dalcde
* https://github.com/timsazon
* https://github.com/robhinds
* https://github.com/arkady-bagdasarov
* https://github.com/arapaho
* https://github.com/lopezator
* https://github.com/pjediny
If you haven't yet, consider joining our [Slack family](https://slack.ory.sh)!
### Code Generation
* Pin v1.5.1 release commit ([af8d7a6](https://github.com/ory/hydra/commit/af8d7a6933c9c4bc223a5b2fef8124970091fec7)):
Bumps from v1.5.0-beta.1
# [1.5.0](https://github.com/ory/hydra/compare/v1.5.0-beta.5...v1.5.0) (2020-06-16)
The 1.5 release includes several big changes to the internal code base and introduces exciting new features! It combines several beta releases that have been battle-tested by the community. This release
* changes how migrations work internally. It does not contain breaking changes but please run `hydra migrate sql` **once you have backed up the database**;
* improves CockroachDB ZigZag query performance;
* OAuth2 clients are now able to use other token_endpoint_auth_signing_algorithms than RS256
* introduces Zipkin tracing support;
* improves the documentation in several locations;
* greatly improves structured logging output;
* supports unix sockets in the ORY Hydra CLI;
* uses the new ORY CLI as part of the toolchain;
* and resolves several other bugs and issues!
We would like to thank our amazing community and all contributors that have helped in making this release possible (in no particular order):
* https://github.com/rickwang7712
* https://github.com/bayansar
* https://github.com/sawadashota
* https://github.com/ka3de
* https://github.com/dalcde
* https://github.com/timsazon
* https://github.com/robhinds
* https://github.com/arkady-bagdasarov
* https://github.com/arapaho
* https://github.com/lopezator
* https://github.com/pjediny
If you haven't yet, consider joining our [Slack family](https://slack.ory.sh)!
### Bug Fixes
* Add config schema for log.leak_sensitive_values ([#1905](https://github.com/ory/hydra/issues/1905)) ([d954649](https://github.com/ory/hydra/commit/d954649cd382728b7ec8b58b56e75d2f0913d75a))
* Properly return when subject is empty ([#1909](https://github.com/ory/hydra/issues/1909)) ([5b54519](https://github.com/ory/hydra/commit/5b5451929196eaa09a2fa21b1fbb5797693bf897)), closes [#1842](https://github.com/ory/hydra/issues/1842)
* Remove duplicated tracing logger ([#1900](https://github.com/ory/hydra/issues/1900)) ([48c2c6d](https://github.com/ory/hydra/commit/48c2c6de27a7ec73c77cb29c86578b8ca78885e8))
* Same site legacy workaround on iOS 12 ([#1908](https://github.com/ory/hydra/issues/1908)) ([128ad98](https://github.com/ory/hydra/commit/128ad987d548e719b62e789264a82ef5e611ff59)), closes [#1810](https://github.com/ory/hydra/issues/1810) [/github.com/golang/go/blob/release-branch.go1.14/src/net/http/cookie.go#L221](https://github.com//github.com/golang/go/blob/release-branch.go1.14/src/net/http/cookie.go/issues/L221) [/tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00#section-4](https://github.com//tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00/issues/section-4) [239226#L118](https://github.com/239226/issues/L118) [#1907](https://github.com/ory/hydra/issues/1907):
Enables legacy compatibility on iOS version < 13 and macOS version < 10.15
* Use .bin in PATH and improve CI tasks ([#1897](https://github.com/ory/hydra/issues/1897)) ([9c6eba8](https://github.com/ory/hydra/commit/9c6eba8d0611fb4a79820a90c31f72eb578ca3d5))
### Chores
* Pin v1.5.0 release commit ([dff6c21](https://github.com/ory/hydra/commit/dff6c216edca3c7138007ce70316f8fa5448d94c)):
Bumps from v1.4.10
### Documentation
* Add hint for login different subject ([#1880](https://github.com/ory/hydra/issues/1880)) ([8f7227c](https://github.com/ory/hydra/commit/8f7227cd94fedf88bd5a4fdbc75eb480bc3d3aa9)):
Add hint to allow login provider login different subject when there is already an authentication of another subject.
* Delete old redirect homepage ([45595dc](https://github.com/ory/hydra/commit/45595dc1aed479cd224353355a7e66030de609b0))
* Use mdx for api reference ([5709439](https://github.com/ory/hydra/commit/570943932773b2de54b187526d5d3e0ade2c2756))
### Features
* Add Zipkin support ([#1904](https://github.com/ory/hydra/issues/1904)) ([05bf907](https://github.com/ory/hydra/commit/05bf907eb5702616c454d7b4e9a1a44efb58f37a))
* Allow unix socket as --endpoint ([#1899](https://github.com/ory/hydra/issues/1899)) ([6999a82](https://github.com/ory/hydra/commit/6999a82d0fed29ff857dc5df5da39cb796022482))
* Log errors with request information ([#1893](https://github.com/ory/hydra/issues/1893)) ([4bfbddb](https://github.com/ory/hydra/commit/4bfbddb5a4fcb55448b12f2d6ea7e050d9f47720))
* Support jwt signing alg other than RS256 ([#1889](https://github.com/ory/hydra/issues/1889)) ([fe8d77f](https://github.com/ory/hydra/commit/fe8d77f4a4a4644dcb9a188bf33ae3dea9871480)), closes [#1817](https://github.com/ory/hydra/issues/1817)
### Unclassified
* Add www-authenticate at userinfo endpoint ([#1891](https://github.com/ory/hydra/issues/1891)) ([e785bc7](https://github.com/ory/hydra/commit/e785bc71cdfe7f7996dfbf1dd2152887f5b5f76d)), closes [#1827](https://github.com/ory/hydra/issues/1827)
# [1.5.0-beta.5](https://github.com/ory/hydra/compare/v1.5.0-beta.3...v1.5.0-beta.5) (2020-05-28)
Adds `offline_access` to the scope list in OpenID Connect Discovery, makes it possible to enforce PKCE for public clients, improves structured logging, and bumps several dependencies.
### Bug Fixes
* Add offline_access to discovery supported scoped ([#1870](https://github.com/ory/hydra/issues/1870)) ([73464e1](https://github.com/ory/hydra/commit/73464e1c6293ed7ff41d33e06389824222306a2f)), closes [#1866](https://github.com/ory/hydra/issues/1866)
* Resolve dependency issues and adopt logrusx logger ([fdb3231](https://github.com/ory/hydra/commit/fdb3231e19f1b20cffcdad7fa0eebc1c513e5960))
### Chores
* Pin v1.5.0-beta.5 release commit ([a0fbe80](https://github.com/ory/hydra/commit/a0fbe809fe974979c8eca7ee9d8ff29702d8fade))
### Documentation
* Move sdk to top level directory ([#1876](https://github.com/ory/hydra/issues/1876)) ([13ee97d](https://github.com/ory/hydra/commit/13ee97dc8ca225a334b054fa98c9d2f7367cb1cf))
* Update repository templates ([04b2c22](https://github.com/ory/hydra/commit/04b2c22d97ffa69f58c53ab64f48c75095f96624))
* Use central banner repo for README ([ff0b990](https://github.com/ory/hydra/commit/ff0b990c4c37c683a7905421c29684f1e7e36675))
### Features
* Configure pkce enforcement for public clients ([#1874](https://github.com/ory/hydra/issues/1874)) ([d1907d6](https://github.com/ory/hydra/commit/d1907d670f923bb7a2433b04c85b57077b747a59))
# [1.5.0-beta.3](https://github.com/ory/hydra/compare/v1.5.0-beta.2...v1.5.0-beta.3) (2020-05-23)
Bumps a vulnerable dependency.
### Chores
* Pin v1.5.0-beta.3 release commit ([9f67b8d](https://github.com/ory/hydra/commit/9f67b8d502bee72fcc6a29277f3d77b344d7835d))
# [1.5.0-beta.2](https://github.com/ory/hydra/compare/v1.5.0-beta.1...v1.5.0-beta.2) (2020-05-23)
Resolves issues found in beta.1.
### Bug Fixes
* Add packr2 steps in Makefile ([#1858](https://github.com/ory/hydra/issues/1858)) ([08ac026](https://github.com/ory/hydra/commit/08ac0268e52751f0857cef41f5412f5242ce2509)), closes [#1857](https://github.com/ory/hydra/issues/1857):
packr2 binary is a needed pre-requisite used to generate .go files that
pack the static files of the project into bytes that can be bundled.
Invokes packr2 in install-stable and install targets of Makefile in
order to generate the .go files that pack the static files into bytes
that can be bundled.
* Automatically append multiStatements parameter to mySQL URI ([#1835](https://github.com/ory/hydra/issues/1835)) ([849fe62](https://github.com/ory/hydra/commit/849fe62e918cb459256806870feb646f977adbdb))
* Consent cockroachdb perfomance issue with zigzag join query ([#1790](https://github.com/ory/hydra/issues/1790)) ([615387e](https://github.com/ory/hydra/commit/615387e05845cc4f27300b06c66e9d21f867316b)), closes [#1789](https://github.com/ory/hydra/issues/1789) [#1755](https://github.com/ory/hydra/issues/1755) [cockroachdb/cockroach#47179](https://github.com/cockroachdb/cockroach/issues/47179):
Add an index over subject and client_id in order to avoid the
(sometimes) underperformant zigzag join query.
* Use correct path for swagger sdk ([21dcdba](https://github.com/ory/hydra/commit/21dcdbafbd1d743991ba99cb651f550ca3018d2c))
### Chores
* Pin v1.5.0-beta.2 release commit ([5e0d16b](https://github.com/ory/hydra/commit/5e0d16b6c8564e1566723a0bec092bb745fc277d))
### Code Refactoring
* Moved AskForConfirmation to ory/x/cmdx ([#1848](https://github.com/ory/hydra/issues/1848)) ([0bd0b0d](https://github.com/ory/hydra/commit/0bd0b0dd353935c2bb53dd4f58f9072d5702a89b))
* Moved TestMigrator to ory/x/popx ([#1846](https://github.com/ory/hydra/issues/1846)) ([a0919a5](https://github.com/ory/hydra/commit/a0919a5ead62ad4b02005547fa55da10481a5afa))
### Documentation
* Add details about auth creds in body ([#1852](https://github.com/ory/hydra/issues/1852)) ([4409e73](https://github.com/ory/hydra/commit/4409e73600b6572e2d20a337c2e0a520f048f9eb))
* Adding a line about CSRF cookie problems ([#1843](https://github.com/ory/hydra/issues/1843)) ([697b0f5](https://github.com/ory/hydra/commit/697b0f5303c5744d88206bb35d85cc5e55f68b88)):
Issue I experienced today, running Hydra 1.4.10 in dangerous HTTP mode, the CSRF cookie defaulted to SameSite=None, but the cookie was not marked as secure (which makes sense, as Hydra is running over HTTP), so the cookie gets ignored (and was getting CSRF value not present errors).
I was able to get around it by either overriding the SameSite setting, or by switching to TLS termination.
* Clarify consent request list endpoint ([#1859](https://github.com/ory/hydra/issues/1859)) ([6dabd9b](https://github.com/ory/hydra/commit/6dabd9bcd9b9c840d11f418fe5c77e2ac730c72e)), closes [#1856](https://github.com/ory/hydra/issues/1856)
* Correct version tags ([#1841](https://github.com/ory/hydra/issues/1841)) ([f200fd4](https://github.com/ory/hydra/commit/f200fd408a69d500f33f9acfd319f925eead4efe))
* Update github templates ([#1854](https://github.com/ory/hydra/issues/1854)) ([a0c7ba0](https://github.com/ory/hydra/commit/a0c7ba0eba6cfca5272b81b30bfeaa154bdab2f5)), closes [#1853](https://github.com/ory/hydra/issues/1853)
* Update name for post_logout_redirect_url ([#1840](https://github.com/ory/hydra/issues/1840)) ([0092a1f](https://github.com/ory/hydra/commit/0092a1f9ead25291441b871bf036a9fe7a6d0089)), closes [#1832](https://github.com/ory/hydra/issues/1832)
# [1.5.0-beta.1](https://github.com/ory/hydra/compare/v1.4.10...v1.5.0-beta.1) (2020-04-30)
This release changes how migrations work internally. It does
not contain breaking changes. Please run `hydra migrate sql`
once you have backed up the database.
## Breaking Changes
Please run `hydra migrate sql` before applying this release.
### Chores
* Pin v1.5.0-beta.1 release commit ([64b2e4a](https://github.com/ory/hydra/commit/64b2e4a5de0f6c26769a7cb3a9352076c5a94ae4))
### Code Refactoring
* Move migrations to gobuffalo/fizz ([#1775](https://github.com/ory/hydra/issues/1775)) ([94057d9](https://github.com/ory/hydra/commit/94057d9400aeb6751ad00acd34e987e8a8866c42)):
This patch deprecates the previous migration system (sql-migrate) in favor of gobuffalo/fizz. No functional changes have been made.
# [1.4.10](https://github.com/ory/hydra/compare/v1.4.9...v1.4.10) (2020-04-30)
This release includes documentation changes and bug fixes.
### Bug Fixes
* Add strategies.access_token to configuration JSON schema ([#1830](https://github.com/ory/hydra/issues/1830)) ([f09d539](https://github.com/ory/hydra/commit/f09d539065f03b24e9914bc4a3ac53a491fc75c3))
* **docs:** Prefix href to jaeger tracing ui with http:// ([#1829](https://github.com/ory/hydra/issues/1829)) ([0e293fc](https://github.com/ory/hydra/commit/0e293fc1a651c510b8c10359abb381be21f302f8)):
Before these links would lead relatively to `https://www.ory.sh/hydra/docs/127.0.0.1:16686/search`
### Chores
* Pin v1.4.10 release commit ([d0bbf20](https://github.com/ory/hydra/commit/d0bbf205319cded49964d4211d8b50ae98385fdd))
### Documentation
* Fix info note ([bc84c01](https://github.com/ory/hydra/commit/bc84c01b52fe5a133a7d110eaaec896d35fc684a))
### Unclassified
* Update oauth2.md ([f99421e](https://github.com/ory/hydra/commit/f99421eb95f3e363d371ed1e9d91bcd5f2aaf892))
# [1.4.9](https://github.com/ory/hydra/compare/1.4.8...v1.4.9) (2020-04-25)
This is the first release to use our new CI/CD pipeline
which includes auto-generated release announcements
via the newsletter.
If you have feedback on this new process feel free
to start a discussion on Slack!
This release fixes some bugs and improves the docs.
### Bug Fixes
* Update install.sh script ([#1828](https://github.com/ory/hydra/issues/1828)) ([7d56902](https://github.com/ory/hydra/commit/7d569022be432c03a6974400ba4a4d20ce693979))
### Chores
* Pin v1.4.9 release commit ([eed9d87](https://github.com/ory/hydra/commit/eed9d8788704fa7df65abd4a238d2ea3ee9391c1))
# [1.4.8](https://github.com/ory/hydra/compare/v1.4.7...1.4.8) (2020-04-24)
### Bug Fixes
* **docker:** Resolve nsswitch issues ([#1824](https://github.com/ory/hydra/issues/1824)) ([96b8733](https://github.com/ory/hydra/commit/96b8733bfc683eaec976354077225512397b63bc))
### Chores
* Pin 1.4.8 release commit ([bcfc6c4](https://github.com/ory/hydra/commit/bcfc6c488caaf8b72984cc879792c205d74daeb5))
### Documentation
* Add docker help to self-signed ssl ([8be079b](https://github.com/ory/hydra/commit/8be079b65e47149308cec8622107ee1b3bfbb1da))
* Add tls self-signed certificate guide ([#1826](https://github.com/ory/hydra/issues/1826)) ([a90483f](https://github.com/ory/hydra/commit/a90483f67850ade79ce0c89a547e64564eb0ae4e)), closes [#1822](https://github.com/ory/hydra/issues/1822)
### Features
* Add workaround for CSRF SameSite=None cookies ([#1810](https://github.com/ory/hydra/issues/1810)) ([8967b9c](https://github.com/ory/hydra/commit/8967b9cb59b7fcad9fb7e1f0b0269d66f8d32a9b)), closes [#1753](https://github.com/ory/hydra/issues/1753):
Implements the workaround from https://web.dev/samesite-cookie-recipes/ for the CSRF cookies only when using SameSite=None. This is configurable and disabled by default.
Also adds some unit tests for the existing CSRF cookie helpers, along with unit tests for this change.
# [1.4.7](https://github.com/ory/hydra/compare/v1.4.6...v1.4.7) (2020-04-24)
This is the first release to use our new CI/CD pipeline
which includes auto-generated release announcements
via the newsletter.
If you have feedback on this new process feel free
to start a discussion on Slack!
This release fixes some bugs and improves the docs.
### Bug Fixes
* Allow -1 as ttl.refresh_token value ([#1819](https://github.com/ory/hydra/issues/1819)) ([66f5d3a](https://github.com/ory/hydra/commit/66f5d3a25fa3efb5484f279844fa6a8245e6b519)), closes [#1811](https://github.com/ory/hydra/issues/1811):
Because viper converts the type from both string and number to time.Duration we can allow both types.
* **docker:** Add nsswitch.conf into the dockerfiles ([#1816](https://github.com/ory/hydra/issues/1816)) ([48cf366](https://github.com/ory/hydra/commit/48cf366b9f929f6bd22757864dbd169780dec533)):
Go's netgo implementation currently does not respect hostname overrides
defined in /etc/hosts if the /etc/nsswitch.conf does not exists.
Made changes to the Dockerfiles to add a standard /etc/nsswitch.conf
to fix this issue.
* **docker:** Bump version to 1.4.6 ([0692869](https://github.com/ory/hydra/commit/0692869a155877d4e0554b9834ca09c3d61110d6))
* Improve system secrets message ([#1818](https://github.com/ory/hydra/issues/1818)) ([7a3ecd0](https://github.com/ory/hydra/commit/7a3ecd0d61aefff7274e3261db7629e55afd11ea))
* Use semver-regex replacer func ([77c6752](https://github.com/ory/hydra/commit/77c67526e57311e4825a3c5c322fb4275bc7e826))
### Chores
* Pin v1.4.7 release commit ([11cc6bf](https://github.com/ory/hydra/commit/11cc6bf1909aefbc9e66b1997c149908e111ece2))
### Documentation
* Add CSRF section to debug ([#1813](https://github.com/ory/hydra/issues/1813)) ([85551eb](https://github.com/ory/hydra/commit/85551ebf69fa212221a913b42d799a8d18ac75a3))
* Clarify scope section ([7606a48](https://github.com/ory/hydra/commit/7606a48ba3807814cb685e14b0759e8af887b37d))
* Fix golang and javascript sdk links ([0143712](https://github.com/ory/hydra/commit/0143712b2c28f53be5d1fa3d5cdfdeeef7e8e450))
* Fix two broken links in sdk overview ([#1809](https://github.com/ory/hydra/issues/1809)) ([9def4ba](https://github.com/ory/hydra/commit/9def4ba01c1c500f1e73a0228448d23f2d66e0f2))
* Update linux install guide ([#1806](https://github.com/ory/hydra/issues/1806)) ([a9eed57](https://github.com/ory/hydra/commit/a9eed5741cb70082eb2b457ab681dc6fcda054ac))
# [1.4.6](https://github.com/ory/hydra/compare/v1.4.5...v1.4.6) (2020-04-17)
fix: resolve bugs in config schema (#1805)
This patch fixes 6 bugs in the config.schema.json and adds "additionalProperties": false where appropriate.
Closes #1804
Co-authored-by: aeneasr <aeneas@ory.sh>
### Bug Fixes
* Resolve bugs in config schema ([#1805](https://github.com/ory/hydra/issues/1805)) ([1f6da12](https://github.com/ory/hydra/commit/1f6da129a39ec2f3f2d82e07e9e2c33f74d4c237)), closes [#1804](https://github.com/ory/hydra/issues/1804):
This patch fixes 6 bugs in the config.schema.json and adds "additionalProperties": false where appropriate.
* Use existing docker versions in quickstart compose ([4892a1f](https://github.com/ory/hydra/commit/4892a1fe8048fd39205813deb1a400892fb34164))
### Documentation
* Update banner img src ([4b2af79](https://github.com/ory/hydra/commit/4b2af793359a9a562e5f95f709212578de418818))
* Update banner src ([14849eb](https://github.com/ory/hydra/commit/14849eb127ce36c598efa4c124601fc785289f3b))
* Update github templates ([#1803](https://github.com/ory/hydra/issues/1803)) ([dd03c4d](https://github.com/ory/hydra/commit/dd03c4dd022a7390b47dc783f730f30b4dd0b6f5))
# [1.4.5](https://github.com/ory/hydra/compare/v1.4.3...v1.4.5) (2020-04-16)
docs: update github templates (#1802)
Signed-off-by: aeneasr <aeneas@ory.sh>
### Bug Fixes
* Add packr files to gitignore ([b185ae9](https://github.com/ory/hydra/commit/b185ae9223febd63ede82a57fd996b03409a4b67))
* Use correct packr paths in gitignore ([a5ee813](https://github.com/ory/hydra/commit/a5ee813997b2e121299abccbc969b9e357b847ef))
### Documentation
* Update github templates ([#1802](https://github.com/ory/hydra/issues/1802)) ([cc09151](https://github.com/ory/hydra/commit/cc09151eb761c1e8a7b0a201af9cf18e2d763ace))
# [1.4.3](https://github.com/ory/hydra/compare/v1.4.2...v1.4.3) (2020-04-16)
fix: return proper error code in refresh and code flows (#1800)
Resolves a regression issue which sends an invalid error response
when a refresh token is being re-used, is not found, or the wrong
client is accessing it.
This patch also bumps jose-related tooling which introduces better
security measure against certain types of x509 attacks.
See https://community.ory.sh/t/refresh-token-endpoint-returns-invalid-request-error-expecting-invalid-grant/1637/2
See https://github.com/ory/fosite/pull/426
See https://github.com/ory/fosite/issues/418
### Bug Fixes
* **consent:** Login and consent error handling ([#1799](https://github.com/ory/hydra/issues/1799)) ([af18bdb](https://github.com/ory/hydra/commit/af18bdbca7bdccdee8a3676db6ea28813830e07c)), closes [#1791](https://github.com/ory/hydra/issues/1791) [#1791](https://github.com/ory/hydra/issues/1791):
A regression was introduces in 1.4.2 which caused the error handling to misbehave
* Link to docs at README ([#1792](https://github.com/ory/hydra/issues/1792)) ([c0e34be](https://github.com/ory/hydra/commit/c0e34be0b81815ac262aec796cfdef9db35e6765))
* Return proper error code in refresh and code flows ([#1800](https://github.com/ory/hydra/issues/1800)) ([9145e65](https://github.com/ory/hydra/commit/9145e65bddd4878910d3a2950aa8c38b47c7c89c)):
Resolves a regression issue which sends an invalid error response
when a refresh token is being re-used, is not found, or the wrong
client is accessing it.
This patch also bumps jose-related tooling which introduces better
security measure against certain types of x509 attacks.
See https://community.ory.sh/t/refresh-token-endpoint-returns-invalid-request-error-expecting-invalid-grant/1637/2
See https://github.com/ory/fosite/pull/426
See https://github.com/ory/fosite/issues/418
### Code Refactoring
* Move docs to this repository ([#1782](https://github.com/ory/hydra/issues/1782)) ([bfeac3c](https://github.com/ory/hydra/commit/bfeac3c758cedce65a2372b681c5fd26b16ad3ef))
### Documentation
* Regenerate and update changelog ([d66a43e](https://github.com/ory/hydra/commit/d66a43eab39231005729670ecb5c35ec4c9eec53))
* Regenerate and update changelog ([6e899a2](https://github.com/ory/hydra/commit/6e899a293c57132f6075feaa797b688d1233f2c8))
* Regenerate and update changelog ([c3bb3ee](https://github.com/ory/hydra/commit/c3bb3ee26eda72173e08737be091336209714c43))
* Regenerate and update changelog ([00dc9cb](https://github.com/ory/hydra/commit/00dc9cb4f2215da955115c4e8de6cad7d36e20a4))
* Regenerate and update changelog ([fb502cd](https://github.com/ory/hydra/commit/fb502cd0a512815d809981007e5a4ff5a4972769))
* Update github templates ([#1795](https://github.com/ory/hydra/issues/1795)) ([ddbad66](https://github.com/ory/hydra/commit/ddbad667f2c653ca0e0288ce8b0fc45f0ed64d1e))
* Update github templates ([#1797](https://github.com/ory/hydra/issues/1797)) ([ad9668c](https://github.com/ory/hydra/commit/ad9668c7d0ac15e9a46155d3478ad350aec5b7c8))
* Updates issue and pull request templates ([#1777](https://github.com/ory/hydra/issues/1777)) ([3694f3c](https://github.com/ory/hydra/commit/3694f3c025349f84a04d7e8e5941e20ad18ff6f9))
* Updates issue and pull request templates ([#1778](https://github.com/ory/hydra/issues/1778)) ([561d500](https://github.com/ory/hydra/commit/561d5007a049234deac4423f1dd76669000b8d9b))
* Updates issue and pull request templates ([#1780](https://github.com/ory/hydra/issues/1780)) ([d6c4eea](https://github.com/ory/hydra/commit/d6c4eea781f260113db26292ec0800152c3d7d86))
### Features
* Add a config.schema.json and validate the config with it ([#1733](https://github.com/ory/hydra/issues/1733)) ([631cefd](https://github.com/ory/hydra/commit/631cefd9023ee4702e082e0b1e4dac6187f42177)), closes [#1729](https://github.com/ory/hydra/issues/1729)
# [1.4.2](https://github.com/ory/hydra/compare/v1.4.1...v1.4.2) (2020-04-03)
chore: move to ory analytics fork (#1776)
### Chores
* Move to ory analytics fork ([#1776](https://github.com/ory/hydra/issues/1776)) ([622b585](https://github.com/ory/hydra/commit/622b5853ef777bd4dbbee11dfbfcaaddfb86dde1))
### Documentation
* Add 1.4 section to upgrade guide ([fab354a](https://github.com/ory/hydra/commit/fab354acf3610c202a870858eda7a8844e30ae8a))
* Regenerate and update changelog ([485961b](https://github.com/ory/hydra/commit/485961b0718c69cc9f2eebeaa4c29413d50ce82e))
* Regenerate and update changelog ([77b82ac](https://github.com/ory/hydra/commit/77b82aca22b3defc89d4e062719ddc71f3743eea))
# [1.4.1](https://github.com/ory/hydra/compare/v1.4.0...v1.4.1) (2020-04-02)
fix: add forgotten error check to test (#1774)
### Bug Fixes
* Add forgotten error check to test ([#1774](https://github.com/ory/hydra/issues/1774)) ([13c6753](https://github.com/ory/hydra/commit/13c6753ae11b2f1be0ea81658626fe6363fd9370))
# [1.4.0](https://github.com/ory/hydra/compare/v1.3.2...v1.4.0) (2020-04-02)
Merge pull request from GHSA-3p3g-vpw6-4w66
BREAKING CHANGE: This patch requires a new SQL Table which needs to be created using `hydra migrate sql`. No other breaking changes have been introduced by this patch.
This patch introduces a blacklist for JTIs which prevents a potential replay of `private_key_jwt` JWTs when performing client authorization.
## GHSA-3p3g-vpw6-4w66
### Impact
When using client authentication method "private_key_jwt" [1], OpenId specification says the following about assertion `jti`:
> A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties
Hydra does not seem to check the uniqueness of this `jti` value. Here is me sending the same token request twice, hence with the same `jti` assertion, and getting two access tokens:
```
$ curl --insecure --location --request POST 'https://localhost/_/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=c001d00d-5ecc-beef-ca4e-b00b1e54a111' \
--data-urlencode 'scope=application openid' \
--data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
--data-urlencode 'client_assertion=eyJhb [...] jTw'
{"access_token":"zeG0NoqOtlACl8q5J6A-TIsNegQRRUzqLZaYrQtoBZQ.VR6iUcJQYp3u_j7pwvL7YtPqGhtyQe5OhnBE2KCp5pM","expires_in":3599,"scope":"application openid","token_type":"bearer"}⏎ ~$ curl --insecure --location --request POST 'https://localhost/_/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=c001d00d-5ecc-beef-ca4e-b00b1e54a111' \
--data-urlencode 'scope=application openid' \
--data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
--data-urlencode 'client_assertion=eyJhb [...] jTw'
{"access_token":"wOYtgCLxLXlELORrwZlmeiqqMQ4kRzV-STU2_Sollas.mwlQGCZWXN7G2IoegUe1P0Vw5iGoKrkOzOaplhMSjm4","expires_in":3599,"scope":"application openid","token_type":"bearer"}
```
### Severity
We rate the severity as medium because the following reasons make it hard to replay tokens without the patch:
- TLS protects against MITM which makes it difficult to intercept valid tokens for replay attacks
- The expiry time of the JWT gives only a short window of opportunity where it could be replayed
### Patches
This will be patched with v1.4.0+oryOS.17
### Workarounds
Two workarounds have been identified:
- Do not allow clients to use `private_key_jwt`
- Use short expiry times for the JWTs
### References
https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
### Upstream
This issue will be resolved in the upstream repository https://github.com/ory/fosite
## Breaking Changes
This patch requires a new SQL Table which needs to be created using `hydra migrate sql`. No other breaking changes have been introduced by this patch.
This patch introduces a blacklist for JTIs which prevents a potential replay of `private_key_jwt` JWTs when performing client authorization.
## GHSA-3p3g-vpw6-4w66
### Impact
When using client authentication method "private_key_jwt" [1], OpenId specification says the following about assertion `jti`:
> A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties
Hydra does not seem to check the uniqueness of this `jti` value. Here is me sending the same token request twice, hence with the same `jti` assertion, and getting two access tokens:
```
$ curl --insecure --location --request POST 'https://localhost/_/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=c001d00d-5ecc-beef-ca4e-b00b1e54a111' \
--data-urlencode 'scope=application openid' \
--data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
--data-urlencode 'client_assertion=eyJhb [...] jTw'
{"access_token":"zeG0NoqOtlACl8q5J6A-TIsNegQRRUzqLZaYrQtoBZQ.VR6iUcJQYp3u_j7pwvL7YtPqGhtyQe5OhnBE2KCp5pM","expires_in":3599,"scope":"application openid","token_type":"bearer"}⏎ ~$ curl --insecure --location --request POST 'https://localhost/_/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=c001d00d-5ecc-beef-ca4e-b00b1e54a111' \
--data-urlencode 'scope=application openid' \
--data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
--data-urlencode 'client_assertion=eyJhb [...] jTw'
{"access_token":"wOYtgCLxLXlELORrwZlmeiqqMQ4kRzV-STU2_Sollas.mwlQGCZWXN7G2IoegUe1P0Vw5iGoKrkOzOaplhMSjm4","expires_in":3599,"scope":"application openid","token_type":"bearer"}
```
### Severity
We rate the severity as medium because the following reasons make it hard to replay tokens without the patch:
- TLS protects against MITM which makes it difficult to intercept valid tokens for replay attacks
- The expiry time of the JWT gives only a short window of opportunity where it could be replayed
### Patches
This will be patched with v1.4.0+oryOS.17
### Workarounds
Two workarounds have been identified:
- Do not allow clients to use `private_key_jwt`
- Use short expiry times for the JWTs
### References
https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
### Upstream
This issue will be resolved in the upstream repository https://github.com/ory/fosite
### Bug Fixes
* Add failing test case for [#1725](https://github.com/ory/hydra/issues/1725) ([#1727](https://github.com/ory/hydra/issues/1727)) ([74d8e31](https://github.com/ory/hydra/commit/74d8e3174c0adb33a263cb8d935d9c6c653fa81e))
* **client:** Remove 404 from GET responses ([#1746](https://github.com/ory/hydra/issues/1746)) ([6147e11](https://github.com/ory/hydra/commit/6147e119fed899f4d4ce52777d291328b23f1b4b)), closes [#1744](https://github.com/ory/hydra/issues/1744)
* **cli:** Set correct JWK alg on import ([#1761](https://github.com/ory/hydra/issues/1761)) ([e7f55cd](https://github.com/ory/hydra/commit/e7f55cd36a4e6b64e4ff2b8c331749472b78a8ba))
* Force transaction isolation level to `LevelRepeatableRead` ([#1766](https://github.com/ory/hydra/issues/1766)) ([ad7ae00](https://github.com/ory/hydra/commit/ad7ae006606a8be4d892bd3b554a609ff8ce9992)), closes [#1719](https://github.com/ory/hydra/issues/1719) [#1735](https://github.com/ory/hydra/issues/1735):
To improve consistency in certain authorization flows that utilize transactions, this PR forces the SQL storage transaction isolation level to `LevelRepeatableRead`. This will ensure that we avoid the phenomena of non-repeatable reads which occur when a transaction re-reads data it has previously read and then finds out that another transaction has since modified that data and committed. As a result, setting this isolation level fixes a flaw where one could use a given refresh token more than once. See the test added.
In the event that multiple concurrent transactions are competing under a given refresh token workflow, the underlying database engine will eventually return an error when one of the transactions successfully commits. For example, in such a scenario, postgres will rollback the transaction with:
```
could not serialize access due to concurrent update (SQLSTATE 40001)
```
* Move to ory sqa service ([#1768](https://github.com/ory/hydra/issues/1768)) ([c6bdbcf](https://github.com/ory/hydra/commit/c6bdbcf18b67fbdb815f568db7d222e511262d12))
* **sdk:** Ignore go-jose when generating swagger spec ([#1757](https://github.com/ory/hydra/issues/1757)) ([1388482](https://github.com/ory/hydra/commit/138848229874aa18b744b57369541d8c3da812a8))
### Code Refactoring
* **client:** Reduce SQL boilerplate code ([#1758](https://github.com/ory/hydra/issues/1758)) ([7ab7154](https://github.com/ory/hydra/commit/7ab715402bbbea33b824be01c4bd436e89e31a10)), closes [#1730](https://github.com/ory/hydra/issues/1730)
* Switch from lib/pq to jackc/pgx ([#1736](https://github.com/ory/hydra/issues/1736)) ([ec78668](https://github.com/ory/hydra/commit/ec786685d2873874962f1091c23259d74de9a0b2)), closes [#1599](https://github.com/ory/hydra/issues/1599)
* Switch from lib/pq to jackc/pgx ([#1738](https://github.com/ory/hydra/issues/1738)) ([2296e78](https://github.com/ory/hydra/commit/2296e78bac9f89006dddf2afed42fff16a080de1)), closes [#1599](https://github.com/ory/hydra/issues/1599)
### Documentation
* Regenerate and update changelog ([179dd5a](https://github.com/ory/hydra/commit/179dd5af03c6f8d9227aa55f7cf6d496a6928933))
* Regenerate and update changelog ([fefed90](https://github.com/ory/hydra/commit/fefed90011819f6179002c49d8c2ed840598741d))
* Regenerate and update changelog ([6a52b87](https://github.com/ory/hydra/commit/6a52b87eae12c49256b91b02fe0a271709d5eb7f))
* Regenerate and update changelog ([284184c](https://github.com/ory/hydra/commit/284184c7eec8391c7c194f4fd4a169e798426960))
* Regenerate and update changelog ([6623eb0](https://github.com/ory/hydra/commit/6623eb05d0bccc3d6f8d45617b3c59f0092117a5))
* Regenerate and update changelog ([950d6fc](https://github.com/ory/hydra/commit/950d6fc0f1e623ef6846ba508722e6845b6517bb))
* Regenerate and update changelog ([142771a](https://github.com/ory/hydra/commit/142771ab848bb36399f25eea1501b71579e05b1b))
* Regenerate and update changelog ([95fe01f](https://github.com/ory/hydra/commit/95fe01ff3365bef76ab023aaa91c97312958c9c7))
* Regenerate and update changelog ([6ec8688](https://github.com/ory/hydra/commit/6ec8688ae351efe851d783edad4e60b488af7d46))
* Regenerate and update changelog ([e1e89e7](https://github.com/ory/hydra/commit/e1e89e7d0ac6623ec10d53d59e8e42ea0d15c742))
* Regenerate and update changelog ([92682e2](https://github.com/ory/hydra/commit/92682e283695f683d94c79a949190cde3857fb0c))
* Regenerate and update changelog ([89710e1](https://github.com/ory/hydra/commit/89710e17f644a32ce8ee719764a9fd82355591fb))
* Regenerate and update changelog ([8dd9bb1](https://github.com/ory/hydra/commit/8dd9bb195e0c71c3123f0a93fc0f244050d0f7e2))
* Regenerate and update changelog ([e527db2](https://github.com/ory/hydra/commit/e527db27efcfbc7235fe282a4fd28b21a220febe))
* Update forum and chat links ([4de078a](https://github.com/ory/hydra/commit/4de078af7e2e79f9ebc6aef1a6ac0b0a10b05384))
* Updates issue and pull request templates ([#1764](https://github.com/ory/hydra/issues/1764)) ([1a0c643](https://github.com/ory/hydra/commit/1a0c643fc2e49f1e1beff2e85ee56a0ff8100d06))
### Features
* Add session data encryption ([#1750](https://github.com/ory/hydra/issues/1750)) ([caec461](https://github.com/ory/hydra/commit/caec46117ae811947eb22da36da0016a489496cf)), closes [#1649](https://github.com/ory/hydra/issues/1649)
### Unclassified
* Merge pull request from GHSA-3p3g-vpw6-4w66 ([700d17d](https://github.com/ory/hydra/commit/700d17d3b7d507de1b1d459a7261d6fb2571ebe3))
* Revert "refactor: switch from lib/pq to jackc/pgx (#1736)" (#1737) ([7ff16cf](https://github.com/ory/hydra/commit/7ff16cfc4eb22c3b7330a93275f40ef7406775a7)), closes [#1736](https://github.com/ory/hydra/issues/1736) [#1737](https://github.com/ory/hydra/issues/1737):
This reverts commit ec786685d2873874962f1091c23259d74de9a0b2.
# [1.3.2](https://github.com/ory/hydra/compare/v1.3.1...v1.3.2) (2020-02-17)
chore: Regenerate swagger spec and internal client
### Bug Fixes
* **consent:** Properly handle null handle_at ([07b82e1](https://github.com/ory/hydra/commit/07b82e185761e48a963cb9c14ac021753fc678c5)), closes [#1725](https://github.com/ory/hydra/issues/1725)
### Chores
* Regenerate swagger spec and internal client ([388284f](https://github.com/ory/hydra/commit/388284fdf4d43bba68ce7df8172a879406c23c3b))
### Documentation
* Regenerate and update changelog ([2f9f103](https://github.com/ory/hydra/commit/2f9f103bf867b1ba3f1ef978c6dc0f4a083f8107))
# [1.3.1](https://github.com/ory/hydra/compare/v1.3.0...v1.3.1) (2020-02-16)
ci: Bump SDK orb
### Continuous Integration
* Bump SDK orb ([2fcf48a](https://github.com/ory/hydra/commit/2fcf48a396aeb6215f34934ab01c0f5159e3696c))
# [1.3.0](https://github.com/ory/hydra/compare/v1.2.3...v1.3.0) (2020-02-14)
docs: Regenerate and update changelog
### Bug Fixes
* Bump Go to 1.13 for e2e docker images ([68f5b2d](https://github.com/ory/hydra/commit/68f5b2d46d2f48b6725adcc0308355fd75545944))
* **consent:** Fix concurrent write and read on map ([#1722](https://github.com/ory/hydra/issues/1722)) ([75126de](https://github.com/ory/hydra/commit/75126deff3bbd2374001aef6fd6ec2fad586545e)), closes [#1721](https://github.com/ory/hydra/issues/1721)
* **consent:** Resolve test issues ([d28d98d](https://github.com/ory/hydra/commit/d28d98dd18b47b8fd4097ed4fb07ca4e5f5b4682))
* Resolve linter complaints ([f1c926b](https://github.com/ory/hydra/commit/f1c926bd722f8dae83845159f216a26b8e4b19a6))
* Send 401 instead of 404 for unknown client ([#1707](https://github.com/ory/hydra/issues/1707)) ([2bcd432](https://github.com/ory/hydra/commit/2bcd4321cafb5dc8b7891d231523f08855e0b3fd)), closes [#1617](https://github.com/ory/hydra/issues/1617)
* Update for 5 minute tutorial ([#1704](https://github.com/ory/hydra/issues/1704)) ([aeecfe1](https://github.com/ory/hydra/commit/aeecfe1c8fa248d416bf27778662403cc515769c))
### Documentation
* Prepare 1.3.0 release ([13c2216](https://github.com/ory/hydra/commit/13c2216ae41234e871623c752d7e1974dc342254))
* Prepare ecosystem automation ([c26a088](https://github.com/ory/hydra/commit/c26a0889601a30346fb75efa6a8bfba54db0b5ab))
* Regenerate and update changelog ([513160b](https://github.com/ory/hydra/commit/513160bf6569a79c631c5fc0389bc0e6d1364c4c))
* Regenerate and update changelog ([f146fda](https://github.com/ory/hydra/commit/f146fda8d096bda78c5f8600330ba718dec6447e))
* Regenerate and update changelog ([35755bd](https://github.com/ory/hydra/commit/35755bd87edaa6d823ee2d6ad4d563175ea8e360))
* Regenerate and update changelog ([a86c8e6](https://github.com/ory/hydra/commit/a86c8e650c3033cb40ee3af71bade53df52b7f3c))
* Regenerate and update changelog ([4ff179a](https://github.com/ory/hydra/commit/4ff179a61eab2c2148c25d53fb566ca367fa1c3f))
* Regenerate and update changelog ([7b89b43](https://github.com/ory/hydra/commit/7b89b432f01fc7cd396f42e312c2c089ca7ce0f4))
* Regenerate and update changelog ([f11d143](https://github.com/ory/hydra/commit/f11d143a2eaabc01de4e33f2b0bf490fd98f6f8e))
* Remove examples section from ecosystem ([15dfef0](https://github.com/ory/hydra/commit/15dfef0240a770e74c1bef8063c5aca407d780b1))
* Updates issue and pull request templates ([#1715](https://github.com/ory/hydra/issues/1715)) ([694d333](https://github.com/ory/hydra/commit/694d333af9ed2cdf756827558ebf0178b5e8512c))
### Features
* New setting to specify SameSite cookie mode ([#1718](https://github.com/ory/hydra/issues/1718)) ([715522a](https://github.com/ory/hydra/commit/715522a55f386353a2f816202b09d311b716a4c8)):
Recent changes to Chrome require setting of SameSite cookie policy if it is acceptable for cookies to be used in a third party setting: https://blog.chromium.org/2020/02/samesite-cookie-changes-in-february.html
Some discussion on this in the community board https://community.ory.sh/t/does-hydra-support-samesite-none-for-cookies/1491
### Unclassified
* feat(consent)!: Track handled_at for consent requests (#1689) ([d9308fa](https://github.com/ory/hydra/commit/d9308fa0dba26019a59e4d97e85b036133ad8362)), closes [#1689](https://github.com/ory/hydra/issues/1689) [#1684](https://github.com/ory/hydra/issues/1684):
This patch adds a feature where handling (accepting or rejecting) a consent request causes a time stamp (`handled_at`) to be updated.
This patch includes schema changes that required `hydra migrate sql` to be applied.
* Update CHANGELOG [ci skip] ([91d6737](https://github.com/ory/hydra/commit/91d67376ccef3c2e1f3146b098bc9383a9ba25f4))
* Update CHANGELOG [ci skip] ([2d8c1ec](https://github.com/ory/hydra/commit/2d8c1ec75c46067ea1bcebeeabf99411465bc7e9))
* Add swagutil to tools (#1714) ([d3eac25](https://github.com/ory/hydra/commit/d3eac2515b43a393ccf21de7b4195d63aa76f916)), closes [#1714](https://github.com/ory/hydra/issues/1714)
# [1.2.3](https://github.com/ory/hydra/compare/v1.2.2...v1.2.3) (2020-01-31)
Update CHANGELOG [ci skip]
### Unclassified
* Update CHANGELOG [ci skip] ([ae4334d](https://github.com/ory/hydra/commit/ae4334d458aa06d127e56a91d41bdb95665ea6b5))
* Small punctuation README change (#1713) ([f83edb2](https://github.com/ory/hydra/commit/f83edb290e836b09d4ef4a1fe2388c8c48e588ab)), closes [#1713](https://github.com/ory/hydra/issues/1713)
* Update CHANGELOG [ci skip] ([5cd6736](https://github.com/ory/hydra/commit/5cd67362184877175fe251f06817f6aa129fc1ab))
* Update CHANGELOG [ci skip] ([4dd7acb](https://github.com/ory/hydra/commit/4dd7acb8e90fd794ed836319cbae266ee7053915))
* Remove merge client during update in memory ([#1705](https://github.com/ory/hydra/issues/1705)) ([b0bf43f](https://github.com/ory/hydra/commit/b0bf43f380d2194ff27353105e479562b9a9fbe8))
# [1.2.2](https://github.com/ory/hydra/compare/v1.2.1...v1.2.2) (2020-01-23)
Updates configuration value for supported OIDC Subject Types (#1706)
Renames config key `oidc.subject_identifiers.enabled` to `oidc.subject_identifiers.supported_types`. See #1704
### Documentation
* Updates issue and pull request templates ([#1700](https://github.com/ory/hydra/issues/1700)) ([cb5de79](https://github.com/ory/hydra/commit/cb5de79bc5ed5cf30564f0a9f16aaaa1ef1b7151))
### Unclassified
* Updates configuration value for supported OIDC Subject Types (#1706) ([2e285b9](https://github.com/ory/hydra/commit/2e285b915561d3b9848139d95e163ac2a6dd22a3)), closes [#1706](https://github.com/ory/hydra/issues/1706) [#1704](https://github.com/ory/hydra/issues/1704)
* Update CHANGELOG [ci skip] ([37e96b7](https://github.com/ory/hydra/commit/37e96b727bfeee8629b7047de49ea09821c082c8))
* Update CHANGELOG [ci skip] ([cb7274f](https://github.com/ory/hydra/commit/cb7274ff1b7624ff6f372b79fb025debbabc7ac9))
* Fix logging Span ID ([#1695](https://github.com/ory/hydra/issues/1695)) ([7f84351](https://github.com/ory/hydra/commit/7f84351853269d82493db73c6bd566ccb73a98bf))
* Update ory/x dependency to 0.0.89 ([#1702](https://github.com/ory/hydra/issues/1702)) ([5a27ab3](https://github.com/ory/hydra/commit/5a27ab34f567f80e4b771590c217d52b1e6d8eb2)), closes [#1667](https://github.com/ory/hydra/issues/1667)
# [1.2.1](https://github.com/ory/hydra/compare/v1.2.0...v1.2.1) (2020-01-15)
Update CHANGELOG [ci skip]
### Unclassified
* Update CHANGELOG [ci skip] ([6ab4587](https://github.com/ory/hydra/commit/6ab45872b6ac944b65d19c4d29969edfa5836a31))
* Remove sdk/generate as dependency from changelog ([9565bf3](https://github.com/ory/hydra/commit/9565bf3c685f8c6f6affdee3386c7094c23a6b16))
* Update CHANGELOG [ci skip] ([f40d2a8](https://github.com/ory/hydra/commit/f40d2a8a4bfd6c1003874faaff1ae40ed07728c7))
* Update CHANGELOG [ci skip] ([0761156](https://github.com/ory/hydra/commit/0761156a3669e88bdab7503a27c6a3bd4a2a83d4))
* Update SDK ([f1b45c3](https://github.com/ory/hydra/commit/f1b45c34558df03ec3e1bf3c52fea0321ddbfb20))
* Update CHANGELOG [ci skip] ([fc16ab9](https://github.com/ory/hydra/commit/fc16ab97646bb444d90925b920c651e450cf1f38))
* Update SDK ([bb41c80](https://github.com/ory/hydra/commit/bb41c807995a44de7c14474cefaf79415128e7bf))
* Update CHANGELOG [ci skip] ([7cbeb97](https://github.com/ory/hydra/commit/7cbeb9794c242c0bbbbab63f5f13ed472a6a5764))
* Update SDK ([e21a6c0](https://github.com/ory/hydra/commit/e21a6c0344f18d972b4ae1b76521120624a4fbc8))
* Update Consent API Swagger definitions (#1682) ([8bd4e55](https://github.com/ory/hydra/commit/8bd4e550672bcf2ea9ac92691467a03e3176df17)), closes [#1682](https://github.com/ory/hydra/issues/1682)
* Update CHANGELOG [ci skip] ([9b83358](https://github.com/ory/hydra/commit/9b8335849070da01ba61c45c7585cdff1babe050))
* Update SDK ([23b209f](https://github.com/ory/hydra/commit/23b209f9400c38831545b89122b07b79e2e2b3bc))
* Bump docker base images ([#1686](https://github.com/ory/hydra/issues/1686)) ([51249b9](https://github.com/ory/hydra/commit/51249b9439682856396e7c463532ed4b3e691a2e)):
Go to v1.13.5
Alpine to v3.11
* Make logging traceable ([#1685](https://github.com/ory/hydra/issues/1685)) ([3cee9b1](https://github.com/ory/hydra/commit/3cee9b1709f630dfaf03bc8fc9dc04a88385f720))
* Restrict fc & bc logout to sid parameter ([#1691](https://github.com/ory/hydra/issues/1691)) ([d68838e](https://github.com/ory/hydra/commit/d68838e99a276598bf8235611b4f88c3e4d2c29f)), closes [#1660](https://github.com/ory/hydra/issues/1660)
# [1.2.0](https://github.com/ory/hydra/compare/v1.2.0-alpha.3...v1.2.0) (2020-01-08)
Update CHANGELOG [ci skip]
### Unclassified
* Update CHANGELOG [ci skip] ([fabf0ca](https://github.com/ory/hydra/commit/fabf0caf3943d38e997c6d545f3694347cf8d2d4))
* Update SDK ([2b4fe8c](https://github.com/ory/hydra/commit/2b4fe8cc5232376dfc0771d326a33caa6ef9a89d))
# [1.2.0-alpha.3](https://github.com/ory/hydra/compare/v1.2.0-alpha.2...v1.2.0-alpha.3) (2020-01-08)
Remove unused swagger definitions (#1681)
### Unclassified
* Remove unused swagger definitions (#1681) ([7d3f73c](https://github.com/ory/hydra/commit/7d3f73cdbff29269bfbe99d65ded1c5b92499921)), closes [#1681](https://github.com/ory/hydra/issues/1681)
* Update CHANGELOG [ci skip] ([a276bc7](https://github.com/ory/hydra/commit/a276bc76ee7fa1a13a99a59e11f30c3c251df107))
* Update SDK ([88965e1](https://github.com/ory/hydra/commit/88965e1ce6a3fd66af6f0f19c96f4e7816c7b6a9))
# [1.2.0-alpha.2](https://github.com/ory/hydra/compare/v1.2.0-alpha.1...v1.2.0-alpha.2) (2020-01-08)
ci: Bump sdk orb to 0.1.10
### Continuous Integration
* Bump sdk orb to 0.1.10 ([6fa6e41](https://github.com/ory/hydra/commit/6fa6e41cb200f5c37480f14b54af4ab16001f7e9))
# [1.2.0-alpha.1](https://github.com/ory/hydra/compare/v1.1.1...v1.2.0-alpha.1) (2020-01-07)
Update CHANGELOG [ci skip]
### Documentation
* Add better development instructions ([#1678](https://github.com/ory/hydra/issues/1678)) ([4b81e9e](https://github.com/ory/hydra/commit/4b81e9e00a27a9af0d73f2c1a3581507ce44ff32))
* Incorporates changes from version v1.1.1 [ci skip] ([43d1218](https://github.com/ory/hydra/commit/43d1218f3c677713d2146a7c3f9328c333d75a84))
* Incorporates changes from version v1.1.1-2-g0a551405 [ci skip] ([f0f8902](https://github.com/ory/hydra/commit/f0f89026d0d3bcfa4f1a4606fa4d5837a0aab1fd))
* Incorporates changes from version v1.1.1-4-g62345587 [ci skip] ([ee61dff](https://github.com/ory/hydra/commit/ee61dfff139572227b597b0239e3f208bb45cf56))
### Unclassified
* Update CHANGELOG [ci skip] ([1672777](https://github.com/ory/hydra/commit/1672777fa25bac6b6d52d092b4e73cdd0c0cd7c2))
* Update SDK ([28374ce](https://github.com/ory/hydra/commit/28374ce131e5f08ef4da842336c1e53626b0d567))
* Update CHANGELOG [ci skip] ([5621f9a](https://github.com/ory/hydra/commit/5621f9adc0ac389985d1353adca2815bb28095dc))
* Update SDK ([11ac7b4](https://github.com/ory/hydra/commit/11ac7b4da09a9bd69da4a244231101ff318e77eb))
* Update CHANGELOG [ci skip] ([2e99644](https://github.com/ory/hydra/commit/2e99644bdfade53f4a130389aec348d6c49499c9))
* Update SDK ([6446c55](https://github.com/ory/hydra/commit/6446c55b9b97f364c16a8663dc65b798fc20db51))
* Move to new SDK generator (#1677) ([02e7c22](https://github.com/ory/hydra/commit/02e7c22e0196f8fdf4cd77601e3c63749d7a0982)), closes [#1677](https://github.com/ory/hydra/issues/1677):
This PR moves to the new SDK generation pipeline. Due to an accidental push to master from a broken CI task, it includes several commits that are already in master. Please ignore those commits named `(interim)`. This is the correct umbrella commit.
* Update SDK ([5795d50](https://github.com/ory/hydra/commit/5795d505c97ac8f9fe8c642e27d95d4733a5a2a3))
* Implement new SDK pipeline (interim) ([d1778b8](https://github.com/ory/hydra/commit/d1778b8a6d9435fa95f1b4b8efc38b9639a5109d)):
This is an interim commit that got pushed to master by the CI on accident.
* Implement new SDK pipeline (interim) ([84a53b3](https://github.com/ory/hydra/commit/84a53b333857eb27ffa8a74b46a724dc66573bb8)):
This is an interim commit that got pushed to master by the CI on accident.
* Implement new SDK pipeline (interim) ([c499e52](https://github.com/ory/hydra/commit/c499e52bbcb146813a61b29943fda61be05a696d)):
This is an interim commit that got pushed to master by the CI on accident.
* Update SDK ([4293f5f](https://github.com/ory/hydra/commit/4293f5ffa721a2970a8c2e2a0e7bf1129a8bba47))
* Implement new SDK pipeline (interim) ([1e9eaf0](https://github.com/ory/hydra/commit/1e9eaf037d719eab4e55be24c871975a96b1f18d)):
This is an interim commit that got pushed to master by the CI on accident.
* Implement new SDK pipeline (interim) ([57c4b29](https://github.com/ory/hydra/commit/57c4b29869135e9f204ba3040f8b4606ddb337e8)):
This is an interim commit that got pushed to master by the CI on accident.
* Implement new SDK pipeline (interim) ([7298581](https://github.com/ory/hydra/commit/72985810c63c9b72a7323619412817620f6c8a21)):
This is an interim commit that got pushed to master by the CI on accident.
* Implement new SDK pipeline (interim) ([4880fb2](https://github.com/ory/hydra/commit/4880fb24370020af917f946a511f1d515668f12c)):
This is an interim commit that got pushed to master by the CI on accident.
* Implement new SDK pipeline (interim) ([51ad2fb](https://github.com/ory/hydra/commit/51ad2fbd151ff8e53557a73b835b2daea8c63a16)):
This is an interim commit that got pushed to master by the CI on accident.
* Implement new SDK pipeline (interim) ([dccf0e4](https://github.com/ory/hydra/commit/dccf0e479193edb84c5c1edc3039fa886c640108)):
This is an interim commit that got pushed to master by the CI on accident.
* Implement new SDK pipeline (interim) ([209f541](https://github.com/ory/hydra/commit/209f5415d55eccc8528bb979bfba66936bc68b8d)):
This is an interim commit that got pushed to master by the CI on accident.
* Implement new SDK pipeline (interim) ([bcc177c](https://github.com/ory/hydra/commit/bcc177cc08bb5777d4be0f0a99bc965951ac82dc)):
This is an interim commit that got pushed to master by the CI on accident.
* Implement new SDK pipeline (interim) ([b61cb5c](https://github.com/ory/hydra/commit/b61cb5c18a8b497843bebd1a975bc3269468cd31)):
This is an interim commit that got pushed to master by the CI on accident.
* Implement new SDK pipeline (interim) ([7855215](https://github.com/ory/hydra/commit/7855215c17d43a04385c076e98f296b627a224e7)):
This is an interim commit that got pushed to master by the CI on accident.
* Update CHANGELOG [ci skip] ([487aaf8](https://github.com/ory/hydra/commit/487aaf8de10048875c5ddac10479d6dd7a5504cd))
* Update config.yaml (#1676) ([bca3e0f](https://github.com/ory/hydra/commit/bca3e0f9add0b878877d9d4e6016a41fd6f96be0)), closes [#1676](https://github.com/ory/hydra/issues/1676):
Use the actual default admin port in example.
* Implement new SDK pipeline (interim) ([94101dc](https://github.com/ory/hydra/commit/94101dcf0b32569cfc960f579ba0a28600b94fbe)):
This is an interim commit that got pushed to master by the CI on accident.
* Use circleci changelog orb (#1675) ([1aa9a52](https://github.com/ory/hydra/commit/1aa9a524b2be84f074991c521c52d7d2b23663e8)), closes [#1675](https://github.com/ory/hydra/issues/1675)
* Reintroduce SDK task ([0a55140](https://github.com/ory/hydra/commit/0a551405a0f84d83a7aac980242e5606c4fd04dc))
* Use generate secrets function as used in cmd ([#1674](https://github.com/ory/hydra/issues/1674)) ([bf2f0fe](https://github.com/ory/hydra/commit/bf2f0fe8891d938988d63178a31910b2d1b6e72a)):
If a client is being created by the api and the client_secret is not specified then the client_secret is being generated as a random string of length 26.
# [1.1.1](https://github.com/ory/hydra/compare/v1.1.0...v1.1.1) (2019-12-19)
docs: Incorporates changes from version v1.1.0-4-gc37b710b [ci skip]
### Documentation
* Incorporates changes from version v1.1.0 [ci skip] ([2e24e66](https://github.com/ory/hydra/commit/2e24e662273227dee5f7e411842f675d99d8c3fc))
* Incorporates changes from version v1.1.0-2-gc9a01e65 [ci skip] ([e5b5de0](https://github.com/ory/hydra/commit/e5b5de0caef3722716068be1ea569a20a63db7bb))
* Incorporates changes from version v1.1.0-4-gc37b710b [ci skip] ([d78f403](https://github.com/ory/hydra/commit/d78f4030c58a4e51423f3e457ff21a2015c5032e))
### Unclassified
* Create and use a proper user in the alpine Dockerfile (#1669) ([c37b710](https://github.com/ory/hydra/commit/c37b710b338a941688f48681c35ebd6e881cbdce)), closes [#1669](https://github.com/ory/hydra/issues/1669) [#1596](https://github.com/ory/hydra/issues/1596)
* Added tests for helpers ([#1665](https://github.com/ory/hydra/issues/1665)) ([c9a01e6](https://github.com/ory/hydra/commit/c9a01e65049697f30deb12cdfa4c389591ea1b89))
# [1.1.0](https://github.com/ory/hydra/compare/v1.0.9...v1.1.0) (2019-12-16)
docs: Update upgrade guide for 1.1.0
### Documentation
* Incorporates changes from version v1.0.9 [ci skip] ([36144f7](https://github.com/ory/hydra/commit/36144f70ad768e7be75e7a156ed227162e1c9ea7))
* Incorporates changes from version v1.0.9-12-gc1a5c3a5 [ci skip] ([4010d43](https://github.com/ory/hydra/commit/4010d43d7633a26c658e456cb18fc95a4f465262))
* Incorporates changes from version v1.0.9-14-ge6f4f90c [ci skip] ([b0ddc2a](https://github.com/ory/hydra/commit/b0ddc2af71d760391c71dbd10c36fd38f6e7b7d1))
* Incorporates changes from version v1.0.9-2-gd5e8f970 [ci skip] ([a47dd97](https://github.com/ory/hydra/commit/a47dd97835684b04df2c26cf8f9e142f549bbcb1))
* Incorporates changes from version v1.0.9-5-g53d5c7cb [ci skip] ([3569ea3](https://github.com/ory/hydra/commit/3569ea381eac5ce7d31aba5c66f796015cfe5926))
* Incorporates changes from version v1.0.9-7-g9abfe794 [ci skip] ([c87c9ad](https://github.com/ory/hydra/commit/c87c9addec0750b35d0df526d203291dd5f4e251))
* Incorporates changes from version v1.0.9-9-ge0f0a50d [ci skip] ([9dbf8b5](https://github.com/ory/hydra/commit/9dbf8b538b3374a0293884b9d6a0663ab378648c))
* Update upgrade guide for 1.1.0 ([d752cfb](https://github.com/ory/hydra/commit/d752cfbce4b554cd648c9772de2f5b32ccc8a40c))
### Unclassified
* Update README banner (#1661) ([e6f4f90](https://github.com/ory/hydra/commit/e6f4f90c627fd222dc41914ba4bac09a5aede145)), closes [#1661](https://github.com/ory/hydra/issues/1661)
* Add several SQL lookup indices (#1654) ([7cb7783](https://github.com/ory/hydra/commit/7cb7783012d9a9dccb61c38f2466916968eab8ab)), closes [#1654](https://github.com/ory/hydra/issues/1654) [#1653](https://github.com/ory/hydra/issues/1653)
* Fix typo in handler.go comment (#1626) ([53d5c7c](https://github.com/ory/hydra/commit/53d5c7cb96b89cffc546f5d4a9f2c308b75841bf)), closes [#1626](https://github.com/ory/hydra/issues/1626):
... and generated documentation
* Update dockerfiles to latest alpine and golang (#1636) ([19bba5c](https://github.com/ory/hydra/commit/19bba5ca4dfed1271a6f72caf646746fe3de6908)), closes [#1636](https://github.com/ory/hydra/issues/1636)
* Update upgrade changelog (#1632) ([d5e8f97](https://github.com/ory/hydra/commit/d5e8f970265b3794da263676f1166e75a7f1b9d4)), closes [#1632](https://github.com/ory/hydra/issues/1632)
* Bump ory/fosite to v0.30.2 ([#1643](https://github.com/ory/hydra/issues/1643)) ([e0f0a50](https://github.com/ory/hydra/commit/e0f0a50d0c9440ea9772e51df6f1f2dbd3915e0e)), closes [#1642](https://github.com/ory/hydra/issues/1642)
* Bump ory/x to 0.0.82 ([#1641](https://github.com/ory/hydra/issues/1641)) ([9abfe79](https://github.com/ory/hydra/commit/9abfe794e2983845c5689f88e4c3aac761eebbfd)), closes [#1640](https://github.com/ory/hydra/issues/1640):
Resolves an issue where the MySQL connection string would be included
in the logs.
* Update ory/x to latest version ([#1655](https://github.com/ory/hydra/issues/1655)) ([c1a5c3a](https://github.com/ory/hydra/commit/c1a5c3a5f4d59b60e1da5a10425356e196e76690))
# [1.0.9](https://github.com/ory/hydra/compare/v1.0.8...v1.0.9) (2019-11-02)
docs: Incorporates changes from version v1.0.8-18-gb48b1a08 [ci skip]
### Documentation
* Incorporates changes from version v1.0.8-13-gc629190a [ci skip] ([8de3dca](https://github.com/ory/hydra/commit/8de3dca2e9396b1d85a1cbb0b799438a29618606))
* Incorporates changes from version v1.0.8-15-g31ecf09c [ci skip] ([ad9db79](https://github.com/ory/hydra/commit/ad9db79dca08121441c2799a01aed3b833f6631f))
* Incorporates changes from version v1.0.8-18-gb48b1a08 [ci skip] ([ba3f66f](https://github.com/ory/hydra/commit/ba3f66fb3bcb6bac5e686c1e486cffea564b31f7))
* Incorporates changes from version v1.0.8-8-g757c2d39 ([e17c1ba](https://github.com/ory/hydra/commit/e17c1ba2b4397623db3116a21dc9b1ebebe9a603))
* Incorporates changes from version v1.0.8-9-ge17c1ba2 ([c066278](https://github.com/ory/hydra/commit/c0662780ef7255de7edec6fa35f10811c4d795f0))
* Remove OAuth 2.0 Dynamic Client Registration links ([#1611](https://github.com/ory/hydra/issues/1611)) ([40d2276](https://github.com/ory/hydra/commit/40d2276155cd10189071d5112c70988561018880)), closes [#1601](https://github.com/ory/hydra/issues/1601)
* Resolve broken markdown links ([#1612](https://github.com/ory/hydra/issues/1612)) ([c629190](https://github.com/ory/hydra/commit/c629190ac8cb8101b9b75f63e8f42b541af3ffaf)), closes [#1600](https://github.com/ory/hydra/issues/1600)
### Unclassified
* Revert incorrect license changes ([9722506](https://github.com/ory/hydra/commit/972250612fc57b78474a04b38abbc42384c77cba))
* Updated README.md file (#1606) ([44ee9e2](https://github.com/ory/hydra/commit/44ee9e2797b6c55fc8d0275c92ddb21a6d08b627)), closes [#1606](https://github.com/ory/hydra/issues/1606):
Made grammatical corrections
* Remove unnecessary paragraph in Hydra API docs (#1605) ([6ff3510](https://github.com/ory/hydra/commit/6ff3510f8a3c26ea8767e5692de56f2a907e12eb)), closes [#1605](https://github.com/ory/hydra/issues/1605)
* Add optional metadata field ([#1602](https://github.com/ory/hydra/issues/1602)) ([c84adc7](https://github.com/ory/hydra/commit/c84adc741316ffb25cd19434dbe38f677b494e09)), closes [#1594](https://github.com/ory/hydra/issues/1594):
Added field `metadata` to client payloads which can be used to store arbitrary JSON blobs.l
* Change pk field to int64 ([#1597](https://github.com/ory/hydra/issues/1597)) ([7547ac9](https://github.com/ory/hydra/commit/7547ac9da82969e80d5f649d1fe3864000c28829)), closes [#1595](https://github.com/ory/hydra/issues/1595):
Changed PK from int to int64, ran make test with no issues.
* Correct alias in OAuth2 scopes documentation ([#1613](https://github.com/ory/hydra/issues/1613)) ([31ecf09](https://github.com/ory/hydra/commit/31ecf09cb48bce61d3057b1de162c7c39251d6a1))
* **deps:** Bump jackson-version in /sdk/java/hydra-client-resttemplate ([#1608](https://github.com/ory/hydra/issues/1608)) ([713a5ae](https://github.com/ory/hydra/commit/713a5aecdf3f6def54b2766d854dabaaa81342ff)):
Bumps `jackson-version` from 2.8.9 to 2.10.0.
Updates `jackson-core` from 2.8.9 to 2.10.0
- [Release notes](https://github.com/FasterXML/jackson-core/releases)
- [Commits](https://github.com/FasterXML/jackson-core/compare/jackson-core-2.8.9...jackson-core-2.10.0)
Updates `jackson-annotations` from 2.8.9 to 2.10.0
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)
Updates `jackson-databind` from 2.8.9 to 2.10.0
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)
Updates `jackson-jaxrs-json-provider` from 2.8.9 to 2.10.0
Updates `jackson-datatype-joda` from 2.8.9 to 2.10.0
- [Release notes](https://github.com/FasterXML/jackson-datatype-joda/releases)
- [Commits](https://github.com/FasterXML/jackson-datatype-joda/compare/jackson-datatype-joda-2.8.9...jackson-datatype-joda-2.10.0)
* Fix CORS origin match for OAuth2 Clients ([#1624](https://github.com/ory/hydra/issues/1624)) ([b48b1a0](https://github.com/ory/hydra/commit/b48b1a0856d0bd043ef21a4ba82ecb92294df443)), closes [#1615](https://github.com/ory/hydra/issues/1615)
# [1.0.8](https://github.com/ory/hydra/compare/v1.0.7...v1.0.8) (2019-10-04)
driver: don't log DSN (#1593)
### Unclassified
* Don't log DSN ([#1593](https://github.com/ory/hydra/issues/1593)) ([f60c724](https://github.com/ory/hydra/commit/f60c7241788e4860a4fc1b1f7dfe2fed3a93a662))
* Don't touch authentication cookie on skipped logins ([#1564](https://github.com/ory/hydra/issues/1564)) ([31752ab](https://github.com/ory/hydra/commit/31752abb913176ff40675261e21eadacb88bd903)), closes [#1557](https://github.com/ory/hydra/issues/1557)
# [1.0.7](https://github.com/ory/hydra/compare/v1.0.6...v1.0.7) (2019-09-29)
ci: Update github_changhelog_generator version
### Continuous Integration
* Update github_changhelog_generator version ([46afe21](https://github.com/ory/hydra/commit/46afe21f9da45b0bfd18d586fcb88ffa1ba43f1c))
# [1.0.6](https://github.com/ory/hydra/compare/v1.0.5...v1.0.6) (2019-09-29)
ci: Use ruby 2.5
### Continuous Integration
* Use ruby 2.5 ([a3e6674](https://github.com/ory/hydra/commit/a3e6674fde39b9a790755c4bdbc3c07432d262ab))
# [1.0.5](https://github.com/ory/hydra/compare/v1.0.4...v1.0.5) (2019-09-28)
ci: Bump changelog ruby version (#1586)
### Continuous Integration
* Bump changelog ruby version ([#1586](https://github.com/ory/hydra/issues/1586)) ([3734cf8](https://github.com/ory/hydra/commit/3734cf8c7263a3a46de33f11c0e6baddbe9e46d0))
# [1.0.4](https://github.com/ory/hydra/compare/v1.0.3...v1.0.4) (2019-09-26)
cmd: Remove stray log lines (#1581)
Closes https://github.com/ory/k8s/issues/55
### Unclassified
* Update README.md ([debbf30](https://github.com/ory/hydra/commit/debbf30df588d1038ebf974f74d3126ea2db511a))
* **deps:** Bump jackson-version in /sdk/java/hydra-client-resttemplate ([#1578](https://github.com/ory/hydra/issues/1578)) ([eaefe2d](https://github.com/ory/hydra/commit/eaefe2de719214ad4609e9d9279c584eff36c701)):
Bumps `jackson-version` from 2.8.9 to 2.10.0.pr3.
Updates `jackson-core` from 2.8.9 to 2.10.0.pr3
- [Release notes](https://github.com/FasterXML/jackson-core/releases)
- [Commits](https://github.com/FasterXML/jackson-core/compare/jackson-core-2.8.9...jackson-core-2.10.0.pr3)
Updates `jackson-annotations` from 2.8.9 to 2.10.0.pr3
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)
Updates `jackson-databind` from 2.8.9 to 2.10.0.pr3
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)
Updates `jackson-jaxrs-json-provider` from 2.8.9 to 2.10.0.pr3
Updates `jackson-datatype-joda` from 2.8.9 to 2.10.0.pr3
- [Release notes](https://github.com/FasterXML/jackson-datatype-joda/releases)
- [Commits](https://github.com/FasterXML/jackson-datatype-joda/compare/jackson-datatype-joda-2.8.9...jackson-datatype-joda-2.10.0.pr3)
* Make enforce pkce configurable ([#1579](https://github.com/ory/hydra/issues/1579)) ([fbac3e9](https://github.com/ory/hydra/commit/fbac3e945c02489917c2d4bfa2752bcd729f0d45))
* Remove stray log lines ([#1581](https://github.com/ory/hydra/issues/1581)) ([8ad7069](https://github.com/ory/hydra/commit/8ad70696994c460c8165da5e89edd0fa0d3b87d3)):
Closes https://github.com/ory/k8s/issues/55
# [1.0.3](https://github.com/ory/hydra/compare/v1.0.2...v1.0.3) (2019-09-23)
Fix broken release pipeline (#1575)
### Unclassified
* Fix broken release pipeline (#1575) ([b621694](https://github.com/ory/hydra/commit/b6216940dc932469e678e30a13ddaa9c8bd889c8)), closes [#1575](https://github.com/ory/hydra/issues/1575)
# [1.0.2](https://github.com/ory/hydra/compare/v1.0.1...v1.0.2) (2019-09-18)
docker: Add alpine image (#1566)
Closes #1558
### Unclassified
* Add quickstart for prometheus. (#1562) ([2728b36](https://github.com/ory/hydra/commit/2728b363465f11406cf4e2d428b02ef84c51fc89)), closes [#1562](https://github.com/ory/hydra/issues/1562)
* Add alpine image ([#1566](https://github.com/ory/hydra/issues/1566)) ([2fbcb59](https://github.com/ory/hydra/commit/2fbcb599e0149e3fb3c48202bee27ea078575a85)), closes [#1558](https://github.com/ory/hydra/issues/1558)
* Enable PKCE for private clients ([#1567](https://github.com/ory/hydra/issues/1567)) ([823e493](https://github.com/ory/hydra/commit/823e493696c5f9bd032d2c0354e3faa8730ccc7a)), closes [#1512](https://github.com/ory/hydra/issues/1512)
* Ensure order of paginated results ([9f22545](https://github.com/ory/hydra/commit/9f22545ea00dfb9fe76877122a15455ac01af46e)), closes [#1554](https://github.com/ory/hydra/issues/1554)
* Makes init task in makefile and corrects readme ([#1555](https://github.com/ory/hydra/issues/1555)) ([f834907](https://github.com/ory/hydra/commit/f8349074bd9859aa6b83db54451d3eb228a3615b))
* Resolve Go 1.12.7 regression in migrate sql ([#1565](https://github.com/ory/hydra/issues/1565)) ([d112c72](https://github.com/ory/hydra/commit/d112c72e1695cac5ccb851b31706c770301ccd19))
# [1.0.1](https://github.com/ory/hydra/compare/v1.0.0...v1.0.1) (2019-09-04)
Update README.md (#1549)
Space missing :)
### Documentation
* Clean up readme ([#1526](https://github.com/ory/hydra/issues/1526)) ([17aa7b9](https://github.com/ory/hydra/commit/17aa7b91b661b6c4d339a3c32ac1907809a3f973))
* Config flag is --config not -config ([#1489](https://github.com/ory/hydra/issues/1489)) ([dda7b55](https://github.com/ory/hydra/commit/dda7b55e6505214b0e367969335927737c21352a))
* Document prometheus API endpoint ([#1537](https://github.com/ory/hydra/issues/1537)) ([222009c](https://github.com/ory/hydra/commit/222009c24b014a11897c1dc56f568d3ba1163b9b))
* Fix /oauth2/token response ([#1538](https://github.com/ory/hydra/issues/1538)) ([dc8dead](https://github.com/ory/hydra/commit/dc8deadb28912d5585a3f6d7fc3b197c5aed997c)), closes [#1533](https://github.com/ory/hydra/issues/1533)
* Fix wrong command name ([#1496](https://github.com/ory/hydra/issues/1496)) ([0746f6f](https://github.com/ory/hydra/commit/0746f6f7fca056bf7d67736d47c2b3396777aa0f))
* Incorporates changes from version v1.0.0 ([ca29966](https://github.com/ory/hydra/commit/ca29966a4c8ac91d6cad8a5b075532c56776dbf2))
* Update libraries and 3rd party section ([#1518](https://github.com/ory/hydra/issues/1518)) ([c95512a](https://github.com/ory/hydra/commit/c95512a819f28e0cbbbc93e9750f76898a91d332)):
Mark old community projects as such.
* Updates issue and pull request templates ([#1500](https://github.com/ory/hydra/issues/1500)) ([e4e0e93](https://github.com/ory/hydra/commit/e4e0e932003a7b55b14d395eab54422be091ba81))
* Updates issue and pull request templates ([#1513](https://github.com/ory/hydra/issues/1513)) ([9c200f6](https://github.com/ory/hydra/commit/9c200f612c4f25040aa56b238b3b76a11bf2bffe))
* Updates issue and pull request templates ([#1522](https://github.com/ory/hydra/issues/1522)) ([800c1b2](https://github.com/ory/hydra/commit/800c1b2ecbcf8b072af9f5f9638833c6eb3529e4))
* Updates issue and pull request templates ([#1523](https://github.com/ory/hydra/issues/1523)) ([fe46241](https://github.com/ory/hydra/commit/fe46241a87dbc8db1750fd81a6cf751a532fcaf9))
* Updates issue and pull request templates ([#1525](https://github.com/ory/hydra/issues/1525)) ([4579356](https://github.com/ory/hydra/commit/4579356f8a18b3cece8a0963a4986bb8b33f21b5))
* Updates issue and pull request templates ([#1536](https://github.com/ory/hydra/issues/1536)) ([3eaa6c3](https://github.com/ory/hydra/commit/3eaa6c3752da7db4d9e5626a069a1be3831868ff))
### Unclassified
* Update README.md (#1549) ([937cb2e](https://github.com/ory/hydra/commit/937cb2e473c525d4e546bf34c5be1dd8ffcade28)), closes [#1549](https://github.com/ory/hydra/issues/1549):
Space missing :)
* Remove stray fmt.Printf (#1547) ([3578b04](https://github.com/ory/hydra/commit/3578b0438ca157b6db72d2dc8fafccc1c4bcbe4a)), closes [#1547](https://github.com/ory/hydra/issues/1547)
* Resolve broken apache thrift dependency (#1540) ([8604797](https://github.com/ory/hydra/commit/860479729bbe97cf0422cb3d9058d2a784f22077)), closes [#1540](https://github.com/ory/hydra/issues/1540) [#1539](https://github.com/ory/hydra/issues/1539)
* Improve OAuth2 API Docs (#1499) ([d1343ae](https://github.com/ory/hydra/commit/d1343ae2023bb2ad127ac12764cfe4f63e8f3eab)), closes [#1499](https://github.com/ory/hydra/issues/1499)
* Create FUNDING.yml ([ad78e56](https://github.com/ory/hydra/commit/ad78e56ff0429f9f7cc89046ca9214184872ebca))
* Add adopters placeholder ([#1521](https://github.com/ory/hydra/issues/1521)) ([0ff9ed0](https://github.com/ory/hydra/commit/0ff9ed0cbf9cb2fb89e5b1c0054f516302de0fd5))
* Bump to fosite 0.29.7 ([#1517](https://github.com/ory/hydra/issues/1517)) ([7956af7](https://github.com/ory/hydra/commit/7956af7a553afd1ef9a3e1efd428c3ec869908dc)), closes [#1512](https://github.com/ory/hydra/issues/1512):
Using PKCE with private clients now returns an error message.
* Deduplicate front-/backchannel logout calls ([#1531](https://github.com/ory/hydra/issues/1531)) ([a2f5724](https://github.com/ory/hydra/commit/a2f5724e8ef684cbfe059a136c71b4c52e1ec836))
* **deps:** Bump eslint-utils from 1.3.1 to 1.4.2 ([#1544](https://github.com/ory/hydra/issues/1544)) ([c929e6a](https://github.com/ory/hydra/commit/c929e6a076d3ff0b5a3a6b5e2c486979ab6e784a)):
Bumps [eslint-utils](https://github.com/mysticatea/eslint-utils) from 1.3.1 to 1.4.2.
- [Release notes](https://github.com/mysticatea/eslint-utils/releases)
- [Commits](https://github.com/mysticatea/eslint-utils/compare/v1.3.1...v1.4.2)
* **deps:** Bump extend from 3.0.1 to 3.0.2 ([#1514](https://github.com/ory/hydra/issues/1514)) ([aecbc07](https://github.com/ory/hydra/commit/aecbc072c54ebd20666ad53d393f507358da6ce3)):
Bumps [extend](https://github.com/justmoon/node-extend) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/justmoon/node-extend/releases)
- [Changelog](https://github.com/justmoon/node-extend/blob/master/CHANGELOG.md)
- [Commits](https://github.com/justmoon/node-extend/compare/v3.0.1...v3.0.2)
* **deps:** Bump jackson-version in /sdk/java/hydra-client-resttemplate ([#1505](https://github.com/ory/hydra/issues/1505)) ([aadd1c6](https://github.com/ory/hydra/commit/aadd1c6d72bf8cd460557856f72cf82d767dbc7d)):
Bumps `jackson-version` from 2.8.9 to 2.10.0.pr1.
Updates `jackson-core` from 2.8.9 to 2.10.0.pr1
- [Release notes](https://github.com/FasterXML/jackson-core/releases)
- [Commits](https://github.com/FasterXML/jackson-core/compare/jackson-core-2.8.9...jackson-core-2.10.0.pr1)
Updates `jackson-annotations` from 2.8.9 to 2.10.0.pr1
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)
Updates `jackson-databind` from 2.8.9 to 2.10.0.pr1
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)
Updates `jackson-jaxrs-json-provider` from 2.8.9 to 2.10.0.pr1
Updates `jackson-datatype-joda` from 2.8.9 to 2.10.0.pr1
- [Release notes](https://github.com/FasterXML/jackson-datatype-joda/releases)
- [Commits](https://github.com/FasterXML/jackson-datatype-joda/compare/jackson-datatype-joda-2.8.9...jackson-datatype-joda-2.10.0.pr1)
* **deps:** Bump lodash in /test/e2e/oauth2-client ([#1491](https://github.com/ory/hydra/issues/1491)) ([e4bac7e](https://github.com/ory/hydra/commit/e4bac7ed406c54eee61f30359db652572d5b724f)):
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.14.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.14)
* **deps:** Bump mixin-deep in /test/e2e/oauth2-client ([#1548](https://github.com/ory/hydra/issues/1548)) ([f47ece1](https://github.com/ory/hydra/commit/f47ece1dc03bf5c8b87612f53eb365d217660b9f)):
Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/jonschlinkert/mixin-deep/releases)
- [Commits](https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2)
* Enrich oauth2_token_response and params ([#1551](https://github.com/ory/hydra/issues/1551)) ([55873d2](https://github.com/ory/hydra/commit/55873d2744ac98b13ac6ba63e96a0b620fc46f5d)), closes [#1509](https://github.com/ory/hydra/issues/1509) [#1533](https://github.com/ory/hydra/issues/1533):
Add IdToken and Scope to oauth2_token_response.
These fields are presented in response and should be parsed.
Add RefreshToken field to oauth2_token_params.
With RefreshToken field we will be able to refresh Access token
by providing Refresh token.
* Fix migration plan output ([#1504](https://github.com/ory/hydra/issues/1504)) ([e4ae446](https://github.com/ory/hydra/commit/e4ae446ff63530665288b0e87c059faa831f754e)):
The output of "migration sql" returned duplicate lines and misassigned migrations to their components.
This patch resolves that.
* Fix SQL-regression caused by go 1.12.7 ([#1534](https://github.com/ory/hydra/issues/1534)) ([9243dc2](https://github.com/ory/hydra/commit/9243dc24908f116ddb814f8ce65efee93ffc9ce2))
* Fix trailing slash bug in issuer url ([#1552](https://github.com/ory/hydra/issues/1552)) ([02ee452](https://github.com/ory/hydra/commit/02ee452d8061d1a4976eb12ad09b58f9b8dca09c)), closes [#1546](https://github.com/ory/hydra/issues/1546)
* Print meaningful error messages on network issues ([#1493](https://github.com/ory/hydra/issues/1493)) ([deb1574](https://github.com/ory/hydra/commit/deb15740f32edb602a2e4592d79ebb9c42433f25)), closes [#1492](https://github.com/ory/hydra/issues/1492)
* Upgrade swagger and resolve PHP SDK issues ([#1535](https://github.com/ory/hydra/issues/1535)) ([d4a7d6b](https://github.com/ory/hydra/commit/d4a7d6b8d8197508b91a29903b4d6493dda306cb)), closes [#1480](https://github.com/ory/hydra/issues/1480) [#1532](https://github.com/ory/hydra/issues/1532) [#1508](https://github.com/ory/hydra/issues/1508)
* Use commit hash instead of version for link to config ([#1488](https://github.com/ory/hydra/issues/1488)) ([f8b4a3c](https://github.com/ory/hydra/commit/f8b4a3c83fc98b9712c6a165aec34db08c877b64)), closes [#1486](https://github.com/ory/hydra/issues/1486)
# [1.0.0](https://github.com/ory/hydra/compare/v1.0.0-rc.16...v1.0.0) (2019-06-24)
jwk: Fix JWK deletion in memory manager (#1474)
Signed-off-by: Shota Sawada <xiootas@gmail.com>
### Documentation
* Incorporates changes from version v1.0.0-rc.16 ([043c663](https://github.com/ory/hydra/commit/043c6635fa3b1661b4a666f26cebf16c2306bfdb))
### Unclassified
* Add missing html closing tag to token user ([#1479](https://github.com/ory/hydra/issues/1479)) ([724ccc4](https://github.com/ory/hydra/commit/724ccc4a4b5468c1e2728bc64f814d7178d8a895))
* Fix JWK deletion in memory manager ([#1474](https://github.com/ory/hydra/issues/1474)) ([036f763](https://github.com/ory/hydra/commit/036f76359b54fc8d984cfcdd065dac98ed8ef5e5))
# [1.0.0-rc.16](https://github.com/ory/hydra/compare/v1.0.0-rc.15...v1.0.0-rc.16) (2019-06-13)
Remove binary license (#1470)
### Documentation
* Add a link to Identity Provider "Werther" to community projects ([#1464](https://github.com/ory/hydra/issues/1464)) ([e6cdfe1](https://github.com/ory/hydra/commit/e6cdfe13546ff4dce06456c023bcd9415772b1b1))
* Fix broken benchmark link in readme ([25bce0c](https://github.com/ory/hydra/commit/25bce0c731168608585c1ec3ea41dfb2b4f83d55)), closes [#1465](https://github.com/ory/hydra/issues/1465)
### Unclassified
* Remove binary license (#1470) ([3cb5b6d](https://github.com/ory/hydra/commit/3cb5b6df2379c7263d180c69fc3b943e026d2760)), closes [#1470](https://github.com/ory/hydra/issues/1470)
* Add option to disable access log for health endpoints ([#1458](https://github.com/ory/hydra/issues/1458)) ([0972750](https://github.com/ory/hydra/commit/097275013ae4d77ed224ca164f77035224b4c5a0)), closes [#1278](https://github.com/ory/hydra/issues/1278):
This commit adds an option to disable access log for health endpoints.
This is especially helpful in environments like Kubernetes, where
special preprocessing filters would be required otherwise.
* Add support for B3 headers via JAEGER_PROPAGATION ([#1456](https://github.com/ory/hydra/issues/1456)) ([400c47f](https://github.com/ory/hydra/commit/400c47fb7d125c7fa483df941cbed0819d95dcee)), closes [#1447](https://github.com/ory/hydra/issues/1447):
This will provide compatibility with istio.
* Bump ory/x to 0.0.64 ([23e0e6a](https://github.com/ory/hydra/commit/23e0e6a883a9c3e8f714b2453e995a0a1846e179))
* Run as non-root user ([#1469](https://github.com/ory/hydra/issues/1469)) ([a6a295c](https://github.com/ory/hydra/commit/a6a295c88b1f4afefceeed845d8c7561410c1ef0))
* Update ory/x to 0.0.63 ([#1467](https://github.com/ory/hydra/issues/1467)) ([a4b3771](https://github.com/ory/hydra/commit/a4b377171bab424e671cda4020b020e595f10040)), closes [#1457](https://github.com/ory/hydra/issues/1457)
* Update SDKs and fix PHP namespace ([0b8c287](https://github.com/ory/hydra/commit/0b8c28789c739a956e518395b97ef85b46088cb2)), closes [#1443](https://github.com/ory/hydra/issues/1443)
* Update to ory/x 0.0.61 ([#1466](https://github.com/ory/hydra/issues/1466)) ([ea66fd6](https://github.com/ory/hydra/commit/ea66fd6386199379eca2096f07f8a0811027f751)), closes [#1460](https://github.com/ory/hydra/issues/1460)
# [1.0.0-rc.15](https://github.com/ory/hydra/compare/v1.0.0-rc.14...v1.0.0-rc.15) (2019-06-05)
cli: Use go templates in token user (#1461)
### Documentation
* Fix link to system secret rotation ([#1459](https://github.com/ory/hydra/issues/1459)) ([bc92052](https://github.com/ory/hydra/commit/bc92052c4b06f8d36694138600a6db6e02e3e884)):
The following link no longer exists
https://www.ory.sh/docs/hydra/advanced#system-secret-rotation
New link is here
https://www.ory.sh/docs/hydra/advanced#rotation-of-hmac-token-signing-and-database-and-cookie-encryption-keys
* Incorporates changes from version v1.0.0-rc.14 ([51c071f](https://github.com/ory/hydra/commit/51c071f639c3dbe4d0e8e9b941056e768c992447))
* Updates issue and pull request templates ([#1450](https://github.com/ory/hydra/issues/1450)) ([1cc412f](https://github.com/ory/hydra/commit/1cc412f650fbd73d236f38211688c334a554c9c9))
* Updates issue and pull request templates ([#1451](https://github.com/ory/hydra/issues/1451)) ([5ac9a92](https://github.com/ory/hydra/commit/5ac9a92b98bde4399b94efb1574f2dcd580a28cb))
* Updates issue and pull request templates ([#1452](https://github.com/ory/hydra/issues/1452)) ([6798948](https://github.com/ory/hydra/commit/67989486a24c0bf8b53c2d0b0089beaa9a48bc58))
### Unclassified
* oauth2: Don't show registration_endpoint if config is undefined (#1449) ([6d46786](https://github.com/ory/hydra/commit/6d46786f2a7675760a4a29d2494be7b6583f04eb)), closes [#1449](https://github.com/ory/hydra/issues/1449) [#1448](https://github.com/ory/hydra/issues/1448)
* Create SECURITY.md ([c820448](https://github.com/ory/hydra/commit/c820448e2178df86bfd1b6af9dbbc0fe0479a7ef))
* **deps:** Bump jackson-version in /sdk/java/hydra-client-resttemplate ([#1453](https://github.com/ory/hydra/issues/1453)) ([4da16e0](https://github.com/ory/hydra/commit/4da16e001bfd9a80d8a02c730f3e677703270431)):
Bumps `jackson-version` from 2.8.9 to 2.9.9.
Updates `jackson-core` from 2.8.9 to 2.9.9
- [Release notes](https://github.com/FasterXML/jackson-core/releases)
- [Commits](https://github.com/FasterXML/jackson-core/compare/jackson-core-2.8.9...jackson-core-2.9.9)
Updates `jackson-annotations` from 2.8.9 to 2.9.9
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)
Updates `jackson-databind` from 2.8.9 to 2.9.9
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)
Updates `jackson-jaxrs-json-provider` from 2.8.9 to 2.9.9
Updates `jackson-datatype-joda` from 2.8.9 to 2.9.9
- [Release notes](https://github.com/FasterXML/jackson-datatype-joda/releases)
- [Commits](https://github.com/FasterXML/jackson-datatype-joda/compare/jackson-datatype-joda-2.8.9...jackson-datatype-joda-2.9.9)
* Support default jaeger environment variables ([#1442](https://github.com/ory/hydra/issues/1442)) ([ba2d49b](https://github.com/ory/hydra/commit/ba2d49bddba826166c849db4601f9b432aa1cc3d))
* Use go templates in token user ([#1461](https://github.com/ory/hydra/issues/1461)) ([e31d2cc](https://github.com/ory/hydra/commit/e31d2cc25e3cd1e4e9f5e65daaec66eb25adf494))
# [1.0.0-rc.14](https://github.com/ory/hydra/compare/v1.0.0-rc.12...v1.0.0-rc.14) (2019-05-18)
ci: Resolve goreleaser issues (#1445)
### Continuous Integration
* Resolve goreleaser issues ([#1445](https://github.com/ory/hydra/issues/1445)) ([84d9cdf](https://github.com/ory/hydra/commit/84d9cdf79c7962f40440b946fd233ec2b858bf81))
### Documentation
* Incorporates changes from version v1.0.0-rc.12 ([d6cfb82](https://github.com/ory/hydra/commit/d6cfb82390ef55e28ae2273e2edf433aec83d74a))
* Updates issue and pull request templates ([#1432](https://github.com/ory/hydra/issues/1432)) ([bf926c4](https://github.com/ory/hydra/commit/bf926c4a067bac2d8e0dd71fa927cb5c7a2fa221))
### Unclassified
* Fix missing and broken swagger annotations ([#1440](https://github.com/ory/hydra/issues/1440)) ([b5cb153](https://github.com/ory/hydra/commit/b5cb1534cc243202e90da10015aa8895fbbd9b66)), closes [#1435](https://github.com/ory/hydra/issues/1435)
* Update module definitions ([#1441](https://github.com/ory/hydra/issues/1441)) ([217e462](https://github.com/ory/hydra/commit/217e462d8b27069760f9a2afae7212d3ec49e845))
# [1.0.0-rc.12](https://github.com/ory/hydra/compare/v0.0.1...v1.0.0-rc.12) (2019-05-10)
all: add CockroachDB support (#1348)
Closes #1326
Signed-off-by: David López <not4rent@gmail.com>
### Unclassified
* sdk/php: Fixed namespace (#1431) ([53b11cf](https://github.com/ory/hydra/commit/53b11cf2fe220454c7203f3e6d600fcc77c6b3f7)), closes [#1431](https://github.com/ory/hydra/issues/1431) [#1429](https://github.com/ory/hydra/issues/1429)
* Add CockroachDB support ([#1348](https://github.com/ory/hydra/issues/1348)) ([f8f2363](https://github.com/ory/hydra/commit/f8f23630d80f8980786ef85a49597f9b6b3eec7b)), closes [#1326](https://github.com/ory/hydra/issues/1326)
* Allow to set the client's post-logout URIs ([#1427](https://github.com/ory/hydra/issues/1427)) ([82963ad](https://github.com/ory/hydra/commit/82963adb2f822520f05ea6824e44e557545bb4af))
* Corrected oidc discovery claims and scope values ([#1428](https://github.com/ory/hydra/issues/1428)) ([b405190](https://github.com/ory/hydra/commit/b40519074fc13155acc6ffa1c8bfc9a906c417ae)):
Signed-off-by: André Filipe Easypay <andre@easypay.pt>
* Remove go sdk submodule ([#1430](https://github.com/ory/hydra/issues/1430)) ([faaf7a4](https://github.com/ory/hydra/commit/faaf7a4f81ed0350592ce14879c7cf1b43308ecd))
# [0.0.1](https://github.com/ory/hydra/compare/v1.0.0-rc.11...v0.0.1) (2019-05-08)
sdk/go: Add go.mod definition in sdk directory (#1425)
Closes #1422
Signed-off-by: aeneasr <aeneas@ory.sh>
### Documentation
* Incorporates changes from version v1.0.0-rc.11 ([67c246c](https://github.com/ory/hydra/commit/67c246c177446daab64be00ba82b3aea1a546570))
* Update cors values in config.yml ([84573d9](https://github.com/ory/hydra/commit/84573d9a578a2c447e45c1bd60810556a4de941b))
### Unclassified
* sdk/go: Add go.mod definition in sdk directory (#1425) ([5eeb162](https://github.com/ory/hydra/commit/5eeb162ccef637f04d960ba1c6579af3c730c13a)), closes [#1425](https://github.com/ory/hydra/issues/1425) [#1422](https://github.com/ory/hydra/issues/1422)
* Add "Content-Type" to default allowed cors headers ([45bd863](https://github.com/ory/hydra/commit/45bd8634bcd18a2fdac0ce6c0662bab0e64a3dcd)), closes [#1421](https://github.com/ory/hydra/issues/1421)
* Correct debug var ([fa10d9d](https://github.com/ory/hydra/commit/fa10d9d36341785f1f2c889a9c841b0b8dd0ef96))
* Fix broken cors option test ([#1423](https://github.com/ory/hydra/issues/1423)) ([b96724b](https://github.com/ory/hydra/commit/b96724bb9ec3c9207c8c5c0536cb0cc0f6dc273b))
# [1.0.0-rc.11](https://github.com/ory/hydra/compare/v1.0.0-rc.10...v1.0.0-rc.11) (2019-05-02)
consent: Resolve nil pointer panic in logout flow (#1418)
Closes #1403
Signed-off-by: aeneasr <aeneas@ory.sh>
### Documentation
* Add OIDC FC/BC changes to upgrade guide ([#1401](https://github.com/ory/hydra/issues/1401)) ([187c30e](https://github.com/ory/hydra/commit/187c30e5bdf248d51b1cad71da237d57e4372e9b))
* Incorporates changes from version v1.0.0-rc.10 ([a81ea40](https://github.com/ory/hydra/commit/a81ea4039b48cf8a1af36f3ea3a6c7c2cd87c49a))
* Ttl is a top-level config value ([#1407](https://github.com/ory/hydra/issues/1407)) ([9f913c6](https://github.com/ory/hydra/commit/9f913c69df047e0193e24092067807e0b19e2a19)):
Don't nest it under oauth2 section
### Unclassified
* Add tests for consecutive login/consent requests with skip ([32e23bc](https://github.com/ory/hydra/commit/32e23bcb8bb4f574d5d1b26459acd1290b970a7b)):
This adds tests for making sure that future releases don't regress
on the session logic.
* Do not confirmLoginSession when skip is true ([#1414](https://github.com/ory/hydra/issues/1414)) ([1f52832](https://github.com/ory/hydra/commit/1f528321bb3ac38e8018bd33e953dc061ce9df6c)), closes [#1409](https://github.com/ory/hydra/issues/1409):
Resolves a regression issue introduced by OpenID Connect Front/Back-Channel Logout.
* Fix fallback routes and templates ([#1402](https://github.com/ory/hydra/issues/1402)) ([64f3138](https://github.com/ory/hydra/commit/64f31388d4427c359162c2dc7c44fdcac906fcc0))
* Remove duplicates JWKS IDs from wellknown config ([b5c2565](https://github.com/ory/hydra/commit/b5c25651221788370f78ebc18437aff3052118cc)), closes [#1413](https://github.com/ory/hydra/issues/1413)
* Resolve nil pointer panic in logout flow ([#1418](https://github.com/ory/hydra/issues/1418)) ([33acfa8](https://github.com/ory/hydra/commit/33acfa8d18cb8b3f7896de813d4e8f61f19dde0c)), closes [#1403](https://github.com/ory/hydra/issues/1403)
* Update migrate sql flag -e help message ([#1412](https://github.com/ory/hydra/issues/1412)) ([025acfb](https://github.com/ory/hydra/commit/025acfb23dd9debcdbc6aaaa9f5571481b061dff)):
Updates `hydra migrate sql -e` command message to indicate that environment flag will pull from config file.
* Use sane default settings for CORS options ([#1417](https://github.com/ory/hydra/issues/1417)) ([ed6e815](https://github.com/ory/hydra/commit/ed6e8153f1f9318851692c9f31dc60070ed32680)), closes [#1400](https://github.com/ory/hydra/issues/1400)
# [1.0.0-rc.10](https://github.com/ory/hydra/compare/v1.0.0-rc.9+oryOS.10...v1.0.0-rc.10) (2019-04-29)
docker: Remove full tag from build pipeline
Signed-off-by: aeneasr <aeneas@ory.sh>
### Documentation
* Incorporates changes from version v1.0.0-rc.9+oryOS.10 ([70d5aaf](https://github.com/ory/hydra/commit/70d5aaf7cb512f226ed1847f15dbb53515c82318))
* Update upgrade guide ([7a77fa0](https://github.com/ory/hydra/commit/7a77fa0e14f5310ff6ac203151afa901190b8060))
* Update upgrade guide for rc.10 ([9851f9b](https://github.com/ory/hydra/commit/9851f9be591ca3ff63ced7326a4259810b9287aa))
### Unclassified
* Use --yes flag for migrations everywhere ([c7e7aa0](https://github.com/ory/hydra/commit/c7e7aa0a035742c58e7bc3c3663f3dd6f42ef08d))
* Improve e2e test performance (#1392) ([a4a75d4](https://github.com/ory/hydra/commit/a4a75d4368429ed60b71e010f85ec86ab0acb5b0)), closes [#1392](https://github.com/ory/hydra/issues/1392) [#1389](https://github.com/ory/hydra/issues/1389)
* Implement OpenID Connect Front-/Backchannel logout (#1376) ([bbeee65](https://github.com/ory/hydra/commit/bbeee653de32aa8d6eb172b836257b7bfa4c5df3)), closes [#1376](https://github.com/ory/hydra/issues/1376) [#1368](https://github.com/ory/hydra/issues/1368) [#1004](https://github.com/ory/hydra/issues/1004) [#834](https://github.com/ory/hydra/issues/834)
* Fix contributors url (#1385) ([5a29608](https://github.com/ory/hydra/commit/5a29608bb3afa1d4e7b64a033bcfae8430315310)), closes [#1385](https://github.com/ory/hydra/issues/1385)
* Update quickstart.yml ([f5013e4](https://github.com/ory/hydra/commit/f5013e4d633c65097bda3c92a45a2d97a31ab30f))
* Add migration planning ([a4a2717](https://github.com/ory/hydra/commit/a4a27179d9fcd592e3da81043b0ece58f1f55e7e)), closes [#1139](https://github.com/ory/hydra/issues/1139)
* Advertise all path in sqa ([2c09d20](https://github.com/ory/hydra/commit/2c09d208e37a9b7f75ab64362df2d203bbfd0421))
* Allow prompt=none for public clients ([#1391](https://github.com/ory/hydra/issues/1391)) ([6cfd03e](https://github.com/ory/hydra/commit/6cfd03e0cfc51d836d1e0b8e9c9dee0d856ae0cf)), closes [#1366](https://github.com/ory/hydra/issues/1366) [#1364](https://github.com/ory/hydra/issues/1364)
* Fix help text on migrate cmd ([#1372](https://github.com/ory/hydra/issues/1372)) ([14f494c](https://github.com/ory/hydra/commit/14f494ce9039d8b77347dc26705e259340bacb63))
* Format javascript test code ([9e829a9](https://github.com/ory/hydra/commit/9e829a90aabb8a37da0e60538d9ab7cc312beb90))
* Ignore sdk directory when generating OA spec ([#1394](https://github.com/ory/hydra/issues/1394)) ([ab87306](https://github.com/ory/hydra/commit/ab87306fb160cf383806d5714ce502819a19a606)), closes [#1384](https://github.com/ory/hydra/issues/1384):
Previously, the SDK directory was included when generating the Swagger specification.
This caused issues due to duplicate models. This patch resolves that issue.
* Make clear that refresh tokens are introspectable ([#1390](https://github.com/ory/hydra/issues/1390)) ([98390be](https://github.com/ory/hydra/commit/98390be25becb49aac640ef7fbbb15e6e28ff6df)), closes [#1250](https://github.com/ory/hydra/issues/1250)
* Move to query parameters ([#1375](https://github.com/ory/hydra/issues/1375)) ([067e498](https://github.com/ory/hydra/commit/067e4983792e5527a9f024bda5255913fb2e4713)):
Previously, user and client were sent as path parameters on consent and
login lifecycle endpoints. This patch uses query parameters instead.
This allows developers to use users with slashes and dots without
causing issues with the URI path.
* Remove full tag from build pipeline ([3e534c1](https://github.com/ory/hydra/commit/3e534c10343991f02efa409bf0d76499b42a363c))
* Resolve memory leak in gorilla/sessions ([#1374](https://github.com/ory/hydra/issues/1374)) ([e745aee](https://github.com/ory/hydra/commit/e745aeeb08cfbbd46b617f16aa1c0bb3a1afed7f)), closes [#1363](https://github.com/ory/hydra/issues/1363)
* Update jaeger tracing docker compose file ([17eaee6](https://github.com/ory/hydra/commit/17eaee6028ea755a56156d193d6d703d2b78ca2f))
* Use proper key name when JWT is enabled ([#1373](https://github.com/ory/hydra/issues/1373)) ([d27224e](https://github.com/ory/hydra/commit/d27224ec68ac6061d6574695bd554c23ea943141)), closes [#1371](https://github.com/ory/hydra/issues/1371) [#1369](https://github.com/ory/hydra/issues/1369)
# [1.0.0-rc.9+oryOS.10](https://github.com/ory/hydra/compare/v1.0.0-rc.8+oryOS.10...v1.0.0-rc.9+oryOS.10) (2019-04-18)
ven dor: Fix pagination headers (#1362)
Closes #1361
Signed-off-by: Kevin Minehart <kmineh0151@gmail.com>
### Documentation
* Fix environment variable DATABASE_URL to DSN ([#1343](https://github.com/ory/hydra/issues/1343)) ([f964c69](https://github.com/ory/hydra/commit/f964c69f07a14d8ff71367e97071cb0207f62734))
* Incorporates changes from version v1.0.0-rc.8+oryOS.10 ([367e94c](https://github.com/ory/hydra/commit/367e94c2eb8275c0cfb4956eee73b3618e80029a))
### Unclassified
* ven dor: Fix pagination headers (#1362) ([9c6e4c1](https://github.com/ory/hydra/commit/9c6e4c120c12b37b349bb7dd2695cd52ed2fc0ea)), closes [#1362](https://github.com/ory/hydra/issues/1362) [#1361](https://github.com/ory/hydra/issues/1361)
* Add package-lock.json (#1352) ([a9658ba](https://github.com/ory/hydra/commit/a9658ba93435df34feee5023ed9b2f3009fee7c1)), closes [#1352](https://github.com/ory/hydra/issues/1352)
* Add ability to share data from login to consent request ([#1353](https://github.com/ory/hydra/issues/1353)) ([20aaa46](https://github.com/ory/hydra/commit/20aaa46eaeeddf6a1c05cf2eb3df14bcd6638ff1)), closes [#1003](https://github.com/ory/hydra/issues/1003)
* Add pagination headers to list results ([#1358](https://github.com/ory/hydra/issues/1358)) ([f1ee77c](https://github.com/ory/hydra/commit/f1ee77c0ba74ac1f6d29ea62bcd038c4550b4305)), closes [#1047](https://github.com/ory/hydra/issues/1047)
* Add resilience to CLI REST commands ([#1359](https://github.com/ory/hydra/issues/1359)) ([d84ff4c](https://github.com/ory/hydra/commit/d84ff4c5b9825ebf657fbecea6236793140e72fe)), closes [#846](https://github.com/ory/hydra/issues/846)
* Allow whitelisting insecure redirect URLs ([#1354](https://github.com/ory/hydra/issues/1354)) ([cb2ad55](https://github.com/ory/hydra/commit/cb2ad555ce12f44af90f61ef73e7e2904af70a2c)), closes [#1021](https://github.com/ory/hydra/issues/1021):
This patch enables developers to whitelist insecure redirect URLs while using flag `--dangerous-force-http`.
* Expose revocation endpoint at OIDC Discover ([#1356](https://github.com/ory/hydra/issues/1356)) ([27f3a05](https://github.com/ory/hydra/commit/27f3a05a3ebc042a71daaaacbdc427f75a07d1c0)), closes [#12678](https://github.com/ory/hydra/issues/12678)
* Expose revocation endpoint at OIDC Discovery ([#1355](https://github.com/ory/hydra/issues/1355)) ([957a2d6](https://github.com/ory/hydra/commit/957a2d670a4be8c6e1a30b2df222fc566e13b8a1)), closes [#12678](https://github.com/ory/hydra/issues/12678)
* Initialize everything on start up ([#1350](https://github.com/ory/hydra/issues/1350)) ([6a16b1e](https://github.com/ory/hydra/commit/6a16b1ee0575be4fa59e85a132c9e390f20a6889)), closes [#1349](https://github.com/ory/hydra/issues/1349)
* Introduce install-stable and install tasks ([#1346](https://github.com/ory/hydra/issues/1346)) ([fe720cb](https://github.com/ory/hydra/commit/fe720cb0185393d08a77b94081aa2625c83d5475))
* Move to go-swagger code generator ([#1347](https://github.com/ory/hydra/issues/1347)) ([6829a58](https://github.com/ory/hydra/commit/6829a58622889dbce606083e4b0199aab0a7d296))
* Reenable -c cli flag ([#1345](https://github.com/ory/hydra/issues/1345)) ([a0d614f](https://github.com/ory/hydra/commit/a0d614fcac52b9f1ad8dca052e6b41bc905d8eba)), closes [#1344](https://github.com/ory/hydra/issues/1344)
* Use query parameters for challenges ([#1351](https://github.com/ory/hydra/issues/1351)) ([d88fb12](https://github.com/ory/hydra/commit/d88fb128f26793e2f313c63ede0906782280d9b9)), closes [#1307](https://github.com/ory/hydra/issues/1307)
# [1.0.0-rc.8+oryOS.10](https://github.com/ory/hydra/compare/v1.0.0-rc.7+oryOS.10...v1.0.0-rc.8+oryOS.10) (2019-04-03)
ci: Fix broken version info in build (#1342)
Signed-off-by: aeneasr <aeneas@ory.sh>
### Continuous Integration
* Fix broken version info in build ([#1342](https://github.com/ory/hydra/issues/1342)) ([f3264be](https://github.com/ory/hydra/commit/f3264bef920d49fd1683ee14ef89ca3030cbd3f1))
### Documentation
* Incorporates changes from version v1.0.0-rc.7+oryOS.10 ([16ec81b](https://github.com/ory/hydra/commit/16ec81b65828c34b6052bd449a4c4a7807c3fd19))
# [1.0.0-rc.7+oryOS.10](https://github.com/ory/hydra/compare/v1.0.0-rc.6+oryOS.10...v1.0.0-rc.7+oryOS.10) (2019-04-02)
ci: Use yaml in configuration docs runner
### Continuous Integration
* Use yaml in configuration docs runner ([e79f025](https://github.com/ory/hydra/commit/e79f025e71b896bdf7fa0bff9f29fe86a125214e))
### Documentation
* Incorporates changes from version v0.0.0-testrelease.6+oryOS.0 ([55ddff2](https://github.com/ory/hydra/commit/55ddff2949f13ec5fd73288e78a0224e456c2a1f))
* Incorporates changes from version v1.0.0-rc.6+oryOS.10 ([8a5a92d](https://github.com/ory/hydra/commit/8a5a92d9866ac6f17b870162dd5bf483f866486c))
* Update docs how to serve with in memory database ([52d62a4](https://github.com/ory/hydra/commit/52d62a4845db82c2fea7817ec0e34741c8382dc9))
* Update installation guide ([001a22f](https://github.com/ory/hydra/commit/001a22f33d62adbf8735e166cc24528eea0cfef7))
* Update patrons ([685c6da](https://github.com/ory/hydra/commit/685c6dae6939baae26f79349ae432c9ad0efdc10))
### Unclassified
* Update CHANGELOG.md ([bddf773](https://github.com/ory/hydra/commit/bddf7739ec312d73c68a1c9238ecb1b496e28055))
* Improve release pipeline and update changelog (#1341) ([513afe0](https://github.com/ory/hydra/commit/513afe0d34ac09cedc0af6b072ff0931bf37c4a5)), closes [#1341](https://github.com/ory/hydra/issues/1341)
* Resolve sql testing race issues (#1332) ([22c0487](https://github.com/ory/hydra/commit/22c0487c7bc2400d3ae46f89587a774d07a35ded)), closes [#1332](https://github.com/ory/hydra/issues/1332)
* Add shell installer to repo for curl | bash (#1330) ([13f297f](https://github.com/ory/hydra/commit/13f297f340e06af01f6f56967cecf6c7b8cce1a3)), closes [#1330](https://github.com/ory/hydra/issues/1330)
* Improve configuration and service management (#1314) ([95a51de](https://github.com/ory/hydra/commit/95a51deb3100034db5c6d98bbd7838a3b43249ce)), closes [#1314](https://github.com/ory/hydra/issues/1314) [#1316](https://github.com/ory/hydra/issues/1316) [#1327](https://github.com/ory/hydra/issues/1327) [#1244](https://github.com/ory/hydra/issues/1244) [#1289](https://github.com/ory/hydra/issues/1289) [#1309](https://github.com/ory/hydra/issues/1309) [#1107](https://github.com/ory/hydra/issues/1107) [#1196](https://github.com/ory/hydra/issues/1196) [#1121](https://github.com/ory/hydra/issues/1121):
This patch significantly refactors internal configuration and service management with the goal of making configuration changes possible without service restarts. This patch prepares the possibility to configure ORY Hydra from a remote source (etcd, consul) and watch for changes. This patch also introduces the possibility to configure ORY Hydra from a configuration file on top of environment variables.
The following issues have been fixed as well:
* Add --allowed-cors-origins to `client create` ([#1290](https://github.com/ory/hydra/issues/1290)) ([c174f96](https://github.com/ory/hydra/commit/c174f96e6e8ab31aa362c7a5d32e5637984aab5b)):
This allows the creation of clients permitted to make CORS requests from
specific domains.
* Add check for empty subject in AcceptLoginRequest ([#1308](https://github.com/ory/hydra/issues/1308)) ([1d963c2](https://github.com/ory/hydra/commit/1d963c29dd367fec201d37113bea797fba247a9e)), closes [#1254](https://github.com/ory/hydra/issues/1254)
* Add client secret encryption option ([#1322](https://github.com/ory/hydra/issues/1322)) ([468076e](https://github.com/ory/hydra/commit/468076e66e3c2ea0a5a287576998106984e092e2)), closes [#1317](https://github.com/ory/hydra/issues/1317)
* Add clients list command ([#1311](https://github.com/ory/hydra/issues/1311)) ([21a14a1](https://github.com/ory/hydra/commit/21a14a156859656ca20ab534872e13f54ed3b474)), closes [#1310](https://github.com/ory/hydra/issues/1310)
* Better defaults for consent denied errors ([#1297](https://github.com/ory/hydra/issues/1297)) ([0fc875a](https://github.com/ory/hydra/commit/0fc875ab525a62a07500df92058d21a584eaaaf9)), closes [#1285](https://github.com/ory/hydra/issues/1285)
* Bump alpine version ([#1291](https://github.com/ory/hydra/issues/1291)) ([e0d3b0d](https://github.com/ory/hydra/commit/e0d3b0d5916563351e840618400afcefbe3ce8e8)):
https://www.alpinelinux.org/posts/Alpine-3.9.0-released.html
* Bump base docker image versions ([d021022](https://github.com/ory/hydra/commit/d021022b0fac204621f98f16a7aa7db31e53ba06))
* Bump golang to 1.12.0 ([#1293](https://github.com/ory/hydra/issues/1293)) ([f6db6d3](https://github.com/ory/hydra/commit/f6db6d38eb45918b52562fa2a0018be4baa5c8c1)):
https://golang.org/doc/go1.12
* Bump Golang to 1.12.1 ([#1315](https://github.com/ory/hydra/issues/1315)) ([a073966](https://github.com/ory/hydra/commit/a0739661340f67ff541a4987e1c8bd224d8b9851)), closes [/golang.org/doc/devel/release.html#go1](https://github.com//golang.org/doc/devel/release.html/issues/go1)
* Bump ory/x to 0.0.35 ([#1267](https://github.com/ory/hydra/issues/1267)) ([b503e15](https://github.com/ory/hydra/commit/b503e151f25021958099e31ba2162d879d3cc7d3)), closes [#1266](https://github.com/ory/hydra/issues/1266)
* Bump testify and crypto ([#1262](https://github.com/ory/hydra/issues/1262)) ([5eadbe5](https://github.com/ory/hydra/commit/5eadbe5d0409cfc0805cd15d50f57a57cc5e2248))
* Disable modules temporarily when fetching a tool ([#1302](https://github.com/ory/hydra/issues/1302)) ([bd5b90b](https://github.com/ory/hydra/commit/bd5b90b1a71fb431cc917640acca230bcf09cbfd))
* Disable RejectInsecureRequest middleware on unix sockets ([#1259](https://github.com/ory/hydra/issues/1259)) ([af125b3](https://github.com/ory/hydra/commit/af125b3444f5ef535b122e478fd101c6dc6127a9)):
We should not reject insecure requests coming in via unix socket as
there is no TLS support anyways.
* Disable remember and skip logic ([#1325](https://github.com/ory/hydra/issues/1325)) ([5b8549a](https://github.com/ory/hydra/commit/5b8549a46447576206122acf653f0e59b11f83b7)), closes [#1165](https://github.com/ory/hydra/issues/1165)
* Enable to validate by old system secret ([#1249](https://github.com/ory/hydra/issues/1249)) ([e2b88d2](https://github.com/ory/hydra/commit/e2b88d211a27d7b0aeff4b10f7140990133337bd)):
* enable to validate by old system secret when setting `ROTATED_SYSTEM_SECRET`
* don't hash when rotated system secret is empty
* add test for rotated system secret getter
* Ffix error message of too short new system secret ([#1248](https://github.com/ory/hydra/issues/1248)) ([e2d6c44](https://github.com/ory/hydra/commit/e2d6c44635b51297667d5a84e915abe905c935b1))
* Fix available time duration unit at token flush CLI description ([#1251](https://github.com/ory/hydra/issues/1251)) ([149573a](https://github.com/ory/hydra/commit/149573aba34913bed7b4b60c81282b3be8becf85)):
"1d" is unavailable unit, see: https://godoc.org/time#ParseDuration
* Fix description of clients create --subject-type option ([#1305](https://github.com/ory/hydra/issues/1305)) ([fa40b43](https://github.com/ory/hydra/commit/fa40b43571a29da398103b13c3b175c6f81ef9c6))
* Fix disable-telemetry check ([#1258](https://github.com/ory/hydra/issues/1258)) ([d7be0c7](https://github.com/ory/hydra/commit/d7be0c7328bfda9e24c5aeb02389aca814e40de1))
* Fix docker-compose wrong restart values ([#1313](https://github.com/ory/hydra/issues/1313)) ([4d004bf](https://github.com/ory/hydra/commit/4d004bf67e2ec5c8fe533adea4f3bbe797060879)), closes [#1312](https://github.com/ory/hydra/issues/1312)
* Fix no-open inverted flag check ([#1306](https://github.com/ory/hydra/issues/1306)) ([1aad679](https://github.com/ory/hydra/commit/1aad67920c63669ae9e8e23c4d505477a72f19e7))
* Fix swagger documentation for oauth2/token ([#1284](https://github.com/ory/hydra/issues/1284)) ([3db25f6](https://github.com/ory/hydra/commit/3db25f6a69bfe09d929556a447a27b12348159e6)), closes [#1274](https://github.com/ory/hydra/issues/1274)
* Login revokation is exposed at public not admin ([#1333](https://github.com/ory/hydra/issues/1333)) ([7c4b6d4](https://github.com/ory/hydra/commit/7c4b6d4a61191fcfe947acca8b4dbf942fec3b15)), closes [#1329](https://github.com/ory/hydra/issues/1329)
* Move opencollective to package.oc.json ([#1324](https://github.com/ory/hydra/issues/1324)) ([9c19d85](https://github.com/ory/hydra/commit/9c19d85a1902f2610b6ec1b153ce9e63e771022e))
* Prevent errors when calling HandleConsentRequest a second time ([#1318](https://github.com/ory/hydra/issues/1318)) ([ac2f23e](https://github.com/ory/hydra/commit/ac2f23ee6de4858efe763a6c8f3835fe8c2d3426)), closes [#1256](https://github.com/ory/hydra/issues/1256)
* Refactor docker-compose for cleanness and readability ([03a28c3](https://github.com/ory/hydra/commit/03a28c3e27138fc18675810b81b2b499d147da84)):
Reorganize/split docker-compose config between multiple files for cleanness and readability
* Return proper refresh token expiration time ([#1300](https://github.com/ory/hydra/issues/1300)) ([a18c44e](https://github.com/ory/hydra/commit/a18c44ef3b77f0beec7590ba6f9b1e32387c5b3e)), closes [#1296](https://github.com/ory/hydra/issues/1296)
* Support multi proxies between TLS termination proxy and hydra ([#1283](https://github.com/ory/hydra/issues/1283)) ([769491d](https://github.com/ory/hydra/commit/769491deecde28c75de16069218d15627f034e8e)), closes [#1282](https://github.com/ory/hydra/issues/1282)
* Support transactions in SQL store ([#1277](https://github.com/ory/hydra/issues/1277)) ([65415ff](https://github.com/ory/hydra/commit/65415ff731658b822ccd9628d4d497fb6f7634db)), closes [#1247](https://github.com/ory/hydra/issues/1247) [#1247](https://github.com/ory/hydra/issues/1247) [#1247](https://github.com/ory/hydra/issues/1247) [#1247](https://github.com/ory/hydra/issues/1247) [#1247](https://github.com/ory/hydra/issues/1247) [#1247](https://github.com/ory/hydra/issues/1247)
* Update docker-compose to v3 ([d5993cb](https://github.com/ory/hydra/commit/d5993cbe29ef674ca621d847d8b75ef1452e2679)), closes [#1321](https://github.com/ory/hydra/issues/1321)
# [1.0.0-rc.6+oryOS.10](https://github.com/ory/hydra/compare/v1.0.0-rc.5+oryOS.10...v1.0.0-rc.6+oryOS.10) (2018-12-18)
docker: Bump base docker image versions (#1243)
Closes #1238
Signed-off-by: aeneasr <aeneas@ory.sh>
### Documentation
* Fix install guide typo GO111MOUDULE ([#1242](https://github.com/ory/hydra/issues/1242)) ([4de3d11](https://github.com/ory/hydra/commit/4de3d11de4b3c2df791c689d9e495490ff370013)), closes [#1235](https://github.com/ory/hydra/issues/1235)
* Incorporates changes from version v1.0.0-rc.5+oryOS.10 ([08c7088](https://github.com/ory/hydra/commit/08c7088eaaaf0cd49f37289d9e651eef65cba481))
### Unclassified
* Bump base docker image versions ([#1243](https://github.com/ory/hydra/issues/1243)) ([bdb6634](https://github.com/ory/hydra/commit/bdb6634e3d870918b0914f4210d95ae1872e2f51)), closes [#1238](https://github.com/ory/hydra/issues/1238)
* Properly declare SQL NullStrings ([#1241](https://github.com/ory/hydra/issues/1241)) ([31bf23e](https://github.com/ory/hydra/commit/31bf23e300511ed8e44670863560f730b1bf92c5)), closes [#1240](https://github.com/ory/hydra/issues/1240)
# [1.0.0-rc.5+oryOS.10](https://github.com/ory/hydra/compare/v1.0.0-rc.4+oryOS.9...v1.0.0-rc.5+oryOS.10) (2018-12-13)
docs: Update consent node docker image
### Documentation
* Fix typo in README ([#1233](https://github.com/ory/hydra/issues/1233)) ([30a7c8e](https://github.com/ory/hydra/commit/30a7c8eebc6a97a72bb43349a27c13db7a9a9258))
* Incorporates changes from version v1.0.0-rc.4+oryOS.9 ([48ae9ef](https://github.com/ory/hydra/commit/48ae9ef26eb5b825ec151cb9d2d9722a06a39927))
* Update consent node docker image ([3358c0b](https://github.com/ory/hydra/commit/3358c0b24e6dd98754561cd165c147e04cdb333b))
* Update consent node docker image ([688706e](https://github.com/ory/hydra/commit/688706eb240f4b58b58d855a279f0c43dfa8801f))
* Update upgrade guide ([2470942](https://github.com/ory/hydra/commit/2470942340b905edf7790672030cb9f7541d77e6))
### Unclassified
* Fix help output of `hydra serve ...` ([#1229](https://github.com/ory/hydra/issues/1229)) ([a78050d](https://github.com/ory/hydra/commit/a78050d9efb289392d3d7e2e452e2f588964ebc6)):
The help message is missing separation of public and admin port.
* Improve introspection debugability ([#1232](https://github.com/ory/hydra/issues/1232)) ([61d068f](https://github.com/ory/hydra/commit/61d068f2ed94655a6ea742660f66c94e9d2d21af))
* Support binding frontend/backend to unix sockets ([#1230](https://github.com/ory/hydra/issues/1230)) ([aa6ab26](https://github.com/ory/hydra/commit/aa6ab26908ea5fc856c67c2650c2124d3331e184)):
This allows the use of strings like "unix:/path/to/socket" as PUBLIC_HOST and/or PRIVATE_HOST.
# [1.0.0-rc.4+oryOS.9](https://github.com/ory/hydra/compare/v1.0.0-rc.3+oryOS.9...v1.0.0-rc.4+oryOS.9) (2018-12-12)
oauth2: Export tests and test helpers (#1212)
Signed-off-by: Prateek Malhotra <someone1@gmail.com>
### Documentation
* Adapt new docs id structure ([#1208](https://github.com/ory/hydra/issues/1208)) ([1397b59](https://github.com/ory/hydra/commit/1397b59542a3d1c2c0e6856bd73db7ebb99703cc))
* Fix broken links ([#1216](https://github.com/ory/hydra/issues/1216)) ([e4bc6c2](https://github.com/ory/hydra/commit/e4bc6c269c6f833248bfe2ef01950f6363f3828c))
* Incorporates changes from version v1.0.0-rc.3+oryOS.9 ([14ecdf7](https://github.com/ory/hydra/commit/14ecdf7afe26bbbfab8d232d7c9716c76cf033a2))
### Unclassified
* Add created/updated at fields ([#1207](https://github.com/ory/hydra/issues/1207)) ([24a40a0](https://github.com/ory/hydra/commit/24a40a096a6f77774e51efd734781a995897737c)), closes [#1120](https://github.com/ory/hydra/issues/1120)
* Bump ory/x to v0.0.33 ([#1214](https://github.com/ory/hydra/issues/1214)) ([16a7835](https://github.com/ory/hydra/commit/16a783548abd32c6cf396a8c77fa2e785ad1ef83))
* Export tests and test helpers ([#1212](https://github.com/ory/hydra/issues/1212)) ([920bd5a](https://github.com/ory/hydra/commit/920bd5a93b6464a32e235e410fa98c4bc97751f4))
* Properly document secret rotation ([#1195](https://github.com/ory/hydra/issues/1195)) ([18ae84e](https://github.com/ory/hydra/commit/18ae84e9f7994e95783f1a954e09f307a321bd25))
* Remove dep from build chain ([#1217](https://github.com/ory/hydra/issues/1217)) ([be81806](https://github.com/ory/hydra/commit/be81806f9fff4126d68a350729d5eaa3407c4fed))
* Remove superuser requirements from postgres migrations ([#1226](https://github.com/ory/hydra/issues/1226)) ([a455fdf](https://github.com/ory/hydra/commit/a455fdf1ad3215b11c749894b19c191ac7a99b1a)), closes [#1209](https://github.com/ory/hydra/issues/1209)
* Show all granted consent requests ([#1206](https://github.com/ory/hydra/issues/1206)) ([f54448c](https://github.com/ory/hydra/commit/f54448cd6d567fcab506bcc25d37b7d3952202ff)), closes [#1203](https://github.com/ory/hydra/issues/1203):
Instead of just showing consent requests which have remember set to true, show all past consent request.
# [1.0.0-rc.3+oryOS.9](https://github.com/ory/hydra/compare/v1.0.0-rc.2+oryOS.9...v1.0.0-rc.3+oryOS.9) (2018-12-06)
Update docker-compose-twoc.yml
### Documentation
* Fixed tutorial link in README.md ([#1193](https://github.com/ory/hydra/issues/1193)) ([563276b](https://github.com/ory/hydra/commit/563276b64933df528bfef4c76facb876ef535f7f))
* Incorporates changes from version v1.0.0-rc.2+oryOS.9 ([8ca315c](https://github.com/ory/hydra/commit/8ca315c90b42c4dcb4a28e7451821564e0702313))
* Migrate links from old docs to new docs ([#1197](https://github.com/ory/hydra/issues/1197)) ([55654c0](https://github.com/ory/hydra/commit/55654c084cc24a49d333e62773295cbf8bf5b31d))
* Remove duplicated refresh token section ([#1188](https://github.com/ory/hydra/issues/1188)) ([a481aa4](https://github.com/ory/hydra/commit/a481aa461259acd9545821968c149d64d4890afe))
### Unclassified
* Update docker-compose-twoc.yml ([00f1cb6](https://github.com/ory/hydra/commit/00f1cb6404c1e9abbe0270b04e6721b402137f25))
* Update docker-compose.yml ([f05077a](https://github.com/ory/hydra/commit/f05077a84f0046399f90e4675903e74a39a1dd5c))
* Add instructions for updating the `hydra-migrate` service to use mysql instead of postgres ([#1192](https://github.com/ory/hydra/issues/1192)) ([561ecb3](https://github.com/ory/hydra/commit/561ecb3e0c146deab563eaa23110b78fdf20f9ed))
* Correct composer autoloader namespace ([#1200](https://github.com/ory/hydra/issues/1200)) ([7f50b94](https://github.com/ory/hydra/commit/7f50b944ea7a0bc02f37a08c860670bd33453986)), closes [#1199](https://github.com/ory/hydra/issues/1199)
* Rename grant type authorize_code to authorization_code ([#1191](https://github.com/ory/hydra/issues/1191)) ([4b97a0f](https://github.com/ory/hydra/commit/4b97a0ffe7a4578246e3818f64b7b760e8f54a23))
* Streamline method signatures ([#1190](https://github.com/ory/hydra/issues/1190)) ([c3cc80c](https://github.com/ory/hydra/commit/c3cc80cd575739dbbd83aedfa00e72c36813241c))
* Use html templates in fallback endpoints ([#1202](https://github.com/ory/hydra/issues/1202)) ([9b5bbd4](https://github.com/ory/hydra/commit/9b5bbd48a72096930af08402c5e07fce7dd770f3))
# [1.0.0-rc.2+oryOS.9](https://github.com/ory/hydra/compare/v1.0.0-rc.1+oryOS.9...v1.0.0-rc.2+oryOS.9) (2018-11-21)
sql: Resolve beta.9 -> rc.1 migration issue (#1186)
Closes #1185
Signed-off-by: aeneasr <aeneas@ory.sh>
### Documentation
* Incorporates changes from version v1.0.0-rc.1+oryOS.9 ([8352d84](https://github.com/ory/hydra/commit/8352d84f49e0938ac119a3cebc8cdea06db3a762))
### Unclassified
* Resolve beta.9 -> rc.1 migration issue ([#1186](https://github.com/ory/hydra/issues/1186)) ([1295663](https://github.com/ory/hydra/commit/1295663ada908dd431d7ffc9927feb6e2606b724)), closes [#1185](https://github.com/ory/hydra/issues/1185)
# [1.0.0-rc.1+oryOS.9](https://github.com/ory/hydra/compare/v1.0.0-beta.9...v1.0.0-rc.1+oryOS.9) (2018-11-21)
e2e: Add e2e tests checking consistency (#1184)
Signed-off-by: aeneasr <aeneas@ory.sh>
### Build System
* Improve build pipeline ([#1114](https://github.com/ory/hydra/issues/1114)) ([fdea011](https://github.com/ory/hydra/commit/fdea0115e5368c13f0d22ddc75be1784e7f939b3))
### Documentation
* Add schema changes to upgrade guide ([#1082](https://github.com/ory/hydra/issues/1082)) ([c5502c8](https://github.com/ory/hydra/commit/c5502c8c13730dc248955b9d8507ab5ac017996d)), closes [#1069](https://github.com/ory/hydra/issues/1069)
* Auto-generate appendix ([#1174](https://github.com/ory/hydra/issues/1174)) ([1e80d6a](https://github.com/ory/hydra/commit/1e80d6a978beb04cc02baeda016d5891d66ac1a1))
* Auto-generate appendix ([#1174](https://github.com/ory/hydra/issues/1174)) ([5c3dffb](https://github.com/ory/hydra/commit/5c3dffbf58a8689093c51b5e2820978c9a969138))
* Fix benchmark path ([aa0926c](https://github.com/ory/hydra/commit/aa0926cad35ca4608b082d2957c50faebd569e1f))
* Fix benchmark path ([61c6375](https://github.com/ory/hydra/commit/61c6375a521e155dc1bcb5555cbc6466b7465b3a))
* Fix broken benchmark path ([891aabe](https://github.com/ory/hydra/commit/891aabedad778dc01a39e6241ce69982324217ee))
* Fix broken benchmark path ([af56862](https://github.com/ory/hydra/commit/af568625ddd685e496810811b9ff783448039160))
* Fix migrate sql command at upgrading guide ([#1183](https://github.com/ory/hydra/issues/1183)) ([9f991f2](https://github.com/ory/hydra/commit/9f991f2baf39fdeb059a498a16aa4d20df59b90e))
* Incorporates changes from version v1.0.0-beta.9 ([4b52a07](https://github.com/ory/hydra/commit/4b52a0763a38f2e8ef724d9711f91b5a3dd63663))
* Link to proper benchmarks section ([#1102](https://github.com/ory/hydra/issues/1102)) ([b133d79](https://github.com/ory/hydra/commit/b133d796a9a1775b74d46ef9ffaeb94bf8970761)):
Updated URL of performance benchmarks results.
* Update link to security console ([26db8db](https://github.com/ory/hydra/commit/26db8dba7a2d7bf74251a48ae5d6ac6e19315dc9))
* Update upgrade guide ([6814af0](https://github.com/ory/hydra/commit/6814af0c34b8760f166be9644a947568707401ac))
* Updates issue and pull request templates ([8616aca](https://github.com/ory/hydra/commit/8616aca1c7bb5aedae0f88bb4c8e9424b99397a6))
* Updates issue and pull request templates ([#1096](https://github.com/ory/hydra/issues/1096)) ([a6478c3](https://github.com/ory/hydra/commit/a6478c3a7f1157d82622233fc2be3301d1b497cb))
* Updates issue and pull request templates ([#1101](https://github.com/ory/hydra/issues/1101)) ([c62d8f3](https://github.com/ory/hydra/commit/c62d8f3157b4ca56969efc082797d084e86424c1))
### Unclassified
* docs. Update installation instructinos ([6f72a57](https://github.com/ory/hydra/commit/6f72a57a5065490b0d17d718c91324d8f3abdd69))
* sdk/js: Declare opencollective as devdep (#1109) ([d3a0717](https://github.com/ory/hydra/commit/d3a0717a8064241868e7f5833e8dcbd55b70343e)), closes [#1109](https://github.com/ory/hydra/issues/1109)
* Move dependencies to ory/x (#1095) ([65b7406](https://github.com/ory/hydra/commit/65b7406abe9e94011235776af009d0da94b01617)), closes [#1095](https://github.com/ory/hydra/issues/1095)
* Switch to go modules and add vendor (#1077) ([2b491c9](https://github.com/ory/hydra/commit/2b491c9e277cc7a8488030d94c8fc5143e0c4cf7)), closes [#1077](https://github.com/ory/hydra/issues/1077) [#1074](https://github.com/ory/hydra/issues/1074)
* change go-resty import path for gopkg.in/resty.v1 (#1064) ([9ec5fbc](https://github.com/ory/hydra/commit/9ec5fbc148916b2b1cb49d719b596752542beb73)), closes [#1064](https://github.com/ory/hydra/issues/1064):
* sdk/go: Change go-rest import path
* bump fosite version to 0.22.0 - brings in changes to the JWTStrategy ([0f0a204](https://github.com/ory/hydra/commit/0f0a2044116e21b15782e2e0d87dd4894c23fdd0))
* cmd/server: Export Handler bootstrap functions (#1023) ([60e3dab](https://github.com/ory/hydra/commit/60e3dab1b5ede60f630f763e3eb0a830ca9f2b96)), closes [#1023](https://github.com/ory/hydra/issues/1023)
* Use latest version of sqlcon ([0fbddcc](https://github.com/ory/hydra/commit/0fbddcce01bbf3aed2870d981bdf6887464b276a))
* Add ability to specify consent and login lifespan ([#1155](https://github.com/ory/hydra/issues/1155)) ([4a8cf84](https://github.com/ory/hydra/commit/4a8cf84f15a00a27c4fce9fded7f043fb3e8cf7f)), closes [#1057](https://github.com/ory/hydra/issues/1057)
* Add an instrumented implementation of the bcrypt hasher that creates spans around calls to Hash and Compare ([26d1d12](https://github.com/ory/hydra/commit/26d1d12c77b69dc155ba8ba89b629c2743023969))
* Add e2e tests checking consistency ([#1184](https://github.com/ory/hydra/issues/1184)) ([328d617](https://github.com/ory/hydra/commit/328d6178db009ca87014ec48b198838142874867))
* Add error response if consent or login challenge is expired ([#1098](https://github.com/ory/hydra/issues/1098)) ([bbc4020](https://github.com/ory/hydra/commit/bbc4020064378a838284713a53de1dc19efc0ade)), closes [#1056](https://github.com/ory/hydra/issues/1056)
* Add foreign key migrations ([d194211](https://github.com/ory/hydra/commit/d19421193988b6dd3ca66fb3300f13fe28b7dc2d)), closes [#1131](https://github.com/ory/hydra/issues/1131)
* Add foreign keys ([604051b](https://github.com/ory/hydra/commit/604051bc9f83588e35c8a4da1e396fee793eb61d)), closes [#1131](https://github.com/ory/hydra/issues/1131)
* Add https option to token user command ([#1150](https://github.com/ory/hydra/issues/1150)) ([2ff6561](https://github.com/ory/hydra/commit/2ff65617c08bf186e3b2e20ad9427eb2c4e5b9e7)), closes [#1147](https://github.com/ory/hydra/issues/1147)
* Add login_challenge and login_session_id to consent payload ([#1105](https://github.com/ory/hydra/issues/1105)) ([8038a74](https://github.com/ory/hydra/commit/8038a74563e6e1d06607dd0ae4c14194b2393dbe))
* Add missing indices ([#1157](https://github.com/ory/hydra/issues/1157)) ([0b26a63](https://github.com/ory/hydra/commit/0b26a6330ff379f70cff5fa958b7247b4b49867d)), closes [#1138](https://github.com/ory/hydra/issues/1138)
* Add OAuth2 audience claim and improve migrations ([#1145](https://github.com/ory/hydra/issues/1145)) ([3a10df9](https://github.com/ory/hydra/commit/3a10df9bff259dee9b0d635b6522e098fbdd8cc3)), closes [#883](https://github.com/ory/hydra/issues/883) [#1144](https://github.com/ory/hydra/issues/1144):
This patch adds the ability to whitelist and request an audience
when performing any OAuth 2.0 Flow. The audience is useful in multi-
tenant environments where access tokens should be restricted to certain
resources.
* Add options cors middleware handler ([#1125](https://github.com/ory/hydra/issues/1125)) ([1f3a123](https://github.com/ory/hydra/commit/1f3a1231c0a5813395d936107f3a155b2fad8581))
* Add pk field to sql struct ([0e4e07b](https://github.com/ory/hydra/commit/0e4e07bd3a73b2dba494df089dc67e36d181ae6f))
* Add serial pk to sql schema ([e5e9685](https://github.com/ory/hydra/commit/e5e96857307294206c55f28788a07d24b8b319bc)), closes [#1059](https://github.com/ory/hydra/issues/1059)
* Add serial pk to sql schema ([033c2e2](https://github.com/ory/hydra/commit/033c2e24453f84ed51f50b39175ee2825640f5d6)), closes [#1059](https://github.com/ory/hydra/issues/1059)
* Add SessionsPath const ([#1027](https://github.com/ory/hydra/issues/1027)) ([3ee0b3f](https://github.com/ory/hydra/commit/3ee0b3f3bf7b44fab3f5a51d19ae2c61629ba7bd))
* Add support for distributed tracing ([#1019](https://github.com/ory/hydra/issues/1019)) ([1cd4d17](https://github.com/ory/hydra/commit/1cd4d174988600a0f03fdb88f0f9e2fe19d268fa))
* Add support for tracing DB interactions ([#1115](https://github.com/ory/hydra/issues/1115)) ([f32d1b0](https://github.com/ory/hydra/commit/f32d1b084bcab348f66bcb1dae1f76e416090e65)):
* tracing: add support for tracing interactions with the database
* tracing: add tests for new BackendConnector options
* tracing:
• export connector options and hide hydra specific connector options
• remove config for allowing SQL query args to be included in spans
* tracing: use keyed fields when instantiating TracedBCrypt + helper to determine if Tracing has been configured to DRY up code
* tracing: document the TRACE_ environment variables
* tracing: fixes bug in WithTracing() and adds test coverage
* tracing: add sample tracing configuration in docker-compose
* Add unit tests for instrumented bcrypt hasher ([566dd45](https://github.com/ory/hydra/commit/566dd45227dd1807e900cca0b222a44c622e9f1b))
* Added test coverage to cover the unique constraint placed on the `request_id` column in the hydra_oauth2_access and hydra_oauth2_refresh tables. ([4401dd9](https://github.com/ory/hydra/commit/4401dd96c256e2ebcc64e3e21d704048fab912cd))
* Bump fosite to 0.24.0 ([#1062](https://github.com/ory/hydra/issues/1062)) ([2ec8f81](https://github.com/ory/hydra/commit/2ec8f81d6b14c5ca35ad4dc01280c4dde3bf8ad2))
* Bump version to 0.23.0 and incorporate breaking changes made to the Hasher interface ([e96c7a4](https://github.com/ory/hydra/commit/e96c7a401f0604ca1c5c34e59b5244421457f085))
* Clean up foreign key work ([3efa71e](https://github.com/ory/hydra/commit/3efa71ea525bc6314cdaf46fae92964889ee42b6)), closes [#1131](https://github.com/ory/hydra/issues/1131)
* Clean up format ([f26a66d](https://github.com/ory/hydra/commit/f26a66d5f1f47b967d07d8842a6e7232ef6aa5d5))
* Clean up SDKs ([671b69c](https://github.com/ory/hydra/commit/671b69c7638a158cfdce5154901857f18b717e79))
* Do not echo secrets if explicitly set ([5b484d7](https://github.com/ory/hydra/commit/5b484d7937cf066e21bb4a726450649ed5fb04f7))
* Document userinfo as GET instead of POST ([#1161](https://github.com/ory/hydra/issues/1161)) ([fa19d23](https://github.com/ory/hydra/commit/fa19d23983b83277a29c16f51bf4fc994b13f965)), closes [#1049](https://github.com/ory/hydra/issues/1049)
* Enable cors for wellknown endpoints ([#1118](https://github.com/ory/hydra/issues/1118)) ([3466664](https://github.com/ory/hydra/commit/34666645226b2fcfc450a1e08a0465b4ffb26349))
* Export test helpers ([#1051](https://github.com/ory/hydra/issues/1051)) ([85eb863](https://github.com/ory/hydra/commit/85eb863f3400cde91ce977e58323c31f82f59710)), closes [#1043](https://github.com/ory/hydra/issues/1043)
* Fix broken JWK definitions and add Java SDK ([#1045](https://github.com/ory/hydra/issues/1045)) ([8555973](https://github.com/ory/hydra/commit/85559731db6578a27ef91e44c06b3fc041ed1e7b))
* Fix flaky port finder ([a68cca9](https://github.com/ory/hydra/commit/a68cca918c38ad11ab15810836a52ddbe7e1427f)), closes [#1054](https://github.com/ory/hydra/issues/1054)
* Fix flaky random test ([c0b7a39](https://github.com/ory/hydra/commit/c0b7a393a454d07376754b4d68b743054ce42bb2)), closes [#1053](https://github.com/ory/hydra/issues/1053)
* Fix missing session data in jwt at ([#1113](https://github.com/ory/hydra/issues/1113)) ([80c9d34](https://github.com/ory/hydra/commit/80c9d3476b941bfcd342873c5605a19a39ac44d7)), closes [#1106](https://github.com/ory/hydra/issues/1106):
This patch fixes missing session data in OAuth2 Access Tokens formatted as JSON Web Tokens. It also improves e2e tests which now test if claims and data are set correctly, including after refreshes.
* Fix test to pass non-nil context ([c525bd0](https://github.com/ory/hydra/commit/c525bd0fa5b2eb28d3dc60ffe5b966278924a4ce))
* Fixes broken test as a result of the unique constraint placed on the request_id column ([1cf0850](https://github.com/ory/hydra/commit/1cf0850520a4c3b75103bc2afd3e8aed01bde979))
* Force migration order ([e152f75](https://github.com/ory/hydra/commit/e152f75bee06a2fb3354a5fdcdfccb04f33ef623)), closes [#1131](https://github.com/ory/hydra/issues/1131)
* Ignore row count in revoke ([#1173](https://github.com/ory/hydra/issues/1173)) ([c9f4a16](https://github.com/ory/hydra/commit/c9f4a167bd2568cc73423f8d8716c3075a3355ff)), closes [#1168](https://github.com/ory/hydra/issues/1168)
* Ignore row count in revoke ([#1173](https://github.com/ory/hydra/issues/1173)) ([ed1a6f6](https://github.com/ory/hydra/commit/ed1a6f6ae3e02f987071f127f811097d56fe4003)), closes [#1168](https://github.com/ory/hydra/issues/1168)
* Improve e2e test pipeline ([#1180](https://github.com/ory/hydra/issues/1180)) ([c36f9a4](https://github.com/ory/hydra/commit/c36f9a462d7a413d857f06cfbf0fa3c38f09a471))
* Improve issuer error message ([#1152](https://github.com/ory/hydra/issues/1152)) ([ef27911](https://github.com/ory/hydra/commit/ef279119971c357810d757aada5475c9de99eb3b)), closes [#1133](https://github.com/ory/hydra/issues/1133)
* Improve migrate error messages ([57378ed](https://github.com/ory/hydra/commit/57378ed8dab2630ded142e437fa1bdbc4f045532)), closes [#1026](https://github.com/ory/hydra/issues/1026)
* Improve migration test suite ([9a237db](https://github.com/ory/hydra/commit/9a237db42b9091fc071b82c28b7145ef7b317432)), closes [#1131](https://github.com/ory/hydra/issues/1131)
* Improve migration tests ([3cf9f5f](https://github.com/ory/hydra/commit/3cf9f5fba761a3499f3166150104b364890af062)), closes [#1131](https://github.com/ory/hydra/issues/1131)
* Improve token user error handling ([#1149](https://github.com/ory/hydra/issues/1149)) ([8cc62a1](https://github.com/ory/hydra/commit/8cc62a1a565916baca64670c5583018df385604d)), closes [#1143](https://github.com/ory/hydra/issues/1143)
* Instantiate PKCE after oidc ([#1123](https://github.com/ory/hydra/issues/1123)) ([2dd6add](https://github.com/ory/hydra/commit/2dd6add7f3503480d9aa4ab68945cf28cf779c91)), closes [#1060](https://github.com/ory/hydra/issues/1060)
* Introduce auto-increment sql pk ([e876b28](https://github.com/ory/hydra/commit/e876b285c700ca4deb11921baa1293b3044b67a7))
* Make client registration endpoint configurable ([#1167](https://github.com/ory/hydra/issues/1167)) ([ddafef5](https://github.com/ory/hydra/commit/ddafef543cbb828d8dcb460b7ba5005880db332e)), closes [#1072](https://github.com/ory/hydra/issues/1072)
* Make run-appendix executable ([3f54872](https://github.com/ory/hydra/commit/3f5487294d657240246ed8a4310cb57937399868))
* Make run-appendix executable ([c9cd0a3](https://github.com/ory/hydra/commit/c9cd0a3e2f007d0bfa22097ad065365aa1dc9cea))
* Make tests compatible with foreign keys ([fcb7019](https://github.com/ory/hydra/commit/fcb7019e51fe2aabb7f31f0309bedfc814663ceb)), closes [#1131](https://github.com/ory/hydra/issues/1131)
* Minor bug fix in JWK sql migrations test case ([#1136](https://github.com/ory/hydra/issues/1136)) ([48b2a22](https://github.com/ory/hydra/commit/48b2a2278cc371d800891dd4a3ffeea9322a6140)), closes [#1135](https://github.com/ory/hydra/issues/1135)
* Only fetch latest consent state ([#1124](https://github.com/ory/hydra/issues/1124)) ([0df90c8](https://github.com/ory/hydra/commit/0df90c86f511a0c5e29479235fbedb61d5b7a22e)), closes [#1119](https://github.com/ory/hydra/issues/1119):
This patch resolves an issue where authorize code flow response times deteriorate as users log in often.
* Pass context through to sql store ([b76d5d8](https://github.com/ory/hydra/commit/b76d5d83c652fcc89ca1ecc70ef5da450a1a689f))
* Pass context thru to method that makes the query for tracing integration ([bd9c88d](https://github.com/ory/hydra/commit/bd9c88da72e04d098d0989986d7b552a522d4931))
* Pass the request context along to the sql store. ([b23029b](https://github.com/ory/hydra/commit/b23029b96ccd430b088e518e8d69da09819a1437))
* Propagate context in migrate command ([14b618b](https://github.com/ory/hydra/commit/14b618bb6325943743037cc910721a7239fda67a))
* Propagate go context down the call path ([4188f69](https://github.com/ory/hydra/commit/4188f69c454bca627020f9e3d05cdfaf26f71ede))
* Propagate go context down the call path ([5dda1a2](https://github.com/ory/hydra/commit/5dda1a2dbb70192971d9ca92db8ff6144eee4fc8))
* Properly propagate acr value ([#1160](https://github.com/ory/hydra/issues/1160)) ([e88c7b6](https://github.com/ory/hydra/commit/e88c7b630ba2b39bc70c98c4bf5077acacddd585)), closes [#1032](https://github.com/ory/hydra/issues/1032)
* Register healthx.AliveCheckPath route for frontend ([#1128](https://github.com/ory/hydra/issues/1128)) ([554a78d](https://github.com/ory/hydra/commit/554a78d82fa748a661c4b69a6dd95d83eccff06d)):
This is needed for external health checks (from loadbalancing
infrastructure for example) and black box monitoring.
* Remove bad tracing config from docker-compose.yml ([845808f](https://github.com/ory/hydra/commit/845808f1403a4347446f80d85df21b093c60a6f7))
* Resolve broken test ([cefaf46](https://github.com/ory/hydra/commit/cefaf46213405014d52cab450cfa23e295f34201))
* Resolve broken wildcard cors ([#1159](https://github.com/ory/hydra/issues/1159)) ([330172b](https://github.com/ory/hydra/commit/330172b1eb1047f1315b3d37f218553de4e3647d)), closes [#1073](https://github.com/ory/hydra/issues/1073):
Resolves an issue where wildcards would incorrectly be used as literal strings.
* Resolve index/fk regression issues ([#1178](https://github.com/ory/hydra/issues/1178)) ([11924bf](https://github.com/ory/hydra/commit/11924bf5f72fb830aed55dd57c879bb69e0013d7)), closes [#1177](https://github.com/ory/hydra/issues/1177)
* Resolve issues with secret migration ([#1129](https://github.com/ory/hydra/issues/1129)) ([c8104f4](https://github.com/ory/hydra/commit/c8104f4a43ec1578c2c4b7a4455ddf78a6ea1d8b)), closes [#1026](https://github.com/ory/hydra/issues/1026):
This patch resolves an issue which made it impossible to rotate secrets because an un-hashed version was used.
* Resolve panic in migration handler ([#1151](https://github.com/ory/hydra/issues/1151)) ([94dae22](https://github.com/ory/hydra/commit/94dae2293c31ff6890b4739e3249e434a6e54a4d)), closes [#1137](https://github.com/ory/hydra/issues/1137)
* Resolve printf warnings ([#1039](https://github.com/ory/hydra/issues/1039)) ([145f89c](https://github.com/ory/hydra/commit/145f89c65099c1e1906d75cd4cdcc04cf638fec5))
* Resolve refresh flow issues with audience, scope ([#1156](https://github.com/ory/hydra/issues/1156)) ([ccc34de](https://github.com/ory/hydra/commit/ccc34dea62f83a180d9a99cf13db6b837ebf2f03)), closes [#1153](https://github.com/ory/hydra/issues/1153)
* Resolves [#1067](https://github.com/ory/hydra/issues/1067) by adding indices to: ([f6653d8](https://github.com/ory/hydra/commit/f6653d80ecbbdeafeb37fa22dedb2fca264623ba)):
• `request_id` column in the hydra_oauth2_access & hydra_oauth2_refresh tables
• `requested_at` column in the hydra_oauth2_access table
* Set fetch order to descending ([#1126](https://github.com/ory/hydra/issues/1126)) ([d291349](https://github.com/ory/hydra/commit/d2913495770dae502ed095fd04fe42348435f2bb))
* Update all consumers of client store to pass in a context ([093762a](https://github.com/ory/hydra/commit/093762a9068f8559fde04f03379cac0d76436715))
* Update consent manager method signatures to take in a context and update all consumers ([ceb9592](https://github.com/ory/hydra/commit/ceb959293f1f012b1133c0a490a1e8a3262bbbe0))
* Update fosite to 0.27.3 ([#1164](https://github.com/ory/hydra/issues/1164)) ([e0143b2](https://github.com/ory/hydra/commit/e0143b2edd033243f55155394a2c53613a1d5cf8))
* Update interface to take in context ([4a8a383](https://github.com/ory/hydra/commit/4a8a383dec7f3fea0fa3c685138b801342cdc528))
* Update manager to take in context and update all consumers ([404bdd7](https://github.com/ory/hydra/commit/404bdd711f695b168e36ab5fbea117627626681c))
* Update RS256JWTStrategy to adhere to the new interface ([a190bee](https://github.com/ory/hydra/commit/a190bee53c743bb632690077cd571e69a4586047))
* Update store to use context aware db methods ([18501f5](https://github.com/ory/hydra/commit/18501f57fff8352550fdfe9dfabc2204ed508b96))
* Update stores, migrations and their associated tests to accept and propagate context ([b5c3968](https://github.com/ory/hydra/commit/b5c396892bfea9e8a602375aaccc6074a4732c18))
* Update swagger endpoint definition ([#1166](https://github.com/ory/hydra/issues/1166)) ([89f5960](https://github.com/ory/hydra/commit/89f5960c9ae73072c9463be2feef6e033b628393)), closes [#1070](https://github.com/ory/hydra/issues/1070)
* Update to ory/x:v0.0.29 ([88a1fcb](https://github.com/ory/hydra/commit/88a1fcb1b0427505c56e74bf82a370b74f3376dc))
* Upgrade to fosite 0.27.4 ([#1171](https://github.com/ory/hydra/issues/1171)) ([a714a63](https://github.com/ory/hydra/commit/a714a63566e8c306af95b70257f062774572ad8d)), closes [#1025](https://github.com/ory/hydra/issues/1025)
* Upgrade to fosite 0.27.4 ([#1171](https://github.com/ory/hydra/issues/1171)) ([e42e7be](https://github.com/ory/hydra/commit/e42e7bed9c80216132688ac33ca646113328a7ec)), closes [#1025](https://github.com/ory/hydra/issues/1025)
* Upgrade to fosite 0.28.0 ([#1172](https://github.com/ory/hydra/issues/1172)) ([3d5b727](https://github.com/ory/hydra/commit/3d5b7273fafb9543d1efe8ed9c78923a5d1e6b0f)), closes [#1088](https://github.com/ory/hydra/issues/1088):
This patch enables refresh token expiry.
* Upgrade to fosite 0.28.0 ([#1172](https://github.com/ory/hydra/issues/1172)) ([196a85f](https://github.com/ory/hydra/commit/196a85f6544fb7a6f24edfb51de7946efdf7986e)), closes [#1088](https://github.com/ory/hydra/issues/1088):
This patch enables refresh token expiry.
* Upgrades to ory/x 0.0.30 ([964eaa3](https://github.com/ory/hydra/commit/964eaa3c81699a86f3012b19f9d388585bf0397e)), closes [#1191](https://github.com/ory/hydra/issues/1191)
* Use context aware db methods ([dbeb473](https://github.com/ory/hydra/commit/dbeb4734525c5e19466a31017542c67e469301de))
* Use context aware db methods ([bb77d59](https://github.com/ory/hydra/commit/bb77d5935cae6e67b811925ae3846315e89cc173))
* Use context aware db methods ([5ac7b15](https://github.com/ory/hydra/commit/5ac7b15e752fd91b6e524a3794ae3c588a283151))
* Use instrumented bcrypt hasher if tracing has been enabled ([acea751](https://github.com/ory/hydra/commit/acea751a671606206760fd02f6eb336019e08dc5))
* Use new api groups everywhere ([700a4a2](https://github.com/ory/hydra/commit/700a4a2efff7d770fffb98f098314d714d60266e))
* Wellknown should use corsMiddleware ([#1116](https://github.com/ory/hydra/issues/1116)) ([c260199](https://github.com/ory/hydra/commit/c26019929b8220a0b9a8db976ea8f46c9117e78a))
# [1.0.0-beta.9](https://github.com/ory/hydra/compare/v1.0.0-beta.8...v1.0.0-beta.9) (2018-09-01)
docker: Update compose definitions (#1020)
Signed-off-by: arekkas <aeneas@ory.am>
### Documentation
* Incorporates changes from version v1.0.0-beta.8 ([4a1489b](https://github.com/ory/hydra/commit/4a1489b9b636cd0fef6f9089ea7677cad996b20e))
* Update migration guide ([f8bb760](https://github.com/ory/hydra/commit/f8bb7609f4869778aeb32981e25a8a1c14498202))
### Unclassified
* Delete Procfile (#1001) ([84b2dff](https://github.com/ory/hydra/commit/84b2dff111f273327f519c45fba72daf48d88e06)), closes [#1001](https://github.com/ory/hydra/issues/1001)
* Accept expired JWTs as id_token_hint ([#1017](https://github.com/ory/hydra/issues/1017)) ([67346d3](https://github.com/ory/hydra/commit/67346d3b9c640f83e7c41bb300f3d39736c644d0)), closes [#1014](https://github.com/ory/hydra/issues/1014)
* Add ability to rotate SYSTEM_SECRET ([929cbe5](https://github.com/ory/hydra/commit/929cbe55ff5b47d2fdd380388ce3033000a92448)), closes [#73](https://github.com/ory/hydra/issues/73)
* Add new methods to SDK interface ([#994](https://github.com/ory/hydra/issues/994)) ([fed7823](https://github.com/ory/hydra/commit/fed78237b61e5ffd9180f6f4730cfdc2d15d608a)), closes [#991](https://github.com/ory/hydra/issues/991)
* Add version to banner ([#995](https://github.com/ory/hydra/issues/995)) ([f819f6d](https://github.com/ory/hydra/commit/f819f6d3922a908ce62194c8dfd710a96f6d828f)), closes [#987](https://github.com/ory/hydra/issues/987)
* Clarify HYDRA_ADMIN_URL in missing endpoint message ([#1018](https://github.com/ory/hydra/issues/1018)) ([cf20b4f](https://github.com/ory/hydra/commit/cf20b4f21b815f5880c81b5f41e4b795ee3ded80)), closes [#1016](https://github.com/ory/hydra/issues/1016)
* Disable CORS by default ([#997](https://github.com/ory/hydra/issues/997)) ([251bd5c](https://github.com/ory/hydra/commit/251bd5c5b1cf84b012c33cda0fc27db2cfdf48fa)), closes [#996](https://github.com/ory/hydra/issues/996):
This patch introduces environment variable `CORS_ENABLED` which toggles CORS.
* Disable plugin backend through 'noplugin' tag ([#986](https://github.com/ory/hydra/issues/986)) ([96f4cb3](https://github.com/ory/hydra/commit/96f4cb3cc11d2befbce453d5c2e0fed3a85fa72a)):
Debugging Hydra in Go 1.10 and 1.11 (confirmed by one of its members),
is not possible due to [this unresolved
bug](https://github.com/golang/go/issues/23733) which is related to the
use of the plugin functionality.
This change allows passing a build tag which will disable plugin
implementation and therefore allow to debug in all the use-cases where
plugin backend is not needed.
* Enable client specific CORS settings ([#1009](https://github.com/ory/hydra/issues/1009)) ([a36d0af](https://github.com/ory/hydra/commit/a36d0af611582985de5d7e939d059425b1b30d45)), closes [#975](https://github.com/ory/hydra/issues/975):
Field `allowed_cors_origins` was added to OAuth 2.0 Clients. It enables
CORS for the whitelisted URLS for paths which clients interact with,
such as /oauth2/token.
* Fix serve all cmd in docker files ([#1000](https://github.com/ory/hydra/issues/1000)) ([bba5287](https://github.com/ory/hydra/commit/bba5287f21d0de235b2b424eb0fe1292bae8af08))
* Fix use of uninitialized logger ([#1015](https://github.com/ory/hydra/issues/1015)) ([6549f1e](https://github.com/ory/hydra/commit/6549f1e9cfc7a05df82b35f9e71be511e3ce9a47)):
The MustValidate() function is sometimes called before any other logging
function has been called and this results in a crash. An easy way to
reproduce the crash is to change OAUTH2_ACCESS_TOKEN_STRATEGY=jwt in the
default docker-compose.yml
* Forward session and login information ([2217103](https://github.com/ory/hydra/commit/2217103e056d98c384656df2e8dc08fcab8c0b98)), closes [#1003](https://github.com/ory/hydra/issues/1003):
Consent and login requests now carry context information for previous requests.
* Populate consent session with default values ([#989](https://github.com/ory/hydra/issues/989)) ([c67b7fe](https://github.com/ory/hydra/commit/c67b7fe7475a50c2ea33817ecef4bb4533280867)), closes [#988](https://github.com/ory/hydra/issues/988)
* Public subject type should cause public id alg ([#993](https://github.com/ory/hydra/issues/993)) ([3040c0f](https://github.com/ory/hydra/commit/3040c0f6eb9d32957ddb1ec1402f483a49faa10f)), closes [#992](https://github.com/ory/hydra/issues/992)
* Remove config option ([5292f6c](https://github.com/ory/hydra/commit/5292f6c379e9fcbb0dbaa6bd188a03fa1b29feda))
* Replace aeneasr/cors with rs/cors ([bb9f8e0](https://github.com/ory/hydra/commit/bb9f8e084218354b5ce2be84ecb47a3d14d63de7)), closes [#1010](https://github.com/ory/hydra/issues/1010)
* Resolve broken expiry when refreshing id token ([#1002](https://github.com/ory/hydra/issues/1002)) ([c72e64c](https://github.com/ory/hydra/commit/c72e64cebdc3651b3b554f096d4db618e7f44acc)), closes [#985](https://github.com/ory/hydra/issues/985)
* Update compose definitions ([#1020](https://github.com/ory/hydra/issues/1020)) ([f359d08](https://github.com/ory/hydra/commit/f359d0809badec1219d4678afe54ae628b0bdf70))
* Upgrade sqlcon to 0.0.6 ([#1008](https://github.com/ory/hydra/issues/1008)) ([4f0e061](https://github.com/ory/hydra/commit/4f0e06122966ceacd44cfaed2db2093ed788fc5b)), closes [#1007](https://github.com/ory/hydra/issues/1007)
* Upgrade to new fosite compose API ([480904f](https://github.com/ory/hydra/commit/480904f380ec94c833aefc833d444b7a5aeda363))
* Use viper for cors detection ([#998](https://github.com/ory/hydra/issues/998)) ([0ea6ba0](https://github.com/ory/hydra/commit/0ea6ba06332279d85c524b0e1bc22aab0e5c4ff3))
# [1.0.0-beta.8](https://github.com/ory/hydra/compare/v1.0.0-beta.7...v1.0.0-beta.8) (2018-08-10)
consent: Add logout api endpoint (#984)
Closes #970
Signed-off-by: Michael DeRazon <mderazon@gmail.com>
Signed-off-by: arekkas <aeneas@ory.am>
### Documentation
* Incorporates changes from version v1.0.0-beta.7 ([90abb14](https://github.com/ory/hydra/commit/90abb1408bc8074ea65b3f8ff0bbe48ee7533bfc))
* Update MAINTAINERS ([e459cc2](https://github.com/ory/hydra/commit/e459cc2d32f9953404eb3f52f67b837b85819467))
### Unclassified
* unstaged ([5ca384d](https://github.com/ory/hydra/commit/5ca384d04e4f93d6259045b8823915c40a306e17))
* unstaged ([5026bfb](https://github.com/ory/hydra/commit/5026bfb459e5bd70985680b455daddea724892e6))
* Use spdx expression for license in package.json ([c2a9ca4](https://github.com/ory/hydra/commit/c2a9ca4366f35dc8e7c22fe933f3907d422282e9))
* Add AdminURL and PublicURL to configuration ([191902d](https://github.com/ory/hydra/commit/191902d5c932adffda26a7b6cbe12a5969327447))
* Add and enhance access/refresh token tests ([e79014d](https://github.com/ory/hydra/commit/e79014d33b597740d3bf7923c0e9b55e2ab51155)):
This patch introduces more tests for code and refresh flows and the JWT
strategy.
* Add api endpoint to list all authorized clients by user ([#954](https://github.com/ory/hydra/issues/954)) ([7aace33](https://github.com/ory/hydra/commit/7aace33179541b866f00fa3d14fee17d235a0e18)), closes [#953](https://github.com/ory/hydra/issues/953)
* Add flags for newly introduced oidc client settings ([c4b902d](https://github.com/ory/hydra/commit/c4b902d8f86fa4ef03704fc16d17e921e5710e61)), closes [#938](https://github.com/ory/hydra/issues/938)
* Add ListUserConsentSessions to OAuth2API interface ([#977](https://github.com/ory/hydra/issues/977)) ([1bd8ab7](https://github.com/ory/hydra/commit/1bd8ab7d6bfe224e33f700959416b5c5e726bdbc))
* Add logout api endpoint ([#984](https://github.com/ory/hydra/issues/984)) ([93dcbcf](https://github.com/ory/hydra/commit/93dcbcf3b9e0726c03b45b7e74ec9ca4c89eab03)), closes [#970](https://github.com/ory/hydra/issues/970)
* Add scope to introspection test suite ([#941](https://github.com/ory/hydra/issues/941)) ([2bf24b9](https://github.com/ory/hydra/commit/2bf24b9d92eb989d8079a0a73c2a6b3147bc64ca))
* Adds JWT Access Token strategy ([c932ab4](https://github.com/ory/hydra/commit/c932ab4571f1ae75c526e9b19d5a7c60d533ca41)), closes [#248](https://github.com/ory/hydra/issues/248):
This patch adds the (experimental) ability to issue JSON Web Tokens instead of ORY Hydra's opaque access tokens. Please be aware that this feature has had little real-world and unit testing and may not be suitable for production.
Simple integration tests using the JWT strategy have been added to ensure functionality.
To use the new JWT strategy, set environment variable `OAUTH2_ACCESS_TOKEN_STRATEGY` to `jwt`. For example: `export OAUTH2_ACCESS_TOKEN_STRATEGY=jwt`.
Please be aware that we (ORY) do not recommend using the JWT strategy for various reasons. If you can, use the default and recommended "opaque" strategy instead.
* Adds subject_type support to oidc discovery ([78e6552](https://github.com/ory/hydra/commit/78e65521c2224e24f670771472fd760067b5ce0a)), closes [#950](https://github.com/ory/hydra/issues/950)
* Deprecate `public` flag ([8f71806](https://github.com/ory/hydra/commit/8f7180696d23a68fd73bcec7f1ef46078f34c6dd)), closes [#938](https://github.com/ory/hydra/issues/938):
The `public` flag has been deprecated in favor of setting `token_endpoint_auth_method=none`.
* Deprecate field `id`, now only `client_id` is to be used ([a8b9b02](https://github.com/ory/hydra/commit/a8b9b022d92be09f59046b7eed5867eccef48bd7))
* Expose ./well-known/jwks.json on public port ([e30d48b](https://github.com/ory/hydra/commit/e30d48b2971b9743a24cf9165dced85029943a35))
* Fix 2-port tests and improve upgrade guide ([f32c97e](https://github.com/ory/hydra/commit/f32c97e844ec3cbfbfc9a53fab8f4c3719c463b4))
* Fix reporting of epected vs. received status codes ([#961](https://github.com/ory/hydra/issues/961)) ([8632a2e](https://github.com/ory/hydra/commit/8632a2e9b50e67d298d24322bc28d86b69e70589)):
Asking for a non-existent client results in the following confusing
error message:
```
Command failed because calling "GET http://hydra:4444/clients/no-such-client" resulted in status code "200" but code "404" was expected.
{"error":"Unable to locate the resource","error_description":"","status_code":404}
```
This commit fixes the expectedStatusCode and response.StatusCode
arguments to fmt.Fprintf which were reversed.
* Improve "token user" flag defaults ([2172bc0](https://github.com/ory/hydra/commit/2172bc02ed79c7ff7c9f0c22ebb65e3d9914652f))
* Improve CLI tests ([ba34b0c](https://github.com/ory/hydra/commit/ba34b0cbfc85664400e4a7d7116ec02fe35b514d))
* Improve client help messages ([8c08f41](https://github.com/ory/hydra/commit/8c08f41b9a5cd79513fe8e6c3070be9cac494111))
* Improve memory manager error messages ([#978](https://github.com/ory/hydra/issues/978)) ([5093152](https://github.com/ory/hydra/commit/5093152d6e5b7885164ffea98721c21b9e4907b3)), closes [#976](https://github.com/ory/hydra/issues/976)
* Improve token endpoint authentication error message ([6885a3f](https://github.com/ory/hydra/commit/6885a3fc94be9cab17e7588ebc0710da840144bf))
* Introduce pairwise support ([479acd7](https://github.com/ory/hydra/commit/479acd7ea7c758740824eee62cae624aadcb7ba1)), closes [#950](https://github.com/ory/hydra/issues/950):
This patch introduces the OpenID Connect pairwise Subject Identifier Algorithm.
* Introduce public and administrative ports ([cfee3eb](https://github.com/ory/hydra/commit/cfee3eb3d00ae1c97c6b67c9620223cbeefcb13c)), closes [#904](https://github.com/ory/hydra/issues/904):
This patch introduces two ports, public and administrative. The public
port is responsible for handling API requests to public endpoints such
as /oauth2/auth, while the administrative port handles requests to
JWK, OAuth 2.0 Client, and Login & Consent endpoints.
* Introduce subject type algorithm configuration ([fdd3bb2](https://github.com/ory/hydra/commit/fdd3bb2096dd72ecfb58bd0f654befdd696bbec6)), closes [#950](https://github.com/ory/hydra/issues/950)
* Introduce SubjectType to OAuth2 Clients ([e99d820](https://github.com/ory/hydra/commit/e99d8205fe5411c2bcce62ed4053a0bb940499e4)), closes [#950](https://github.com/ory/hydra/issues/950)
* Make test-e2e-plugin.sh executable ([299928f](https://github.com/ory/hydra/commit/299928f3397d544f051b35c6413d3b0bb51a7b31))
* Print "active:false" when token is inactive ([#981](https://github.com/ory/hydra/issues/981)) ([2227691](https://github.com/ory/hydra/commit/222769123a3b856648a8b19a5c90adb7c12263a2)), closes [#964](https://github.com/ory/hydra/issues/964):
Previously, `omitempty` caused active to be omitted when set to false.
* Properly identify revoked login sessions ([f143949](https://github.com/ory/hydra/commit/f143949dff385baaa212fcdc056420486aa8a14f)), closes [#944](https://github.com/ory/hydra/issues/944)
* Refactor backend connectivity and bootstrap process ([#956](https://github.com/ory/hydra/issues/956)) ([4ea7496](https://github.com/ory/hydra/commit/4ea749607380523bfede702a8bd871c2cea01c6b)), closes [#949](https://github.com/ory/hydra/issues/949):
This patch introduces a new backend interface and improves the plugin loading system.
* Refactor OAuth2 JWT strategy as an interface ([#972](https://github.com/ory/hydra/issues/972)) ([e4e3163](https://github.com/ory/hydra/commit/e4e316342e1daf4d7653b4c2e63194aee5241605))
* Removes authorization from introspection ([17e6311](https://github.com/ory/hydra/commit/17e63116c89fa37363c43c7156ec5565f685bbbd))
* Resolve benchmark build issues ([2663d42](https://github.com/ory/hydra/commit/2663d42dbed630615845972c31dece97c5c20a3a))
* Resolve broken tests caused by public flag removal ([1a2250d](https://github.com/ory/hydra/commit/1a2250d959779ed3d3639b5c3e0e1362d8467ee8))
* Resolve remaining benchmark issue ([7d4b708](https://github.com/ory/hydra/commit/7d4b7087c8be28fa509b7dd34af5d419a6d4e3b4))
* Resolves panic when network fails ([7fe4a21](https://github.com/ory/hydra/commit/7fe4a2113e09d3763075ff8575f5d418b0dcc4aa))
* Return proper error when no consent was found ([#980](https://github.com/ory/hydra/issues/980)) ([8c1a290](https://github.com/ory/hydra/commit/8c1a2908d0bb5806f49bf4dd4f7153d3e139b07d)), closes [#959](https://github.com/ory/hydra/issues/959)
* Share error details with redirect fallback ([#982](https://github.com/ory/hydra/issues/982)) ([123e37e](https://github.com/ory/hydra/commit/123e37e132c4d55756d48ba898e037865e1d293e)), closes [#974](https://github.com/ory/hydra/issues/974)
* Update .dockerignore ([98d85d5](https://github.com/ory/hydra/commit/98d85d5314c4bd3785570916d80988f00f424f32))
* Upgrade sqlcon to 0.0.5 ([#979](https://github.com/ory/hydra/issues/979)) ([0b722b9](https://github.com/ory/hydra/commit/0b722b9636d8ca7046c0b621a03323272399f485)), closes [#880](https://github.com/ory/hydra/issues/880)
* Upgrade superagent to 3.7.0 ([ff68f28](https://github.com/ory/hydra/commit/ff68f28b1e21feb9fd584847b2272aef2fc370dd))
* Upgrade to latest sqlcon ([#975](https://github.com/ory/hydra/issues/975)) ([74cf642](https://github.com/ory/hydra/commit/74cf642d7d28e765c722db2774a27b8f3e3de440)), closes [#965](https://github.com/ory/hydra/issues/965)
# [1.0.0-beta.7](https://github.com/ory/hydra/compare/v1.0.0-beta.6...v1.0.0-beta.7) (2018-07-16)
docs: Improve badge placement
### Documentation
* Add OpenID Certification badge and info ([#933](https://github.com/ory/hydra/issues/933)) ([bb8cce3](https://github.com/ory/hydra/commit/bb8cce3a1c5bf8ec7e29b9181349bd2bb86c1211))
* Fix docker linux link ([#920](https://github.com/ory/hydra/issues/920)) ([694b483](https://github.com/ory/hydra/commit/694b483d403fe7c640b89dcca25e2df441e3df7d)):
The old one 404's
* Improve badge placement ([49faed8](https://github.com/ory/hydra/commit/49faed8c359d982cfcd29ae836743df076a0f881))
* Incorporates changes from version v1.0.0-beta.6 ([ab04898](https://github.com/ory/hydra/commit/ab0489811fa87b7ab80a8d3461cbedb285c74c65))
### Unclassified
* Allow Max-Age to be set to 0 by RememberFor option ([#930](https://github.com/ory/hydra/issues/930)) ([38d591d](https://github.com/ory/hydra/commit/38d591d2627dfdace496032928921df69c33a5cc))
* Auto-remove old keys when upgrading from < beta.7 ([#925](https://github.com/ory/hydra/issues/925)) ([6ca0733](https://github.com/ory/hydra/commit/6ca0733891f9e481b8121d8fbc91be7eca7b8671)), closes [#921](https://github.com/ory/hydra/issues/921)
* Check dependencies are defined before instantiation ([#929](https://github.com/ory/hydra/issues/929)) ([f029101](https://github.com/ory/hydra/commit/f0291014476ca2fcabd9cf55ba796e828092aa8d)), closes [#928](https://github.com/ory/hydra/issues/928)
* Improve handling of legacy `id` field ([35bf581](https://github.com/ory/hydra/commit/35bf58111b0daf3bbd2c3f5a207c11cae0cf5e21)), closes [#924](https://github.com/ory/hydra/issues/924)
* Show error when loading x509 cert fails ([#932](https://github.com/ory/hydra/issues/932)) ([1845a3b](https://github.com/ory/hydra/commit/1845a3bd0fab6d60389677fcdb47535a65146da1))
# [1.0.0-beta.6](https://github.com/ory/hydra/compare/v1.0.0-beta.5...v1.0.0-beta.6) (2018-07-11)
vendor: Updates vendor lockfile
Signed-off-by: arekkas <aeneas@ory.am>
### Documentation
* Incorporates changes from version v1.0.0-beta.5 ([fccbfac](https://github.com/ory/hydra/commit/fccbfaccc6a3f7008ebd68cd7c4275346731192a))
### Unclassified
* Add method that forces the endpoint url to be set ([17903c6](https://github.com/ory/hydra/commit/17903c637e7b3fec50c8a5ec1dec664d85dbc6eb))
* Allows import of PEM/DER/JSON encoded keys ([312f8d1](https://github.com/ory/hydra/commit/312f8d1765b24574b83d56f3545a0b6f4d797b64)), closes [#98](https://github.com/ory/hydra/issues/98)
* Fix sql migration step for oidc ([#919](https://github.com/ory/hydra/issues/919)) ([ad5e8bc](https://github.com/ory/hydra/commit/ad5e8bc9c36acfe8942e58327e7c25fddcb0fe6b)), closes [#918](https://github.com/ory/hydra/issues/918):
A bug was introduced in beta.5 which caused the SQL migrations to fail if data existed in the database already. This patch resolves that and adds test cases for the migration steps by adding data after each migration.
* Resolves minor issues in the HTTP handler ([3bbd5e8](https://github.com/ory/hydra/commit/3bbd5e8ab786e911da4194e47b6c4c1d5045c08d))
* Updates vendor lockfile ([a6ec396](https://github.com/ory/hydra/commit/a6ec396e4c5dbae3143d85c89149bdf406740f9c))
# [1.0.0-beta.5](https://github.com/ory/hydra/compare/v1.0.0-beta.4...v1.0.0-beta.5) (2018-07-07)
oauth2: Removes tokens when consent is revoked
Closes #856
Signed-off-by: arekkas <aeneas@ory.am>
### Documentation
* Adds link to examples repository ([8a1a1c0](https://github.com/ory/hydra/commit/8a1a1c0b44a586a9f5072146977234b13d4a1243))
* Adds results from oidc self-service test suite ([2aec8c9](https://github.com/ory/hydra/commit/2aec8c909b7b4eeef7410ccc9f0d9acae6311b24))
* Incorporates changes from version v0.11.13 ([663f105](https://github.com/ory/hydra/commit/663f105ddfeb435f28dd6b4e9172eefd99f6704b))
* Incorporates changes from version v1.0.0-beta.4 ([69d37d5](https://github.com/ory/hydra/commit/69d37d57312e3e44ca62489deedd9d0765e3fecc))
* Removes obsolete issue template ([1b86288](https://github.com/ory/hydra/commit/1b862882d0cb2a5cd982a235b4640d5a21d0987c))
* Updates certification startup script ([41ae769](https://github.com/ory/hydra/commit/41ae769f095ba7742a1baebe1223a4129a2fc841))
* Updates error layout ([2a561b4](https://github.com/ory/hydra/commit/2a561b4a26d856c4dc5d4a5872a17fc4d94a66e0))
* Updates oidc certification profiles ([041f244](https://github.com/ory/hydra/commit/041f244bf93608864e87a668f8bd83069bc0b65d))
* Updates upgrade instructions ([1bacd47](https://github.com/ory/hydra/commit/1bacd47d6e2aa2a5f394e112c528e5ff74cf743f))
### Unclassified
* Adds ability to define default client scopes ([215bef3](https://github.com/ory/hydra/commit/215bef3add6e82793fb84b5c77512330ed4675c1)):
Environment variable `OIDC_DYNAMIC_CLIENT_REGISTRATION_DEFAULT_SCOPE` was added in order to better implement the OpenID Connect Dynamic Client Registration protocol. The mentioned protocol does not support the concept of whitelisting OAuth 2.0 Scope on a per-client basis. Therefore, the functionality to define the default OAuth 2.0 Scope has been defined.
Keep in mind that exposing the OpenID Connect Dynamic Client Registration functionality to the public effectively disables the OAuth 2.0 Scope whitelisting functionality, as each caller of that API can define which OAuth 2.0 Scope a client may request.
If you decide to expose that functionality, you should NEVER assume that the granted OAuth 2.0 Scope has any meaning when handling requests at your consent endpoint, or when validating requests with tokens issued by the client_credentials flow.
* Adds ability to revoke consent and login sessions ([8780c03](https://github.com/ory/hydra/commit/8780c035614712471a9064136407e0bc67504394)), closes [#856](https://github.com/ory/hydra/issues/856)
* Adds jwk rotation and improves jwk codebase ([a463d23](https://github.com/ory/hydra/commit/a463d23ac983ed473d18ab778ac5195ca3160518))
* Adds parameter broadcast to oidc discovery ([1580677](https://github.com/ory/hydra/commit/158067792699849a3ee5d14d140bbf15876345e0))
* Adds private_key_jwt authentication method ([259d63a](https://github.com/ory/hydra/commit/259d63a4deaccfa8549e4b8b47f3424b173e8eb3))
* Adds sector identifier URL ([bfc9d09](https://github.com/ory/hydra/commit/bfc9d09f6dc98a1e9bf57c597223110b238dd78f))
* Adds userinfo tests ([04929d0](https://github.com/ory/hydra/commit/04929d0250e41a832b80d5a8568410cfcf5b2a22))
* Better error detection in jwt key strategy ([a0ac323](https://github.com/ory/hydra/commit/a0ac323a0440b1f8ef77f0c09ad04d74d4f992a2))
* Bumps fosite to request error handling ([734f64d](https://github.com/ory/hydra/commit/734f64d58c18f41daf906801b1ede8d72b1d14e6))
* Bumps fosite version ([92172b1](https://github.com/ory/hydra/commit/92172b11f78a80bb85974598bb55a8a91c186af3))
* Declares grant type refresh_token as supported ([6837046](https://github.com/ory/hydra/commit/6837046546f384838c1d1a3324b23c609211baad))
* Disallow fragments in client's redirect uri ([457b877](https://github.com/ory/hydra/commit/457b877b906b3ee025f6646a44587e275903d242))
* Do not re-use kid when rotating key ([7b39d2b](https://github.com/ory/hydra/commit/7b39d2bfe75950c53c499caa7fe9878151e55a9c))
* Do not recreate keys when refreshing ([09d3ec7](https://github.com/ory/hydra/commit/09d3ec783047f8d431c80319929350e78750654d))
* Enforces proper error layout ([e38891a](https://github.com/ory/hydra/commit/e38891a9857441a61b3f85a83ae68882dde05ab1))
* Exposes proper oidc configuration ([8f2e931](https://github.com/ory/hydra/commit/8f2e9314f2dc12b74c463e6c8197d860ef26d340))
* Fixes broken SDK test ([0e85594](https://github.com/ory/hydra/commit/0e85594ca527a34883ccf48ea1205293798c60d2))
* Fixes typo in swagger docs ([6c6fb3c](https://github.com/ory/hydra/commit/6c6fb3c744de060b4bdffcdae1b1cb12534aebb1))
* Implements dynamic client registration ([ad86dd1](https://github.com/ory/hydra/commit/ad86dd18d3998ba022d3979a7be4d620ca399df3))
* Implements oidc compliant response_type validation ([8f1515a](https://github.com/ory/hydra/commit/8f1515a2d2ddcf25a9400db6d5af149da6992437))
* Implements proper refreshing strategy ([1d02cae](https://github.com/ory/hydra/commit/1d02cae55431efde4e0aaabeb6e6cfd0844f60cd))
* Implements userinfo response signing ([bc0b54c](https://github.com/ory/hydra/commit/bc0b54c5457f99f1778c294b0bbe5eba8b2ea49a))
* Improves and DRYies validation in the handler ([a689cb0](https://github.com/ory/hydra/commit/a689cb07ca962e2d415afb572ac205ddefb6df1a)), closes [#909](https://github.com/ory/hydra/issues/909)
* Improves error response style ([725c075](https://github.com/ory/hydra/commit/725c075462fec110692b33835b6358048c0bd8fe))
* Improves jwk generation error message ([45d769a](https://github.com/ory/hydra/commit/45d769a2b808e8f6d3dd6f1fd1f7bfa7c1a0c6ac))
* Improves key rotation logic ([d25766c](https://github.com/ory/hydra/commit/d25766c2b8231f24bb0e1ae2bbc2f484c489e979))
* Improves oauth2 fallback endpoints ([0704589](https://github.com/ory/hydra/commit/0704589933d700cc486be9ab4f16d5db7d2f6d48))
* Improves SQL error handling ([738b281](https://github.com/ory/hydra/commit/738b281d2ed4346d921a9f42d2be68d74087c651)), closes [#903](https://github.com/ory/hydra/issues/903)
* Includes fosite's id_token bugfix ([9ef48fa](https://github.com/ory/hydra/commit/9ef48fa00035d1f64a7de58d7126c976f5f5ae38))
* Keep id as alias to client_id ([f344d10](https://github.com/ory/hydra/commit/f344d1070b2eb2ffd0922544b46e75523fca2f8b))
* Key rotation does not rename keys ([53ce537](https://github.com/ory/hydra/commit/53ce537fb6fef0b56a86634c81ae9dc4fb45ac46))
* Properly instantiates client handler ([a40cc49](https://github.com/ory/hydra/commit/a40cc497dd239a9341faec5517ee59d154ef0e4f))
* Properly return errors when resource not found ([200aa81](https://github.com/ory/hydra/commit/200aa816d5f81b139dffbf124fa620d7ebc1362a))
* Refresh signing keys ([7f495e3](https://github.com/ory/hydra/commit/7f495e3571b05f1b08320e6c29818ce362c575c4))
* Removes broken instruction ([ead9b97](https://github.com/ory/hydra/commit/ead9b97a63ccf8aed1cdf84da3669984b5249ab9))
* Removes buggy rotate command and improves jwk refresh ([e41fcf2](https://github.com/ory/hydra/commit/e41fcf263ce9a92e88f59eea62614653836a33b0))
* Removes nesting from error responses ([d511cf8](https://github.com/ory/hydra/commit/d511cf818f96f87a866dc7248d422d5e6e6b02b9))
* Removes tokens when consent is revoked ([00fd517](https://github.com/ory/hydra/commit/00fd517fbf92289c447e3b106f267fbb35d2ee88)), closes [#856](https://github.com/ory/hydra/issues/856)
* Renames id to client_id in response payload ([97b7ac1](https://github.com/ory/hydra/commit/97b7ac1a1bb88d4dc0720f7ebe95f7565cf5c890)):
Previously, a client's id was sent as field `id`. This patch renames field `id` to `client_id` as mandated by spec: https://openid.net/specs/openid-connect-discovery-1_0.html
* Resolves issue where stack traces can't be recovered ([92acfe4](https://github.com/ory/hydra/commit/92acfe4e6969f6adf28e77026c44c34d8615714a))
* Resolves minor test issues ([7399eef](https://github.com/ory/hydra/commit/7399eefb925e8ac06fed45a5d2aa3398fb668c1f))
* Resolves MySQL timing issue in tests ([60d39fe](https://github.com/ory/hydra/commit/60d39fec0b1fd57a8146d3044501b6eed25cceb3))
* Resolves well-known test issues ([ffefb74](https://github.com/ory/hydra/commit/ffefb74e0635c49542d77fda90e307f379ee2c06))
* Simplify error helper ([91c06f0](https://github.com/ory/hydra/commit/91c06f0c3e5cac65ace75fd5a8af9056910c4ccb))
* Support other signing algorithms than RS256 ([072b88b](https://github.com/ory/hydra/commit/072b88ba705a29a4dcd0175154024a364dcca1ba))
* Tests for simple equality in JWT strategy ([95c96a0](https://github.com/ory/hydra/commit/95c96a035bd64e682d9b770058b093f02b19b8d6))
* Updates vendored dependencies ([4b138dc](https://github.com/ory/hydra/commit/4b138dc0dfe260497ec89643603f51e6c1172552))
* Updates vendored dependencies ([87aae5f](https://github.com/ory/hydra/commit/87aae5ff39f385d8dfc4519fd762779869612232))
* Uses proper jwt strategy in oauth2 factory ([45e4439](https://github.com/ory/hydra/commit/45e44394383abafdfbed98bdf1727ac7de4355e2))
* Uses RFC6749 errors everywhere ([543e6bc](https://github.com/ory/hydra/commit/543e6bc8726f02774d771ab77471d4d7538671f4))
# [1.0.0-beta.4](https://github.com/ory/hydra/compare/v1.0.0-beta.3...v1.0.0-beta.4) (2018-06-13)
docs: Incorporates changes from version v1.0.0-beta.3
### Documentation
* Incorporates changes from version v1.0.0-beta.3 ([d52cee5](https://github.com/ory/hydra/commit/d52cee546ee8220aeec92b34ae4ced077eec6e91))
# [1.0.0-beta.3](https://github.com/ory/hydra/compare/v1.0.0-beta.2...v1.0.0-beta.3) (2018-06-13)
ci: Do not use yes for overwriting cp
### Continuous Integration
* Do not use yes for overwriting cp ([0cc02f8](https://github.com/ory/hydra/commit/0cc02f857abb22716adc2f40dd81a31b9bb7dd36))
### Documentation
* Adds auto-generated benchmarks ([#897](https://github.com/ory/hydra/issues/897)) ([6a5ecf1](https://github.com/ory/hydra/commit/6a5ecf1f6f616474b80659effb543711919a1926))
* Adds upgrade instructions from 0.9.x to 1.0.0 ([2dcffc1](https://github.com/ory/hydra/commit/2dcffc1e613afc0183d0b2d9eca310f756264140))
* Fixes borken links ([a8e445b](https://github.com/ory/hydra/commit/a8e445b9a35b14b97831bca3c05b52ea686895c4))
* Fixes typo in upgrade guide ([580ff41](https://github.com/ory/hydra/commit/580ff41ddf1f91935fbede6e50926ae48bcdf159))
* Improves list styling in upgrade guide ([c5d4325](https://github.com/ory/hydra/commit/c5d4325c1b8eba544667ce3ffaf1756f051f4212))
* Incorporates changes from version v1.0.0-beta.2 ([a0a5d6c](https://github.com/ory/hydra/commit/a0a5d6cc713c7e8563a41c68c178a7197823692b))
* Resolves broken link in README ([06d0928](https://github.com/ory/hydra/commit/06d0928d6a91d2bd6b0cac137e38e1270a21c085))
* Updates installation from source section ([73af21c](https://github.com/ory/hydra/commit/73af21c3a0896480851f4e10e72d02e66bc45c7a))
* Updates link to open collective ([039c9ee](https://github.com/ory/hydra/commit/039c9ee187e310ed436d64ba96f8d47b2b19ff3f))
* Updates wrong wording in 0.9 -> 1.0 guide ([afbd8f8](https://github.com/ory/hydra/commit/afbd8f88a8f409e762b172fd091b537a0045aa0f))
### Unclassified
* Updates benchmarks ([f67f5df](https://github.com/ory/hydra/commit/f67f5dfbbc28ddf14bad01894784469c176fad6a))
* Updates benchmarks ([2ce1c27](https://github.com/ory/hydra/commit/2ce1c278b215bec2e893307fe09f0bf155ec3891))
* Updates benchmarks ([f4c7dc7](https://github.com/ory/hydra/commit/f4c7dc7150f901067862525da1cb9c49eedd1fb7))
* Updates benchmarks ([b8b6425](https://github.com/ory/hydra/commit/b8b6425f020f778decd0b738163678fc8fe53c03))
* Updates benchmarks ([d8eb737](https://github.com/ory/hydra/commit/d8eb7372d240b00ec823715d42b298e1a3271395))
* Updates benchmarks ([e171c18](https://github.com/ory/hydra/commit/e171c18737ec7ba82aaa548b1e4178db640ad0a0))
* Updates benchmarks ([b6c997d](https://github.com/ory/hydra/commit/b6c997dcde6452c143ae4c42582d3f998f59b405))
* Updates benchmarks ([147d231](https://github.com/ory/hydra/commit/147d23102262525fde9c5e8345e6c41252d3cb48))
* Updates benchmarks ([2b336e0](https://github.com/ory/hydra/commit/2b336e07bf381b12c2931456a551158783de857a))
* Adds vendor.orig to .gitignore ([bc33094](https://github.com/ory/hydra/commit/bc33094f6e6c8847494216eaef7b137161290dff))
* Updates benchmarks ([9932495](https://github.com/ory/hydra/commit/9932495123c3387762177408fb30a515aee70136))
* Updates benchmarks ([4456272](https://github.com/ory/hydra/commit/4456272317b38b6cd4b29698c742625c1dcae31b))
* Updates benchmarks ([ca77bca](https://github.com/ory/hydra/commit/ca77bca9a1c92fe4f612b0e09323770ef24f7ac8))
* Allows reading database from env in migrate sql ([#898](https://github.com/ory/hydra/issues/898)) ([6ba64e4](https://github.com/ory/hydra/commit/6ba64e4f70c098cb45f03455570f382b77f2e76d)), closes [#896](https://github.com/ory/hydra/issues/896)
* Moves to metrics-middleware ([eb22c24](https://github.com/ory/hydra/commit/eb22c244be940da7db8dd7199e990892c0bd3573))
* Propagates oidc_context to consent request ([b6a0951](https://github.com/ory/hydra/commit/b6a095151d4aa2e89a9a0c0cd420a58248065e1c)), closes [#900](https://github.com/ory/hydra/issues/900):
This patch resolves an issue where oidc_context would be included in the login request but not the consent request.
# [1.0.0-beta.2](https://github.com/ory/hydra/compare/v1.0.0-beta.1...v1.0.0-beta.2) (2018-05-29)
ci: Improves build toolchain
### Continuous Integration
* Improves build toolchain ([ec2f3d3](https://github.com/ory/hydra/commit/ec2f3d34218a0dd8d9c2c6bb0c65cb3e40397abc))
# [1.0.0-beta.1](https://github.com/ory/hydra/compare/v0.11.12...v1.0.0-beta.1) (2018-05-29)
docs: Add oidc conformity docs
### Build System
* Updates to Go 1.10 ([73762c6](https://github.com/ory/hydra/commit/73762c6f9da74a9590423269349decd5b09bce32))
### Documentation
* Activating Open Collective ([#805](https://github.com/ory/hydra/issues/805)) ([ab5484b](https://github.com/ory/hydra/commit/ab5484b8054caa5d9adc8327d5274602c411397c))
* Activating Open Collective ([#805](https://github.com/ory/hydra/issues/805)) ([4adf673](https://github.com/ory/hydra/commit/4adf67352ed74640d2e1baa7b137c6f0472e7d23))
* Add oidc conformity docs ([9fefcd3](https://github.com/ory/hydra/commit/9fefcd3d62daef5722bb40a8564a61cc4e630e8c))
* Add redirect URIs for all flows to oidc scripts ([6369452](https://github.com/ory/hydra/commit/6369452c6896128f6609e3daa35ecab78ff19500))
* Adds OIDC Certification setup ([3db2cfc](https://github.com/ory/hydra/commit/3db2cfc4fa7418add8a17839a131cc90706e95ac))
* Adds proper link to telemetry guide ([85ede0c](https://github.com/ory/hydra/commit/85ede0c977cf6322b7e4f22319351f5582d93831))
* Adds remaining oidc certification results ([e5aefd8](https://github.com/ory/hydra/commit/e5aefd8026e0c26eb83f681cb12df345ded66f92))
* Documents that access control is no longer available ([bf8a3e2](https://github.com/ory/hydra/commit/bf8a3e28be42709d9424dc3f39afd514ab59d661)), closes [#888](https://github.com/ory/hydra/issues/888)
* Improves upgrade guide for 1.0.0 ([e387dbc](https://github.com/ory/hydra/commit/e387dbc88e220ec5ec43dd844ddb29278523cdaa))
* Rename alpha to beta in upgrade ([780161b](https://github.com/ory/hydra/commit/780161b43a8dc9bc80f934fde852450592145b93))
* Updates banner ([3399be7](https://github.com/ory/hydra/commit/3399be7612eb9bdf233c48163fa54163dff94c48))
* Updates documentation on keto ([472fbec](https://github.com/ory/hydra/commit/472fbec5dd37f6eca6d83e4888329a08ad7e82d0))
* Updates links to docs ([173ee3d](https://github.com/ory/hydra/commit/173ee3d627f2f3df0b331c4126b641796465632c))
* Updates newsletter link in README ([eb786a5](https://github.com/ory/hydra/commit/eb786a51bba4bedc631fd11a30ed3a27cb6f2f2b))
* Updates oidc cert docs ([bc8ce36](https://github.com/ory/hydra/commit/bc8ce364eb507a2c7477d1603270efabd0f4ea02))
* Updates oidc-conformity proof and scripts ([bded254](https://github.com/ory/hydra/commit/bded2548a109330320437c3338e90ea655fd4f87))
* Updates sponsors and removes patreon links ([606e22d](https://github.com/ory/hydra/commit/606e22da74b61661ff817153c3449f44780780e8))
* Updates upgrade guide ([52dc9ca](https://github.com/ory/hydra/commit/52dc9caa7395c7a991dadd6b20ff715bbf4a1b5a))
### Unclassified
* Tells linguist to ignore SDK files ([e10016c](https://github.com/ory/hydra/commit/e10016c9f3ac22901ca78a8043d897e1f92dd562))
* Tells linguist to ignore SDK files ([f7f010a](https://github.com/ory/hydra/commit/f7f010adaa4e9d22d3e4a883886906b83639516a))
* Merge remote-tracking branch 'origin/master' into 1.0.x ([052ee83](https://github.com/ory/hydra/commit/052ee831e10626f452bf3cbc03a5baa990355ee9)):
# Conflicts:
# Gopkg.lock
# cmd/server/handler.go
# config/config.go
# health/handler.go
# oauth2/consent_strategy.go
* cmd/server: Adds SQL consent DBAL configuration ([50e5509](https://github.com/ory/hydra/commit/50e550974b86b08c91c508cad0da2ed07e36c85d))
* cmd/server: Shortens long banner message ([78be474](https://github.com/ory/hydra/commit/78be4744724301e7ca34081806d8afdc57219df5)):
The original banner message was way to big and cluttered logs a lot. This patch reduces the banner's size significantly.
* Removes policy, warden and groups from this project ([3d0bf0b](https://github.com/ory/hydra/commit/3d0bf0bda5ea2bd73f9fed96e2aa7c1017638555)), closes [#807](https://github.com/ory/hydra/issues/807):
We have learned a lot over the last year in terms of how ORY Hydra is being used. Initially, we wanted to avoid the problems facing popular databases like MongoDB or others, which did not include authentication for their management APIs.
For this reason, the Warden API was born and primarily used internally and exposed via HTTP. We learned that access control policies are well received, but also add additional complexity to understanding the software. While we firmly believe that these policies implement best practices for access control in complex systems, we do understand that they add a barrier to getting started with ORY Hydra.
For this reason we are planning on moving the Warden API from this project to ORY Oathkeeper or potentially it's own server. We would add a migration path for existing policy definitions to the new service. The default docker image would combine the services in such a way, that ORY Hydra is protected. We would additionally have an (insecure) docker image without authentication which can be used for testing.
This also opens up the possibility of having more access control mechanisms than access control policies. For example, we can add ACL and RBAC and other mechanisms too.
First I think it makes good sense to move this functionality into a separate service and remove the warden calls internally completely. The reason being that not everyone wants to rely on Hydra's access control. Sometimes it's enough to use a gateway in front and require e.g. an API key for management or whatever. New adopters are always baffled by complexity involved with policies and scopes. Removing that from the core could really help. The user survey has also shown that this stuff is quite complex to grasp.
The idea is to have a separate service which is basically ladon as a HTTP API. I think it makes sense to add some functionality to resolve access tokens so it would basically be very similar to the current warden API - probably even equal. There would definitely be some backup mode where hydra's database tables and migrations are used as to make migration as easy as possible.
Then, we would ship docker images and example set ups where different configurations are shown. One of the configurations would be the current one, so basically what we have now in hydra but with the three services combined in one image.
* Add experimental detection of SQL error ([051a4b9](https://github.com/ory/hydra/commit/051a4b9a3299861de0150992f6a74423650283e8)):
Returns a human-readable error for SQL errors.
* Adds additional tests for prompt, max_age, id_token_hint ([3ef32e2](https://github.com/ory/hydra/commit/3ef32e25f2287bf1e7ea353a31fd4a45a47c4b7b))
* Adds authN session revokation on specific errors ([11d1497](https://github.com/ory/hydra/commit/11d1497acc17c2b7a7b001638a10cfd071410723)), closes [#854](https://github.com/ory/hydra/issues/854) [#855](https://github.com/ory/hydra/issues/855)
* Adds e2e tests for authorize code flow ([0a9ae28](https://github.com/ory/hydra/commit/0a9ae286c8f150c3472427902315441cf8eae5cb))
* Adds e2e tests for authorize code flow ([68e006b](https://github.com/ory/hydra/commit/68e006bef30d9e80a63da72f83bdfd26094a57d5))
* Adds endpoint flag to token introspection ([9d27d47](https://github.com/ory/hydra/commit/9d27d47258892caf8913d230f87360d55f171fef))
* Adds id_token_hint_claims to oidc_context ([0e84341](https://github.com/ory/hydra/commit/0e84341b178709fcb504a84921071e0aaeb0d706))
* Adds jwt strategy and fixes nil pointer exception ([e608739](https://github.com/ory/hydra/commit/e608739f4ad8956ff48118762a5bdef224726888))
* Adds more strategy tests ([99fd63b](https://github.com/ory/hydra/commit/99fd63b91a1f2d162fc66a7e5abc7eda5f0523df))
* Adds mutex to memory manager ([6a60c45](https://github.com/ory/hydra/commit/6a60c45f72db6d038c32bd5f08a1be840ff00dea))
* Adds new prometheus metrics and metrics endpoint ([#827](https://github.com/ory/hydra/issues/827)) ([ef94f98](https://github.com/ory/hydra/commit/ef94f98982031245573f9ffe57195f1021b0a473))
* Adds port 4445 to docker-compose example ([576ac55](https://github.com/ory/hydra/commit/576ac55404c13fcac1e94188633ac9e7c1b1e20b))
* Adds test cases for prompt parameter ([c83cb3f](https://github.com/ory/hydra/commit/c83cb3fd71cf7c75ef44aac22d0262d59a4390de))
* Adds tests for prompt and max_age handling ([82310ff](https://github.com/ory/hydra/commit/82310ff4b0280a44e93e2e7549e44b406d6ac9f7))
* Adds version endpoint ([#845](https://github.com/ory/hydra/issues/845)) ([14739b4](https://github.com/ory/hydra/commit/14739b467356e909e9ec9c904b1287ed95b2b95e))
* Adds welcome screen to token user command ([5a7c73b](https://github.com/ory/hydra/commit/5a7c73b2a45b064184ca52dbcec773fd58461f23))
* Aligns issuer URL from well known with one from id token ([f739045](https://github.com/ory/hydra/commit/f7390459daa4bba2179e1834239aae9b9eab0e85))
* Always bust auth session if remember is false ([78e2bff](https://github.com/ory/hydra/commit/78e2bff188bdc4d92ce433b69d8c1a0cc2227800)), closes [#859](https://github.com/ory/hydra/issues/859)
* Always bust auth session if remember is false ([b2725a7](https://github.com/ory/hydra/commit/b2725a7eae30e91959892ee7fd8ec087c804a927)), closes [#859](https://github.com/ory/hydra/issues/859)
* Correct docker exec wording ([cbb01d2](https://github.com/ory/hydra/commit/cbb01d282ad3c7168bbbb4632c0512a2682e0119)):
`exec` is an nsenter, not an ssh
* Declare auto-generated key as use:sig ([9d489dd](https://github.com/ory/hydra/commit/9d489dde1e1b7d0eec3716d6e541d999d9cb1223))
* Deprecates connect command and introduces configurable credentials ([0b5f466](https://github.com/ory/hydra/commit/0b5f4666d86f8460003260f68dc5e1e029c5834c)), closes [#841](https://github.com/ory/hydra/issues/841) [#840](https://github.com/ory/hydra/issues/840):
This patch deprecates the `hydra connect` command as internal
access control has been removed from ORY Hydra and this command
no longer serves any purpose.
Instead, all commands are supplied with environment variables `HYDRA_URL`,
`OAUTH2_CLIENT_ID`, `OAUTH2_CLIENT_SECRET`, `OAUTH2_ACCESS_TOKEN`.
Please check out `hydra help <command>` for usage instructions. You
should also check out the upgrade guide for more detailed upgrade instructions.
This patch also renames some flags and command names which have been
documented in the upgrade guide.
* Detect and handle max_age/prompt in consent strategy ([af2b8e4](https://github.com/ory/hydra/commit/af2b8e49923269c9f23b764ecf7156e2ed2f8e82))
* Do not fail if max_age is very low but satisfied ([127561c](https://github.com/ory/hydra/commit/127561ca4226eb8f928988a5d2c8dcc94372e4c0)), closes [#862](https://github.com/ory/hydra/issues/862)
* Formats and resolves missing test ([3db984d](https://github.com/ory/hydra/commit/3db984da7a3c8478c7effcde4ae4d05d911ed42a))
* Handle empty error as nil error in SQL helper ([6a9a0c0](https://github.com/ory/hydra/commit/6a9a0c0645d38442f27c3636012702f0cd5252a4))
* Handles auth time across login & consent flow ([3accccd](https://github.com/ory/hydra/commit/3accccdb205e702ad575faaec204a51b777c7c04)):
This patch improves the handling of auth_time and thus resolves issues with prompt & max_age handling within fosite.
* Handles consent error properly in SQL DBAL ([b1c2a39](https://github.com/ory/hydra/commit/b1c2a39bfe26ee02af876d91b26b2623d9d935df))
* Handles OAuth2 errors in token user command properly ([720adce](https://github.com/ory/hydra/commit/720adcede6bfe66b21d6f68a0e2b730672ccdb7b))
* Ignores JTI in userinfo ([f2ef5b1](https://github.com/ory/hydra/commit/f2ef5b129ff2077f427c5394e2aebf37e246ca2d))
* Implements login_hint capabilities ([ce8cc73](https://github.com/ory/hydra/commit/ce8cc73fac18ca968693e8fe934daaeb3fd9d3fa)), closes [#860](https://github.com/ory/hydra/issues/860)
* Improves API route naming ([da5026c](https://github.com/ory/hydra/commit/da5026cf094522e1b510bcdb952d62f734d1db53))
* Improves auth_time handling ([538bfb9](https://github.com/ory/hydra/commit/538bfb9fb87f8c2e0a680c9919b6c1bd44092df0))
* Improves the consent flow design ([a002e30](https://github.com/ory/hydra/commit/a002e30577d3fe2c9df2089b3e4332b183f38fc2)), closes [#771](https://github.com/ory/hydra/issues/771) [#772](https://github.com/ory/hydra/issues/772):
This patch makes significant changes to the consent flow. First,
the consent flow is being renamed to "User Login and Consent Flow"
and is split into two redirection flows, the "User Login Redirection Flow"
and the "User Consent Flow".
Conceptually, not a lot has changed but the APIs have been cleaned up
and the new flow is a huge step towards OpenID Connect Certification.
Besides easier implementation on the (previously known as) consent app,
this patch introduces a new set of features which lets ORY Hydra
detect previous logins and previously accepted consent requests. In turn,
the user does not need to login or consent on every OAuth2 Authorize Code
Flow.
This patch additionally lays the foundation for revoking tokens per
user or per user and client.
Awesome.
* Improves the token user command ([9bde521](https://github.com/ory/hydra/commit/9bde521961eb811075fcae3f73461057ddbd3a7d))
* Includes error debug message in token user command ([3f80d4e](https://github.com/ory/hydra/commit/3f80d4e89f2cf69192faab93ae50723b44ba3a00))
* Introduces client_secret_expires_at to client metadata ([#870](https://github.com/ory/hydra/issues/870)) ([56aa5d2](https://github.com/ory/hydra/commit/56aa5d267f541472958ab368143022671b65cbcc)), closes [#778](https://github.com/ory/hydra/issues/778):
This patch introduces the `client_secret_expires_at` field without any functionality but to comply with the IETF spec.
* Issues ID token in hybrid code flow ([6d126d6](https://github.com/ory/hydra/commit/6d126d66591be9c028ff91e23ce2ebdd204e4883)), closes [#875](https://github.com/ory/hydra/issues/875)
* Moves templates to .github ([ba8f4f7](https://github.com/ory/hydra/commit/ba8f4f7ac3fa3aa8991b62f4dabeefd8a72b6513))
* Properly handle id_token error response ([28d3fcd](https://github.com/ory/hydra/commit/28d3fcd4ef5bda8d7c844277ae62b859b5598278))
* Properly handle requestedAt across the login/consent flow ([fccfc4d](https://github.com/ory/hydra/commit/fccfc4da6adfa960d67bf84adb00c5bce7d93797))
* Properly handles no result errors from consent check ([12aa6c5](https://github.com/ory/hydra/commit/12aa6c59764789478d30f1ebbf4f6e059520de56))
* Properly import mysql/pg drivers ([669f134](https://github.com/ory/hydra/commit/669f1344bb2c1cf115ead09a41ae0b71cfb762cc))
* Properly initializes consent strategy ([196925f](https://github.com/ory/hydra/commit/196925ff29ac8e004c42ec693d7d82314f24bca9))
* Properly parses CORS env vars ([e494412](https://github.com/ory/hydra/commit/e49441234eabfd5f61b299ffe26c8a2808b2a977)), closes [#886](https://github.com/ory/hydra/issues/886)
* Properly uses issuer in JWT ([1940c3c](https://github.com/ory/hydra/commit/1940c3c8ff575887bd93adfc8a5e819dbf4d90c4))
* Rejects reqeuests with insufficient permissions ([7675144](https://github.com/ory/hydra/commit/76751443a1dc359c4973e7f355c982ad56f27ff1)), closes [#776](https://github.com/ory/hydra/issues/776):
Currently, authorization requests fail when a client is being granted scopes that the client is not allowed to request - after consent.
We should add an additional check that makes sure that the client isn't able to request scopes he isn't allowed to request before doing consent.
We should keep the check after consent as well to make sure he wasn't accidentally granted scopes he isn't allowed to request.
This patch resolves the addressed issue
* Rejects requests without nonce in implicit/hybrid ([39a72c0](https://github.com/ory/hydra/commit/39a72c0b842184b0590f186ec786047c06d39bdd)), closes [#867](https://github.com/ory/hydra/issues/867)
* Remove client secret from consent/login response ([acf9893](https://github.com/ory/hydra/commit/acf9893d55e805e55c1d7390f592480e83a4eff7)), closes [#878](https://github.com/ory/hydra/issues/878)
* Remove rat (requested_at) from userinfo endpoint ([d091914](https://github.com/ory/hydra/commit/d0919141f6eb4a66300b91c77b2c891bf019037b))
* Remove unused code ([bcdc278](https://github.com/ory/hydra/commit/bcdc2789640597ef64230acaba6f2c49575cc82b)):
This code was meant to be deleted in
9592a0069ed4b851cec8591038f9be5ce6d81a28 I believe.
* Remove unused named returns ([3977b94](https://github.com/ory/hydra/commit/3977b941d8c9db78712c9a6142cb29c6a07d51f5))
* Removes access control relics ([a4d2e73](https://github.com/ory/hydra/commit/a4d2e73cdd5e07c2fd3012f8b3c17a6ba6059c57))
* Removes duplicate / in .well-known ([e387aea](https://github.com/ory/hydra/commit/e387aeaca5aef82f64997486000789a1963b5837))
* Removes stale code ([c730e36](https://github.com/ory/hydra/commit/c730e364b77bea8d60082d63d5215b874465eafc))
* Removes stray fmt.Print ([#858](https://github.com/ory/hydra/issues/858)) ([a9a377c](https://github.com/ory/hydra/commit/a9a377cc23190b3b09ba51461b769d393732cfb6))
* Removes the forced `hydra.*` scope in the SDK ([8c1adc3](https://github.com/ory/hydra/commit/8c1adc3fb95fc6b0454c1296830fd19fcbfbc6b8))
* Removes the need to specify OAuth2 credentials in config ([#869](https://github.com/ory/hydra/issues/869)) ([98044aa](https://github.com/ory/hydra/commit/98044aa796e64e3b9bcc27f08188c46a26f07532))
* Removes unused code and updates go dep ([d72efbf](https://github.com/ory/hydra/commit/d72efbf577f52277bec202249cd3d30d50504e9c))
* Renames --scopes flag to --scope ([a948211](https://github.com/ory/hydra/commit/a948211298646b8557b1510e2ae54cfe62ac8362))
* Replaces internal dockertest with sqlcon ([5cbf121](https://github.com/ory/hydra/commit/5cbf12117def57aec44d03df255a275e3df0fa40))
* Requests re-permission only custom schemes are used ([929f2f0](https://github.com/ory/hydra/commit/929f2f000e1da47f77ab4517ba7ef52bae671b66)), closes [#866](https://github.com/ory/hydra/issues/866)
* Resolves broken consent detection ([a7949ed](https://github.com/ory/hydra/commit/a7949edfba95649e5cd38320ff25ae9793126654))
* Resolves broken reference in e2e test ([da4334b](https://github.com/ory/hydra/commit/da4334b92acab5237e97d1300e344e1ebe921835))
* Resolves broken SDK test ([476dff1](https://github.com/ory/hydra/commit/476dff1b421dd01c0af1a435377358bcf6c383f3))
* Resolves broken well-known test ([aa01423](https://github.com/ory/hydra/commit/aa01423521486e3593b6054bef39c0e18d145a1b))
* Resolves consent DBAL type conversion issues ([6edfe76](https://github.com/ory/hydra/commit/6edfe7648d00cac4b213cf238cc38d03398e3328))
* Resolves e2e test issues ([1a8a3b3](https://github.com/ory/hydra/commit/1a8a3b332515d240bc536ceaba2d3e2c73593de3))
* Resolves flaky MySQL tests on Circle-CI ([fcd9180](https://github.com/ory/hydra/commit/fcd9180d49cf41123c60e6bf84e02092b77129d2)), closes [#861](https://github.com/ory/hydra/issues/861)
* Resolves issue with duplicate login session id ([14aae6a](https://github.com/ory/hydra/commit/14aae6a6bdba08ec424c4af3be4fdb20456493d5))
* Resolves issues with broken tests ([526e3a7](https://github.com/ory/hydra/commit/526e3a7dbed51633f58bbd7773d21a2325f7cc09))
* Resolves issues with e2e tests ([ff15dc5](https://github.com/ory/hydra/commit/ff15dc58a86e7f5df77445101c7ad4f845b7813d))
* Resolves issues with SQL and time.Zero() ([ad2c1c5](https://github.com/ory/hydra/commit/ad2c1c5ce6b6eba09e96c3bccb29027d4995f8f6))
* Resolves mutex issues ([9376b74](https://github.com/ory/hydra/commit/9376b7489d9bf71b8e842549bfe3b9b3f98dc58b))
* Resolves test issues ([ba81fdf](https://github.com/ory/hydra/commit/ba81fdff202bb37f6b58b4f2c0b17b5662011a9f))
* Resolves timing issues in broken tests ([540ccc9](https://github.com/ory/hydra/commit/540ccc99c08704c0c749de6b61890fa284f09cc0))
* Resolves timing issues in slow tests ([246e491](https://github.com/ory/hydra/commit/246e49169a8f78d9be06522b8ff143fee9e0fd2f))
* Resolves type mixup ([7e05c26](https://github.com/ory/hydra/commit/7e05c266b6bcc5d8c687d9af1dacebf68d56e92f))
* Resolves typo in issue template ([204886c](https://github.com/ory/hydra/commit/204886cab2a12c4214276e40a488dcbbd38c7408))
* Resolves typo in issue template ([8c32d93](https://github.com/ory/hydra/commit/8c32d93fe3f0ab118d699761b0092d621f45cc01))
* Resolves various issues related to audience claims ([7afed88](https://github.com/ory/hydra/commit/7afed882d8ee2ab467cf314dcf1f35182219272b)), closes [#790](https://github.com/ory/hydra/issues/790) [#687](https://github.com/ory/hydra/issues/687):
This patch resolves issues related to the ID and Access Token audience
claim:
* Resolves various issues related to revokation ([608cc3d](https://github.com/ory/hydra/commit/608cc3dcc2d74cfd92f28304cff6d0673d3c1531)), closes [#884](https://github.com/ory/hydra/issues/884) [#693](https://github.com/ory/hydra/issues/693) [#889](https://github.com/ory/hydra/issues/889):
This patch properly tracks access and refresh tokens across requests and thus resolves several issues related to broken token revokation:
* Returns an error if skip is used together with remember ([6f8cef6](https://github.com/ory/hydra/commit/6f8cef6786088865235a895bc607d5500960a39f)):
Previously, it was possible to remember an already remembered consent/login request. This patch resolves that.
* Returns error on duplicate key in memory manager ([abe54ca](https://github.com/ory/hydra/commit/abe54ca07c6b563205bcbbe299b7826a400e33a5))
* Returns token type on introspection ([#832](https://github.com/ory/hydra/issues/832)) ([bf226dc](https://github.com/ory/hydra/commit/bf226dccd46c27fd4a4f7abb04cbd889eab691b2)):
This patch adds the ability to return the token type ("refresh_token", "access_token") upon token introspection.
* Returns token type on token introspection ([da6bb30](https://github.com/ory/hydra/commit/da6bb3009fda3ebace2caa362692472ef39b5fc3)), closes [#831](https://github.com/ory/hydra/issues/831)
* Reverts 307 change ([66304eb](https://github.com/ory/hydra/commit/66304eba388467ad88a17191c03ab076063caa2f))
* Reverts 307 change ([425b33d](https://github.com/ory/hydra/commit/425b33d2c7ef1c0097380176ff7752b29e6b03ff))
* Runs gofmt ([126f0e0](https://github.com/ory/hydra/commit/126f0e093cfdc4de90599350b6c809ebab1d5d7f))
* Runs gofmt ([a88c499](https://github.com/ory/hydra/commit/a88c49924abdc0ec2ddcfb9070e1a0d512c0fa6a))
* Separates between readiness and aliveness ([fd289c0](https://github.com/ory/hydra/commit/fd289c00325169509370018ec4beb5fb955a760e)), closes [#887](https://github.com/ory/hydra/issues/887)
* Trim left slash from userinfo endpoint ([a7edf63](https://github.com/ory/hydra/commit/a7edf63cbc92579b9b91f045fb329a2530daa30d))
* Updates auth-time to resolve timing issues ([6aff825](https://github.com/ory/hydra/commit/6aff8251ef96e9637420dd6b1362813ba973f345))
* Updates dependencies ([49b9a72](https://github.com/ory/hydra/commit/49b9a72992e743797cc78d27519b8871c2fa8ccb))
* Updates entrypoint command from host to serve ([2230ce6](https://github.com/ory/hydra/commit/2230ce6a0c96048cfd339fd7ee4f61d2ac8557dc))
* Updates fosite version to 0.19.2 ([eb0c3e6](https://github.com/ory/hydra/commit/eb0c3e6cf807c9972c1653c6033a38ff4387f9c2))
* Updates issue template ([63aec91](https://github.com/ory/hydra/commit/63aec91d0d1284eb21d98a8f0ff83bd05512fa04))
* Updates issue template ([915a20b](https://github.com/ory/hydra/commit/915a20b1e9dac612fba08806e1a3073fdbfc2838))
* Updates to fosite 0.19.x ([1942715](https://github.com/ory/hydra/commit/19427157c3012c17bd9f29a60bd0c7bd2a88299d))
* Updates to latest sqlcon version ([92e8d58](https://github.com/ory/hydra/commit/92e8d580af7ab02e6d48597440f220306409a7bf))
* Upgrades fosite dependency ([5fccb80](https://github.com/ory/hydra/commit/5fccb80d6508e5cecb14261e4df9e3427147b74e))
* Upgrades fosite dependency to 0.20.2 ([7acd9bf](https://github.com/ory/hydra/commit/7acd9bf50f6b6b6f28f303528e7edf908c4afa31))
* Use 307 instead of 302 to redirect ([2b43ce3](https://github.com/ory/hydra/commit/2b43ce320ae77f1e8d3c7b0ba3df8e5f54e0323f))
* Use 307 instead of 302 to redirect ([f4962c6](https://github.com/ory/hydra/commit/f4962c6625752f054e7f0dcb6aff991d4d7a8bc9))
* Use existing alpha-lower sequence ([93fb772](https://github.com/ory/hydra/commit/93fb7723a3b28401b5fb6ddd470ec7af372df2a0))
# [0.11.10](https://github.com/ory/hydra/compare/v0.11.9...v0.11.10) (2018-03-19)
pkg: remove unused code
This code was meant to be deleted in
9592a0069ed4b851cec8591038f9be5ce6d81a28 I believe.
Signed-off-by: Euan Kemp <euank@euank.com>
### Documentation
* Adds "Edit on GitHub" link to each document in guide ([ec6f000](https://github.com/ory/hydra/commit/ec6f000f34c1b8fd432ae64bb6b1e79ca8c8a32c))
* Adds automatic summary and toc generation ([#785](https://github.com/ory/hydra/issues/785)) ([02c878c](https://github.com/ory/hydra/commit/02c878c2de419703f641372bccc19fdde44a320b))
* Adds redirects for broken guide links ([#798](https://github.com/ory/hydra/issues/798)) ([fade6a3](https://github.com/ory/hydra/commit/fade6a3173aa06ee022fc56108d964a2140db4f7))
* Changes readme title" ([122f7d1](https://github.com/ory/hydra/commit/122f7d11a13c3a15b0db127f73c62b69c6769dc2))
* Clean up swagger specification ([2ad0a96](https://github.com/ory/hydra/commit/2ad0a96503531ff16c10d174454b37d49d30c8b4))
* Experiments with domain redirect ([2604b99](https://github.com/ory/hydra/commit/2604b99f6c936b1d54a6f5957e672f12758c4461))
* Fixes dead link to example policy ([#767](https://github.com/ory/hydra/issues/767)) ([4f3148e](https://github.com/ory/hydra/commit/4f3148ecd9d865accd13f4f1de04865c70a58d7b)):
The policy linked to as an example has since been removed. Just point to
a different policy instead.
* Fixes redirect path ([d05c97b](https://github.com/ory/hydra/commit/d05c97b05b9742d75b101820502dd35c7a33e07c))
* Forwards docs to website ([560441d](https://github.com/ory/hydra/commit/560441d0420ee1a2e37cb98d16731e30db56b5cf))
* Improves API docs ([5a2e4df](https://github.com/ory/hydra/commit/5a2e4dfcfd136a1c5724255bd14bcf620bff14d4))
* Incorporates changes from version v0.11.4 ([6bf7e80](https://github.com/ory/hydra/commit/6bf7e800d45b68af7bfc050c8de97fdf492b116f))
* Lowercase source files and dirs ([6a56630](https://github.com/ory/hydra/commit/6a56630bbdaa492c86f386baa10ed3dcd5e1e7f6))
* Moves documentation to new repository. ([#800](https://github.com/ory/hydra/issues/800)) ([12a9c5c](https://github.com/ory/hydra/commit/12a9c5c029080198024fff98d73b531f734a6ac2))
* Removes apiary how-to ([6cbfa58](https://github.com/ory/hydra/commit/6cbfa58c6552f77ef4acd1cb949fbda6e5a69189))
* Removes summary plugin ([857d85f](https://github.com/ory/hydra/commit/857d85f250d202763ff987ab3efabf7e66d1fc7f))
* Resolves broken discord link ([8c445bc](https://github.com/ory/hydra/commit/8c445bc3f3d394d3670c716d7a736ebbaab3f3fc))
* Resolves broken header image link ([2820efc](https://github.com/ory/hydra/commit/2820efc1ae9662dfb1f3c74bb8aed258c13008aa))
* Resolves broken images and build ([#801](https://github.com/ory/hydra/issues/801)) ([4f6d2af](https://github.com/ory/hydra/commit/4f6d2af76fee775f39b23d68e0e40862117b18f0))
* Resolves broken links in docs ([b2698f1](https://github.com/ory/hydra/commit/b2698f173be00956f44ebfbb687b4c9127d094cc))
* Resolves broken redirects ([340cea7](https://github.com/ory/hydra/commit/340cea76796a0c3a784f5cf930630d77ab22a48a))
* Resolves broken swagger definitions ([#812](https://github.com/ory/hydra/issues/812)) ([4125eab](https://github.com/ory/hydra/commit/4125eabb96cae588eeb8336c21a48b93b6e9a0b3))
* Resolves issues with book.json ([5ac721b](https://github.com/ory/hydra/commit/5ac721b0a153e45681aaaf14886ece6726ad3a14))
* Resolves issues with broken images and docs publish task ([39ea6c3](https://github.com/ory/hydra/commit/39ea6c375e3e47222ed95477f504436821977e91))
* Resolves uppercase readme redirects ([7e3dd70](https://github.com/ory/hydra/commit/7e3dd709cbb0f1c6ecc68d58de8b36f6638382b8))
* Updates banner in README ([#808](https://github.com/ory/hydra/issues/808)) ([605998f](https://github.com/ory/hydra/commit/605998f7747c9d98b218f83b3362f1fc01e793c9))
* Updates chat badge to discord ([5261ae1](https://github.com/ory/hydra/commit/5261ae1e5c3e322a94d5f8443f25b63f659edcba))
* Updates JSON Swagger specification ([1e1c1c1](https://github.com/ory/hydra/commit/1e1c1c138fe971b167b2c89594c89510a07281d1))
* Updates outdated links in README ([1ceaae2](https://github.com/ory/hydra/commit/1ceaae2b0e1c29ec12b46b4b0fe36eed4f11e23c)), closes [#788](https://github.com/ory/hydra/issues/788):
The new website introduced a new link structure which broke links in the README. This patch resolves that.
* Updates readme, contribution guide, and templates ([#806](https://github.com/ory/hydra/issues/806)) ([c12c629](https://github.com/ory/hydra/commit/c12c62935f0df4456c590e157d27c2f775f9acee))
* Updates recovering root access section to SQL ([9c923b6](https://github.com/ory/hydra/commit/9c923b63668b2c3f83553111a58c6eab1b04e85b)), closes [#756](https://github.com/ory/hydra/issues/756)
* Updates summary ([4bcc8ed](https://github.com/ory/hydra/commit/4bcc8ede3f52d1314552867c30743b25a9e6362a))
* Updates various sections in README ([f1ca802](https://github.com/ory/hydra/commit/f1ca802f5b48dbb62d16f5765257d850267a9312))
* Upgrades install guide to v0.11.6 ([764282c](https://github.com/ory/hydra/commit/764282c2345554678cefed005cf117c6ef765ff8))
### Unclassified
* Updates license to 2018 ([fd0f06f](https://github.com/ory/hydra/commit/fd0f06f7e1d468357d253e63449dd3535636e1c4))
* Adds ability to flush old access tokens ([ed0aa28](https://github.com/ory/hydra/commit/ed0aa28c58a122c871da3c7a5bdee32196a662c4)), closes [#738](https://github.com/ory/hydra/issues/738):
Previously, no way of removing old access tokens from the database.
This patch adds a new endpoint (`POST /oauth2/flush`) capable of
flushing old / stale access tokens.
Additionally, `hydra token flush` was added which is the CLI command
for flushing tokens using the api.
* Adds newsletter sign up capabilities to CLI commands ([#759](https://github.com/ory/hydra/issues/759)) ([049f581](https://github.com/ory/hydra/commit/049f581d5bc126cb355ca95ad39ab3faf9730e10))
* Adds OpenID Connect refresh handler ([#797](https://github.com/ory/hydra/issues/797)) ([84ddafe](https://github.com/ory/hydra/commit/84ddafe52cdb85e683558bd036e0935e5b2c693d)), closes [#794](https://github.com/ory/hydra/issues/794):
Previously, it was impossible to refresh OpenID Connect ID Tokens. This is now possible as the factory has been added to the oauth2 factory in the host process.
* Adds support for PKCE (IETF RFC7636) ([343e216](https://github.com/ory/hydra/commit/343e216b6938cde0a8e611b872ffa81f3f92bc60)), closes [#744](https://github.com/ory/hydra/issues/744):
This patch adds support for PKCE which is especially useful for
native mobile apps.
Spec: https://tools.ietf.org/html/rfc7636
* Allows anonymous users access to ./well-known/jwks.json ([f867fd9](https://github.com/ory/hydra/commit/f867fd99268bb3a7ca9f19b7ad58d15659215f85)), closes [#761](https://github.com/ory/hydra/issues/761):
The ./well-known/jwks.json endpoint contains important, publicly accessible
keys for validating signatures such as the OpenID Connect ID Token signature.
Currently, this endpoint shows the public key for validating ID Tokens
only. As this key is public, a policy was added which allows any user
(including anonymous ones) to access this specific key.
Thus, administrators no longer need to add a policy to allow access to
this endpoint on a fresh installation. It is still possible to change
this behaviour by removing the policy
("hydra policies delete default-oidc-id-token-public-policy") or
replacing it.
This change affects new installations only.
* Correct docker exec wording ([bda2c6c](https://github.com/ory/hydra/commit/bda2c6c28c53d558894d1fd67e81c778b9ca2196)):
`exec` is an nsenter, not an ssh
* Forces JWK to have a unique ID ([acd0107](https://github.com/ory/hydra/commit/acd010726b5fc6367f317ff8b0cad3fbd036747c)), closes [#589](https://github.com/ory/hydra/issues/589):
Previously, JSON Web Keys did not have to specify a unique id. JWKs
generated by ORY Hydra typically only used `public` or `private`
as KeyID. This patch changes that and appends a unique id if no
KeyID was given. To be able to separate between public and private key
pairs in resource name, the public/private convention was kept.
This change targets specifically the OpenID Connect ID Token and HTTP
TLS keys. The ID Token key was previously "hydra.openid.id-token:public"
and "hydra.openid.id-token:private" which now changed to something like
"hydra.openid.id-token:public:9a458aa3-65a0-4982-835f-343eec45183c" and
"hydra.openid.id-token:private:fa353995-d77d-420a-b967-63bf0721271b"
with the UUID part being random for every installation.
This change will help greatly with key rotation in the future.
* Forces UTC in consent strategy ([#775](https://github.com/ory/hydra/issues/775)) ([7c4fd7d](https://github.com/ory/hydra/commit/7c4fd7d1c15a1c38720481be6a4f38fd5f4708e3)), closes [#679](https://github.com/ory/hydra/issues/679):
This resolves an issue when different timezones are used between systems
by enforcing UTC everywhere.
* Generate php sdk and point php autoloader to lib folder ([#736](https://github.com/ory/hydra/issues/736)) ([f84eb65](https://github.com/ory/hydra/commit/f84eb6586800a1d6497ec7892ca81529300f4c70))
* Improves naming of traits ([85e26a0](https://github.com/ory/hydra/commit/85e26a055b3f3be12bff1743cf16055ad530c450)), closes [#802](https://github.com/ory/hydra/issues/802)
* Introduces pagination to client management ([#774](https://github.com/ory/hydra/issues/774)) ([02b3708](https://github.com/ory/hydra/commit/02b37086fadc2bf8478d433a45c6c4391d9bcf13)), closes [#739](https://github.com/ory/hydra/issues/739):
Previously, all clients were returned by `GET /clients`. To mitigate
DoS attacks against large databases, pagination has been introduced.
* Parallelizes database instantiation in tests ([8e894bc](https://github.com/ory/hydra/commit/8e894bc0444042bda2398661d2d04536a0feac2c))
* Parallelizes database instantiation in tests ([a0d6a0d](https://github.com/ory/hydra/commit/a0d6a0d2afba05de529f49473c029724381d25ce))
* Persists config file right before starting the server ([7fb51e5](https://github.com/ory/hydra/commit/7fb51e594304a96cdfcb31f02af1d123ad88eb70)):
Tests would fail because the config file is polled in order to check
if the server is already started or not. Moving the persist command
right before starting the server resolves issues with racy tests.
* Remove unused code ([c97e764](https://github.com/ory/hydra/commit/c97e7649e188c042bc978d34b2ab469b39222b43)):
This code was meant to be deleted in
9592a0069ed4b851cec8591038f9be5ce6d81a28 I believe.
* Remove unused named returns ([8bba5a0](https://github.com/ory/hydra/commit/8bba5a007b463e8bb005720fc4cfef6b22a243c8))
* Resolves an issue with broken build time display ([#799](https://github.com/ory/hydra/issues/799)) ([5c847ea](https://github.com/ory/hydra/commit/5c847eac6bbf4c15b562c80a0bde8eb6260b0a9f)), closes [#792](https://github.com/ory/hydra/issues/792):
Previously, the build time was always the current time. This patch
resolves that issue.
* Resolves broken JWK cast tests ([5740f32](https://github.com/ory/hydra/commit/5740f32bc82d1af373be561d2a577277cdd99791))
* Resolves broken sql schema test ([1b76f4b](https://github.com/ory/hydra/commit/1b76f4b898d4c3ce4a8fc26b967de763c77d5b61))
* Resolves composer license complaint ([#763](https://github.com/ory/hydra/issues/763)) ([6f9f906](https://github.com/ory/hydra/commit/6f9f90608db9376efa966271af1f8c4aaf31325e)):
Composer complained because an unknown license was used "Apache 2.0" instead of "Apache-2.0". This patch resolves that.
* Resolves possible session fixation attack ([1e80a1d](https://github.com/ory/hydra/commit/1e80a1d72ecc5db024f77eb91cf70e55ded41a5d)):
This patch resolves a vulnerability in the consent flow. This vulnerability
affects versions 0.10.0 ~ 0.11.5 only. Versions < 0.10.0 are not affected.
The vulnerability can be exploited as follows:
1. Malice initiates an OAuth 2.0 Authorization Code Flow:
https://hydra/oauth2/auth?client=...
2. Hydra redirects malice to the consent app and appends consent
id "example-id": https://consent-app/?consent=example-id
3. Malice convinces Bob to open url https://consent-app/?consent=example-id
and authorize the access request.
4. The consent app would redirect Bob back to
`https://hydra/oauth2/auth?client=...&consent=example-id`. However,
through some means, Malice is able to prevent redirection of Bob's
user agent.
5. Malice accesses the original auth code url and appends the consent id:
`https://hydra/oauth2/auth?client=...&consent=example-id`
6. As the consent request is granted but not claimed, and because Malice's
user agent contains the valid CSRF token, Malice receives an authorize
code that is meant to be issued to Bob.
7. Malice can now act on Bob's behalf.
For this attack to work, the following preconditions must be met:
1. Malice must be able to convince Bob to access the forged consent url.
2. Malice must be able to convince Bob to grant the forged consent request.
3. Malice must be able to prevent the consent app's redirect after
successful consent request acceptance.
4. Malice must be able to perform this attack within the expiry (10 minutes)
of the consent request.
For these reasons, an exploit for this vulnerability is not likely,
but possible.
This patch closes the described vulnerability by requiring a
`consent_csrf` value additional to the `consent` value in the query
parameters of the authorization url. Without that value, the authorization
code flow will not be successful. The `consent_csrf` is transmitted out-of-band
to the consent app and not accessible to Malice. Let's revisit the example
from above:
1. Malice initiates an OAuth 2.0 Authorization Code Flow:
https://hydra/oauth2/auth?client=...
- Hydra creates the consent request id and an additional CSRF token
which is stored in the database and the encrypted cookie. Malice
is not able to see the CSRF token.
2. Hydra redirects malice to the consent app and appends consent
id "example-id": https://consent-app/?consent=example-id
3. Malice convinces Bob to open url https://consent-app/?consent=example-id
and authorize the access request.
4. The consent app would redirect Bob back to
`https://hydra/oauth2/auth?client=...&consent=example-id&consent_csrf=csrf_token`.
The redirection URL is only accessible to the consent app and Bob's user agent.
However, through some means, Malice is able to prevent redirection of Bob's
user agent.
5. Malices does not know the value for `consent_csrf`, accessing
`https://hydra/oauth2/auth?client=...&consent=example-id` without
setting `consent_csrf` causes the request to fail and the consent to
be revoked.
This patch does not introduce breaking changes. Upgrading to the version
which contains this patch does not require any code changes or deployment
changes.
* Skips parallelization when not using docker ([57d0b12](https://github.com/ory/hydra/commit/57d0b12b0dfbc9c3f75ff0643d9b373ba1b99951)):
Previously, databases connected in parallel even when dockertest was
skipped - typically in CI environments. This caused issues on those
environments. This patch resolves that.
* Stops creating client when secret is too short ([#764](https://github.com/ory/hydra/issues/764)) ([f818f85](https://github.com/ory/hydra/commit/f818f857c2015290df5a6ec34c33e8dbee7caedd)), closes [#725](https://github.com/ory/hydra/issues/725):
Previously, clients were created despite an error which said that the secret was too short. This patch changes that and improves error output in the CLI as well for this command.
* Strips client secret from output when client is public ([#765](https://github.com/ory/hydra/issues/765)) ([439267b](https://github.com/ory/hydra/commit/439267b0e480a888a6e0e0058b24f54f358b1841)), closes [#737](https://github.com/ory/hydra/issues/737):
Previously a newly created public client had a secret send with the initial response and this secret was displayed in the CLI.
Now it is clear that there is no secret needed for public clients. It is not displayed in the CLI anymore.
* Updates license headers ([#793](https://github.com/ory/hydra/issues/793)) ([366ed57](https://github.com/ory/hydra/commit/366ed57d9c39d7601a40b5545f91361e6a2b9f5a))
* Updates text for newsletter signup ([#780](https://github.com/ory/hydra/issues/780)) ([459703f](https://github.com/ory/hydra/commit/459703f9ff39779b4547a5f86e204da32dc63731)):
Before newsletter text did not seem to make clear that it is just for security information.
* Use existing alpha-lower sequence ([343cb09](https://github.com/ory/hydra/commit/343cb096a713e0dc62cee9ae05f4261d68f58a03))
# [0.11.12](https://github.com/ory/hydra/compare/v0.11.10...v0.11.12) (2018-04-08)
oauth2: Resolves failing SQL store test cases
### Documentation
* Incorporates changes from version v0.11.4 ([99d954b](https://github.com/ory/hydra/commit/99d954bfa1f4af3365cdf69dea24ba190c10da4c))
### Unclassified
* Use packagist to get hydra sdk ([383b267](https://github.com/ory/hydra/commit/383b267646a1a0fbce3d83d10396f59cdfa7900e))
* Generate php sdk and point php autoloader to lib folder ([e2f8756](https://github.com/ory/hydra/commit/e2f875697363f3dba3d57c5ae8817cce3fd7b556)):
Add docs/sdk/php.md
* Resolves client secrets from potentially leaking to the database in cleartext ([#820](https://github.com/ory/hydra/issues/820)) ([848d479](https://github.com/ory/hydra/commit/848d4799dfc176972dd638dd9f241858224b6c27)):
This release resolves a security issue (reported by [platform.sh](https://www.platform.sh)) related to the fosite storage implementation in this project. Fosite used to pass all of the request body from both authorize and token endpoints to the storage adapters. As some of these values are needed in consecutive requests, the storage adapter of this project chose to drop all of the key/value pairs to the database in plaintext.
This implied that confidential parameters, such as the `client_secret` which can be passed in the request body since fosite version 0.15.0, were stored as key/value pairs in plaintext in the database. While most client secrets are generated programmatically (as opposed to set by the user) and most popular OAuth2 providers choose to store the secret in plaintext for later retrieval, we see it as a considerable security issue nonetheless.
The issue has been resolved by sanitizing the request body and only including those values truly required by their respective handlers. This also implies that typos (eg `client_secet`) won't "leak" to the database.
There are no special upgrade paths required for this version.
This issue does not apply to you if you do not use an SQL backend. If you do upgrade to this version, you need to run `hydra migrate sql path://to.your/database`.
If your users use POST body client authentication, it might
be a good move to remove old data. There are multiple ways of doing that. **Back up your data before you do this**:
1. **Radical solution:** Drop all rows from tables `hydra_oauth2_refresh`, `hydra_oauth2_access`, `hydra_oauth2_oidc`,
`hydra_oauth2_code`. This implies that all your users have to re-authorize.
2. **Sensitive solution:** Replace all values in column `form_data` in tables `hydra_oauth2_refresh`, `hydra_oauth2_access` with
an empty string. This will keep all authorization sessions alive. Tables `hydra_oauth2_oidc` and `hydra_oauth2_code`
do not contain sensitive information, unless your users accidentally sent the client_secret to the `/oauth2/auth` endpoint.
We would like to thank [platform.sh](https://www.platform.sh) for sponsoring the development of a patch that resolves this issue.
* Resolves failing SQL store test cases ([f6ddee8](https://github.com/ory/hydra/commit/f6ddee8f9a2d65dfa6c02adc402c1a61fa03d4a0))
* Resolves issue with godep, fosite memory store ([6ab7260](https://github.com/ory/hydra/commit/6ab7260f05d4e6c7fb80850f7d4cb6dafebcf1f6)):
This issue solves a broken update with godep and properly includes
the 0.17.0 fosite patch.
* Uses UTC timecodes everywhere ([45eabc2](https://github.com/ory/hydra/commit/45eabc2bcf961b0faba5de432ed314e236702ae8))
# [0.11.9](https://github.com/ory/hydra/compare/v0.11.7...v0.11.9) (2018-03-10)
metrics: Improves naming of traits (#803)
Closes #802
### Unclassified
* Improves naming of traits ([#803](https://github.com/ory/hydra/issues/803)) ([dd06073](https://github.com/ory/hydra/commit/dd060731cab21d2d449f4c55c0c0f5f9b699337e)), closes [#802](https://github.com/ory/hydra/issues/802)
# [0.11.7](https://github.com/ory/hydra/compare/v0.11.6...v0.11.7) (2018-03-03)
cmd: Adds OpenID Connect refresh handler
Previously, it was impossible to refresh OpenID Connect ID Tokens. This is now possible as the factory has been added to the oauth2 factory in the host process.
Closes #794
### Unclassified
* Adds OpenID Connect refresh handler ([7594eb4](https://github.com/ory/hydra/commit/7594eb453970403e4b33d024ad9217e670cde537)), closes [#794](https://github.com/ory/hydra/issues/794):
Previously, it was impossible to refresh OpenID Connect ID Tokens. This is now possible as the factory has been added to the oauth2 factory in the host process.
# [0.11.6](https://github.com/ory/hydra/compare/v0.11.4...v0.11.6) (2018-02-07)
oauth2: Resolves possible session fixation attack
This patch resolves a vulnerability in the consent flow. This vulnerability
affects versions 0.10.0 ~ 0.11.5 only. Versions < 0.10.0 are not affected.
The vulnerability can be exploited as follows:
1. Malice initiates an OAuth 2.0 Authorization Code Flow:
https://hydra/oauth2/auth?client=...
2. Hydra redirects malice to the consent app and appends consent
id "example-id": https://consent-app/?consent=example-id
3. Malice convinces Bob to open url https://consent-app/?consent=example-id
and authorize the access request.
4. The consent app would redirect Bob back to
`https://hydra/oauth2/auth?client=...&consent=example-id`. However,
through some means, Malice is able to prevent redirection of Bob's
user agent.
5. Malice accesses the original auth code url and appends the consent id:
`https://hydra/oauth2/auth?client=...&consent=example-id`
6. As the consent request is granted but not claimed, and because Malice's
user agent contains the valid CSRF token, Malice receives an authorize
code that is meant to be issued to Bob.
7. Malice can now act on Bob's behalf.
For this attack to work, the following preconditions must be met:
1. Malice must be able to convince Bob to access the forged consent url.
2. Malice must be able to convince Bob to grant the forged consent request.
3. Malice must be able to prevent the consent app's redirect after
successful consent request acceptance.
4. Malice must be able to perform this attack within the expiry (10 minutes)
of the consent request.
For these reasons, an exploit for this vulnerability is not likely,
but possible.
This patch closes the described vulnerability by requiring a
`consent_csrf` value additional to the `consent` value in the query
parameters of the authorization url. Without that value, the authorization
code flow will not be successful. The `consent_csrf` is transmitted out-of-band
to the consent app and not accessible to Malice. Let's revisit the example
from above:
1. Malice initiates an OAuth 2.0 Authorization Code Flow:
https://hydra/oauth2/auth?client=...
- Hydra creates the consent request id and an additional CSRF token
which is stored in the database and the encrypted cookie. Malice
is not able to see the CSRF token.
2. Hydra redirects malice to the consent app and appends consent
id "example-id": https://consent-app/?consent=example-id
3. Malice convinces Bob to open url https://consent-app/?consent=example-id
and authorize the access request.
4. The consent app would redirect Bob back to
`https://hydra/oauth2/auth?client=...&consent=example-id&consent_csrf=csrf_token`.
The redirection URL is only accessible to the consent app and Bob's user agent.
However, through some means, Malice is able to prevent redirection of Bob's
user agent.
5. Malices does not know the value for `consent_csrf`, accessing
`https://hydra/oauth2/auth?client=...&consent=example-id` without
setting `consent_csrf` causes the request to fail and the consent to
be revoked.
This patch does not introduce breaking changes. Upgrading to the version
which contains this patch does not require any code changes or deployment
changes.
### Unclassified
* Resolves possible session fixation attack ([69cc450](https://github.com/ory/hydra/commit/69cc450f3d0079f2e991d89bfdf9efc6260a48d9)):
This patch resolves a vulnerability in the consent flow. This vulnerability
affects versions 0.10.0 ~ 0.11.5 only. Versions < 0.10.0 are not affected.
The vulnerability can be exploited as follows:
1. Malice initiates an OAuth 2.0 Authorization Code Flow:
https://hydra/oauth2/auth?client=...
2. Hydra redirects malice to the consent app and appends consent
id "example-id": https://consent-app/?consent=example-id
3. Malice convinces Bob to open url https://consent-app/?consent=example-id
and authorize the access request.
4. The consent app would redirect Bob back to
`https://hydra/oauth2/auth?client=...&consent=example-id`. However,
through some means, Malice is able to prevent redirection of Bob's
user agent.
5. Malice accesses the original auth code url and appends the consent id:
`https://hydra/oauth2/auth?client=...&consent=example-id`
6. As the consent request is granted but not claimed, and because Malice's
user agent contains the valid CSRF token, Malice receives an authorize
code that is meant to be issued to Bob.
7. Malice can now act on Bob's behalf.
For this attack to work, the following preconditions must be met:
1. Malice must be able to convince Bob to access the forged consent url.
2. Malice must be able to convince Bob to grant the forged consent request.
3. Malice must be able to prevent the consent app's redirect after
successful consent request acceptance.
4. Malice must be able to perform this attack within the expiry (10 minutes)
of the consent request.
For these reasons, an exploit for this vulnerability is not likely,
but possible.
This patch closes the described vulnerability by requiring a
`consent_csrf` value additional to the `consent` value in the query
parameters of the authorization url. Without that value, the authorization
code flow will not be successful. The `consent_csrf` is transmitted out-of-band
to the consent app and not accessible to Malice. Let's revisit the example
from above:
1. Malice initiates an OAuth 2.0 Authorization Code Flow:
https://hydra/oauth2/auth?client=...
- Hydra creates the consent request id and an additional CSRF token
which is stored in the database and the encrypted cookie. Malice
is not able to see the CSRF token.
2. Hydra redirects malice to the consent app and appends consent
id "example-id": https://consent-app/?consent=example-id
3. Malice convinces Bob to open url https://consent-app/?consent=example-id
and authorize the access request.
4. The consent app would redirect Bob back to
`https://hydra/oauth2/auth?client=...&consent=example-id&consent_csrf=csrf_token`.
The redirection URL is only accessible to the consent app and Bob's user agent.
However, through some means, Malice is able to prevent redirection of Bob's
user agent.
5. Malices does not know the value for `consent_csrf`, accessing
`https://hydra/oauth2/auth?client=...&consent=example-id` without
setting `consent_csrf` causes the request to fail and the consent to
be revoked.
This patch does not introduce breaking changes. Upgrading to the version
which contains this patch does not require any code changes or deployment
changes.
# [0.11.10](https://github.com/ory/hydra/compare/v0.11.9...v0.11.10) (2018-03-19)
pkg: remove unused code
This code was meant to be deleted in
9592a0069ed4b851cec8591038f9be5ce6d81a28 I believe.
Signed-off-by: Euan Kemp <euank@euank.com>
### Documentation
* Adds "Edit on GitHub" link to each document in guide ([ec6f000](https://github.com/ory/hydra/commit/ec6f000f34c1b8fd432ae64bb6b1e79ca8c8a32c))
* Adds automatic summary and toc generation ([#785](https://github.com/ory/hydra/issues/785)) ([02c878c](https://github.com/ory/hydra/commit/02c878c2de419703f641372bccc19fdde44a320b))
* Adds redirects for broken guide links ([#798](https://github.com/ory/hydra/issues/798)) ([fade6a3](https://github.com/ory/hydra/commit/fade6a3173aa06ee022fc56108d964a2140db4f7))
* Changes readme title" ([122f7d1](https://github.com/ory/hydra/commit/122f7d11a13c3a15b0db127f73c62b69c6769dc2))
* Clean up swagger specification ([2ad0a96](https://github.com/ory/hydra/commit/2ad0a96503531ff16c10d174454b37d49d30c8b4))
* Experiments with domain redirect ([2604b99](https://github.com/ory/hydra/commit/2604b99f6c936b1d54a6f5957e672f12758c4461))
* Fixes dead link to example policy ([#767](https://github.com/ory/hydra/issues/767)) ([4f3148e](https://github.com/ory/hydra/commit/4f3148ecd9d865accd13f4f1de04865c70a58d7b)):
The policy linked to as an example has since been removed. Just point to
a different policy instead.
* Fixes redirect path ([d05c97b](https://github.com/ory/hydra/commit/d05c97b05b9742d75b101820502dd35c7a33e07c))
* Forwards docs to website ([560441d](https://github.com/ory/hydra/commit/560441d0420ee1a2e37cb98d16731e30db56b5cf))
* Improves API docs ([5a2e4df](https://github.com/ory/hydra/commit/5a2e4dfcfd136a1c5724255bd14bcf620bff14d4))
* Incorporates changes from version v0.11.4 ([6bf7e80](https://github.com/ory/hydra/commit/6bf7e800d45b68af7bfc050c8de97fdf492b116f))
* Lowercase source files and dirs ([6a56630](https://github.com/ory/hydra/commit/6a56630bbdaa492c86f386baa10ed3dcd5e1e7f6))
* Moves documentation to new repository. ([#800](https://github.com/ory/hydra/issues/800)) ([12a9c5c](https://github.com/ory/hydra/commit/12a9c5c029080198024fff98d73b531f734a6ac2))
* Removes apiary how-to ([6cbfa58](https://github.com/ory/hydra/commit/6cbfa58c6552f77ef4acd1cb949fbda6e5a69189))
* Removes summary plugin ([857d85f](https://github.com/ory/hydra/commit/857d85f250d202763ff987ab3efabf7e66d1fc7f))
* Resolves broken discord link ([8c445bc](https://github.com/ory/hydra/commit/8c445bc3f3d394d3670c716d7a736ebbaab3f3fc))
* Resolves broken header image link ([2820efc](https://github.com/ory/hydra/commit/2820efc1ae9662dfb1f3c74bb8aed258c13008aa))
* Resolves broken images and build ([#801](https://github.com/ory/hydra/issues/801)) ([4f6d2af](https://github.com/ory/hydra/commit/4f6d2af76fee775f39b23d68e0e40862117b18f0))
* Resolves broken links in docs ([b2698f1](https://github.com/ory/hydra/commit/b2698f173be00956f44ebfbb687b4c9127d094cc))
* Resolves broken redirects ([340cea7](https://github.com/ory/hydra/commit/340cea76796a0c3a784f5cf930630d77ab22a48a))
* Resolves broken swagger definitions ([#812](https://github.com/ory/hydra/issues/812)) ([4125eab](https://github.com/ory/hydra/commit/4125eabb96cae588eeb8336c21a48b93b6e9a0b3))
* Resolves issues with book.json ([5ac721b](https://github.com/ory/hydra/commit/5ac721b0a153e45681aaaf14886ece6726ad3a14))
* Resolves issues with broken images and docs publish task ([39ea6c3](https://github.com/ory/hydra/commit/39ea6c375e3e47222ed95477f504436821977e91))
* Resolves uppercase readme redirects ([7e3dd70](https://github.com/ory/hydra/commit/7e3dd709cbb0f1c6ecc68d58de8b36f6638382b8))
* Updates banner in README ([#808](https://github.com/ory/hydra/issues/808)) ([605998f](https://github.com/ory/hydra/commit/605998f7747c9d98b218f83b3362f1fc01e793c9))
* Updates chat badge to discord ([5261ae1](https://github.com/ory/hydra/commit/5261ae1e5c3e322a94d5f8443f25b63f659edcba))
* Updates JSON Swagger specification ([1e1c1c1](https://github.com/ory/hydra/commit/1e1c1c138fe971b167b2c89594c89510a07281d1))
* Updates outdated links in README ([1ceaae2](https://github.com/ory/hydra/commit/1ceaae2b0e1c29ec12b46b4b0fe36eed4f11e23c)), closes [#788](https://github.com/ory/hydra/issues/788):
The new website introduced a new link structure which broke links in the README. This patch resolves that.
* Updates readme, contribution guide, and templates ([#806](https://github.com/ory/hydra/issues/806)) ([c12c629](https://github.com/ory/hydra/commit/c12c62935f0df4456c590e157d27c2f775f9acee))
* Updates recovering root access section to SQL ([9c923b6](https://github.com/ory/hydra/commit/9c923b63668b2c3f83553111a58c6eab1b04e85b)), closes [#756](https://github.com/ory/hydra/issues/756)
* Updates summary ([4bcc8ed](https://github.com/ory/hydra/commit/4bcc8ede3f52d1314552867c30743b25a9e6362a))
* Updates various sections in README ([f1ca802](https://github.com/ory/hydra/commit/f1ca802f5b48dbb62d16f5765257d850267a9312))
* Upgrades install guide to v0.11.6 ([764282c](https://github.com/ory/hydra/commit/764282c2345554678cefed005cf117c6ef765ff8))
### Unclassified
* Updates license to 2018 ([fd0f06f](https://github.com/ory/hydra/commit/fd0f06f7e1d468357d253e63449dd3535636e1c4))
* Adds ability to flush old access tokens ([ed0aa28](https://github.com/ory/hydra/commit/ed0aa28c58a122c871da3c7a5bdee32196a662c4)), closes [#738](https://github.com/ory/hydra/issues/738):
Previously, no way of removing old access tokens from the database.
This patch adds a new endpoint (`POST /oauth2/flush`) capable of
flushing old / stale access tokens.
Additionally, `hydra token flush` was added which is the CLI command
for flushing tokens using the api.
* Adds newsletter sign up capabilities to CLI commands ([#759](https://github.com/ory/hydra/issues/759)) ([049f581](https://github.com/ory/hydra/commit/049f581d5bc126cb355ca95ad39ab3faf9730e10))
* Adds OpenID Connect refresh handler ([#797](https://github.com/ory/hydra/issues/797)) ([84ddafe](https://github.com/ory/hydra/commit/84ddafe52cdb85e683558bd036e0935e5b2c693d)), closes [#794](https://github.com/ory/hydra/issues/794):
Previously, it was impossible to refresh OpenID Connect ID Tokens. This is now possible as the factory has been added to the oauth2 factory in the host process.
* Adds support for PKCE (IETF RFC7636) ([343e216](https://github.com/ory/hydra/commit/343e216b6938cde0a8e611b872ffa81f3f92bc60)), closes [#744](https://github.com/ory/hydra/issues/744):
This patch adds support for PKCE which is especially useful for
native mobile apps.
Spec: https://tools.ietf.org/html/rfc7636
* Allows anonymous users access to ./well-known/jwks.json ([f867fd9](https://github.com/ory/hydra/commit/f867fd99268bb3a7ca9f19b7ad58d15659215f85)), closes [#761](https://github.com/ory/hydra/issues/761):
The ./well-known/jwks.json endpoint contains important, publicly accessible
keys for validating signatures such as the OpenID Connect ID Token signature.
Currently, this endpoint shows the public key for validating ID Tokens
only. As this key is public, a policy was added which allows any user
(including anonymous ones) to access this specific key.
Thus, administrators no longer need to add a policy to allow access to
this endpoint on a fresh installation. It is still possible to change
this behaviour by removing the policy
("hydra policies delete default-oidc-id-token-public-policy") or
replacing it.
This change affects new installations only.
* Correct docker exec wording ([bda2c6c](https://github.com/ory/hydra/commit/bda2c6c28c53d558894d1fd67e81c778b9ca2196)):
`exec` is an nsenter, not an ssh
* Forces JWK to have a unique ID ([acd0107](https://github.com/ory/hydra/commit/acd010726b5fc6367f317ff8b0cad3fbd036747c)), closes [#589](https://github.com/ory/hydra/issues/589):
Previously, JSON Web Keys did not have to specify a unique id. JWKs
generated by ORY Hydra typically only used `public` or `private`
as KeyID. This patch changes that and appends a unique id if no
KeyID was given. To be able to separate between public and private key
pairs in resource name, the public/private convention was kept.
This change targets specifically the OpenID Connect ID Token and HTTP
TLS keys. The ID Token key was previously "hydra.openid.id-token:public"
and "hydra.openid.id-token:private" which now changed to something like
"hydra.openid.id-token:public:9a458aa3-65a0-4982-835f-343eec45183c" and
"hydra.openid.id-token:private:fa353995-d77d-420a-b967-63bf0721271b"
with the UUID part being random for every installation.
This change will help greatly with key rotation in the future.
* Forces UTC in consent strategy ([#775](https://github.com/ory/hydra/issues/775)) ([7c4fd7d](https://github.com/ory/hydra/commit/7c4fd7d1c15a1c38720481be6a4f38fd5f4708e3)), closes [#679](https://github.com/ory/hydra/issues/679):
This resolves an issue when different timezones are used between systems
by enforcing UTC everywhere.
* Generate php sdk and point php autoloader to lib folder ([#736](https://github.com/ory/hydra/issues/736)) ([f84eb65](https://github.com/ory/hydra/commit/f84eb6586800a1d6497ec7892ca81529300f4c70))
* Introduces pagination to client management ([#774](https://github.com/ory/hydra/issues/774)) ([02b3708](https://github.com/ory/hydra/commit/02b37086fadc2bf8478d433a45c6c4391d9bcf13)), closes [#739](https://github.com/ory/hydra/issues/739):
Previously, all clients were returned by `GET /clients`. To mitigate
DoS attacks against large databases, pagination has been introduced.
* Parallelizes database instantiation in tests ([8e894bc](https://github.com/ory/hydra/commit/8e894bc0444042bda2398661d2d04536a0feac2c))
* Parallelizes database instantiation in tests ([a0d6a0d](https://github.com/ory/hydra/commit/a0d6a0d2afba05de529f49473c029724381d25ce))
* Persists config file right before starting the server ([7fb51e5](https://github.com/ory/hydra/commit/7fb51e594304a96cdfcb31f02af1d123ad88eb70)):
Tests would fail because the config file is polled in order to check
if the server is already started or not. Moving the persist command
right before starting the server resolves issues with racy tests.
* Remove unused code ([c97e764](https://github.com/ory/hydra/commit/c97e7649e188c042bc978d34b2ab469b39222b43)):
This code was meant to be deleted in
9592a0069ed4b851cec8591038f9be5ce6d81a28 I believe.
* Remove unused named returns ([8bba5a0](https://github.com/ory/hydra/commit/8bba5a007b463e8bb005720fc4cfef6b22a243c8))
* Resolves an issue with broken build time display ([#799](https://github.com/ory/hydra/issues/799)) ([5c847ea](https://github.com/ory/hydra/commit/5c847eac6bbf4c15b562c80a0bde8eb6260b0a9f)), closes [#792](https://github.com/ory/hydra/issues/792):
Previously, the build time was always the current time. This patch
resolves that issue.
* Resolves broken JWK cast tests ([5740f32](https://github.com/ory/hydra/commit/5740f32bc82d1af373be561d2a577277cdd99791))
* Resolves broken sql schema test ([1b76f4b](https://github.com/ory/hydra/commit/1b76f4b898d4c3ce4a8fc26b967de763c77d5b61))
* Resolves composer license complaint ([#763](https://github.com/ory/hydra/issues/763)) ([6f9f906](https://github.com/ory/hydra/commit/6f9f90608db9376efa966271af1f8c4aaf31325e)):
Composer complained because an unknown license was used "Apache 2.0" instead of "Apache-2.0". This patch resolves that.
* Resolves possible session fixation attack ([1e80a1d](https://github.com/ory/hydra/commit/1e80a1d72ecc5db024f77eb91cf70e55ded41a5d)):
This patch resolves a vulnerability in the consent flow. This vulnerability
affects versions 0.10.0 ~ 0.11.5 only. Versions < 0.10.0 are not affected.
The vulnerability can be exploited as follows:
1. Malice initiates an OAuth 2.0 Authorization Code Flow:
https://hydra/oauth2/auth?client=...
2. Hydra redirects malice to the consent app and appends consent
id "example-id": https://consent-app/?consent=example-id
3. Malice convinces Bob to open url https://consent-app/?consent=example-id
and authorize the access request.
4. The consent app would redirect Bob back to
`https://hydra/oauth2/auth?client=...&consent=example-id`. However,
through some means, Malice is able to prevent redirection of Bob's
user agent.
5. Malice accesses the original auth code url and appends the consent id:
`https://hydra/oauth2/auth?client=...&consent=example-id`
6. As the consent request is granted but not claimed, and because Malice's
user agent contains the valid CSRF token, Malice receives an authorize
code that is meant to be issued to Bob.
7. Malice can now act on Bob's behalf.
For this attack to work, the following preconditions must be met:
1. Malice must be able to convince Bob to access the forged consent url.
2. Malice must be able to convince Bob to grant the forged consent request.
3. Malice must be able to prevent the consent app's redirect after
successful consent request acceptance.
4. Malice must be able to perform this attack within the expiry (10 minutes)
of the consent request.
For these reasons, an exploit for this vulnerability is not likely,
but possible.
This patch closes the described vulnerability by requiring a
`consent_csrf` value additional to the `consent` value in the query
parameters of the authorization url. Without that value, the authorization
code flow will not be successful. The `consent_csrf` is transmitted out-of-band
to the consent app and not accessible to Malice. Let's revisit the example
from above:
1. Malice initiates an OAuth 2.0 Authorization Code Flow:
https://hydra/oauth2/auth?client=...
- Hydra creates the consent request id and an additional CSRF token
which is stored in the database and the encrypted cookie. Malice
is not able to see the CSRF token.
2. Hydra redirects malice to the consent app and appends consent
id "example-id": https://consent-app/?consent=example-id
3. Malice convinces Bob to open url https://consent-app/?consent=example-id
and authorize the access request.
4. The consent app would redirect Bob back to
`https://hydra/oauth2/auth?client=...&consent=example-id&consent_csrf=csrf_token`.
The redirection URL is only accessible to the consent app and Bob's user agent.
However, through some means, Malice is able to prevent redirection of Bob's
user agent.
5. Malices does not know the value for `consent_csrf`, accessing
`https://hydra/oauth2/auth?client=...&consent=example-id` without
setting `consent_csrf` causes the request to fail and the consent to
be revoked.
This patch does not introduce breaking changes. Upgrading to the version
which contains this patch does not require any code changes or deployment
changes.
* Skips parallelization when not using docker ([57d0b12](https://github.com/ory/hydra/commit/57d0b12b0dfbc9c3f75ff0643d9b373ba1b99951)):
Previously, databases connected in parallel even when dockertest was
skipped - typically in CI environments. This caused issues on those
environments. This patch resolves that.
* Stops creating client when secret is too short ([#764](https://github.com/ory/hydra/issues/764)) ([f818f85](https://github.com/ory/hydra/commit/f818f857c2015290df5a6ec34c33e8dbee7caedd)), closes [#725](https://github.com/ory/hydra/issues/725):
Previously, clients were created despite an error which said that the secret was too short. This patch changes that and improves error output in the CLI as well for this command.
* Strips client secret from output when client is public ([#765](https://github.com/ory/hydra/issues/765)) ([439267b](https://github.com/ory/hydra/commit/439267b0e480a888a6e0e0058b24f54f358b1841)), closes [#737](https://github.com/ory/hydra/issues/737):
Previously a newly created public client had a secret send with the initial response and this secret was displayed in the CLI.
Now it is clear that there is no secret needed for public clients. It is not displayed in the CLI anymore.
* Updates license headers ([#793](https://github.com/ory/hydra/issues/793)) ([366ed57](https://github.com/ory/hydra/commit/366ed57d9c39d7601a40b5545f91361e6a2b9f5a))
* Updates text for newsletter signup ([#780](https://github.com/ory/hydra/issues/780)) ([459703f](https://github.com/ory/hydra/commit/459703f9ff39779b4547a5f86e204da32dc63731)):
Before newsletter text did not seem to make clear that it is just for security information.
* Use existing alpha-lower sequence ([343cb09](https://github.com/ory/hydra/commit/343cb096a713e0dc62cee9ae05f4261d68f58a03))
# [0.11.9](https://github.com/ory/hydra/compare/v0.11.7...v0.11.9) (2018-03-10)
metrics: Improves naming of traits (#803)
Closes #802
### Unclassified
* Improves naming of traits ([#803](https://github.com/ory/hydra/issues/803)) ([dd06073](https://github.com/ory/hydra/commit/dd060731cab21d2d449f4c55c0c0f5f9b699337e)), closes [#802](https://github.com/ory/hydra/issues/802)
# [0.11.7](https://github.com/ory/hydra/compare/v0.11.6...v0.11.7) (2018-03-03)
cmd: Adds OpenID Connect refresh handler
Previously, it was impossible to refresh OpenID Connect ID Tokens. This is now possible as the factory has been added to the oauth2 factory in the host process.
Closes #794
### Unclassified
* Adds OpenID Connect refresh handler ([7594eb4](https://github.com/ory/hydra/commit/7594eb453970403e4b33d024ad9217e670cde537)), closes [#794](https://github.com/ory/hydra/issues/794):
Previously, it was impossible to refresh OpenID Connect ID Tokens. This is now possible as the factory has been added to the oauth2 factory in the host process.
# [0.11.6](https://github.com/ory/hydra/compare/v0.11.4...v0.11.6) (2018-02-07)
oauth2: Resolves possible session fixation attack
This patch resolves a vulnerability in the consent flow. This vulnerability
affects versions 0.10.0 ~ 0.11.5 only. Versions < 0.10.0 are not affected.
The vulnerability can be exploited as follows:
1. Malice initiates an OAuth 2.0 Authorization Code Flow:
https://hydra/oauth2/auth?client=...
2. Hydra redirects malice to the consent app and appends consent
id "example-id": https://consent-app/?consent=example-id
3. Malice convinces Bob to open url https://consent-app/?consent=example-id
and authorize the access request.
4. The consent app would redirect Bob back to
`https://hydra/oauth2/auth?client=...&consent=example-id`. However,
through some means, Malice is able to prevent redirection of Bob's
user agent.
5. Malice accesses the original auth code url and appends the consent id:
`https://hydra/oauth2/auth?client=...&consent=example-id`
6. As the consent request is granted but not claimed, and because Malice's
user agent contains the valid CSRF token, Malice receives an authorize
code that is meant to be issued to Bob.
7. Malice can now act on Bob's behalf.
For this attack to work, the following preconditions must be met:
1. Malice must be able to convince Bob to access the forged consent url.
2. Malice must be able to convince Bob to grant the forged consent request.
3. Malice must be able to prevent the consent app's redirect after
successful consent request acceptance.
4. Malice must be able to perform this attack within the expiry (10 minutes)
of the consent request.
For these reasons, an exploit for this vulnerability is not likely,
but possible.
This patch closes the described vulnerability by requiring a
`consent_csrf` value additional to the `consent` value in the query
parameters of the authorization url. Without that value, the authorization
code flow will not be successful. The `consent_csrf` is transmitted out-of-band
to the consent app and not accessible to Malice. Let's revisit the example
from above:
1. Malice initiates an OAuth 2.0 Authorization Code Flow:
https://hydra/oauth2/auth?client=...
- Hydra creates the consent request id and an additional CSRF token
which is stored in the database and the encrypted cookie. Malice
is not able to see the CSRF token.
2. Hydra redirects malice to the consent app and appends consent
id "example-id": https://consent-app/?consent=example-id
3. Malice convinces Bob to open url https://consent-app/?consent=example-id
and authorize the access request.
4. The consent app would redirect Bob back to
`https://hydra/oauth2/auth?client=...&consent=example-id&consent_csrf=csrf_token`.
The redirection URL is only accessible to the consent app and Bob's user agent.
However, through some means, Malice is able to prevent redirection of Bob's
user agent.
5. Malices does not know the value for `consent_csrf`, accessing
`https://hydra/oauth2/auth?client=...&consent=example-id` without
setting `consent_csrf` causes the request to fail and the consent to
be revoked.
This patch does not introduce breaking changes. Upgrading to the version
which contains this patch does not require any code changes or deployment
changes.
### Unclassified
* Resolves possible session fixation attack ([69cc450](https://github.com/ory/hydra/commit/69cc450f3d0079f2e991d89bfdf9efc6260a48d9)):
This patch resolves a vulnerability in the consent flow. This vulnerability
affects versions 0.10.0 ~ 0.11.5 only. Versions < 0.10.0 are not affected.
The vulnerability can be exploited as follows:
1. Malice initiates an OAuth 2.0 Authorization Code Flow:
https://hydra/oauth2/auth?client=...
2. Hydra redirects malice to the consent app and appends consent
id "example-id": https://consent-app/?consent=example-id
3. Malice convinces Bob to open url https://consent-app/?consent=example-id
and authorize the access request.
4. The consent app would redirect Bob back to
`https://hydra/oauth2/auth?client=...&consent=example-id`. However,
through some means, Malice is able to prevent redirection of Bob's
user agent.
5. Malice accesses the original auth code url and appends the consent id:
`https://hydra/oauth2/auth?client=...&consent=example-id`
6. As the consent request is granted but not claimed, and because Malice's
user agent contains the valid CSRF token, Malice receives an authorize
code that is meant to be issued to Bob.
7. Malice can now act on Bob's behalf.
For this attack to work, the following preconditions must be met:
1. Malice must be able to convince Bob to access the forged consent url.
2. Malice must be able to convince Bob to grant the forged consent request.
3. Malice must be able to prevent the consent app's redirect after
successful consent request acceptance.
4. Malice must be able to perform this attack within the expiry (10 minutes)
of the consent request.
For these reasons, an exploit for this vulnerability is not likely,
but possible.
This patch closes the described vulnerability by requiring a
`consent_csrf` value additional to the `consent` value in the query
parameters of the authorization url. Without that value, the authorization
code flow will not be successful. The `consent_csrf` is transmitted out-of-band
to the consent app and not accessible to Malice. Let's revisit the example
from above:
1. Malice initiates an OAuth 2.0 Authorization Code Flow:
https://hydra/oauth2/auth?client=...
- Hydra creates the consent request id and an additional CSRF token
which is stored in the database and the encrypted cookie. Malice
is not able to see the CSRF token.
2. Hydra redirects malice to the consent app and appends consent
id "example-id": https://consent-app/?consent=example-id
3. Malice convinces Bob to open url https://consent-app/?consent=example-id
and authorize the access request.
4. The consent app would redirect Bob back to
`https://hydra/oauth2/auth?client=...&consent=example-id&consent_csrf=csrf_token`.
The redirection URL is only accessible to the consent app and Bob's user agent.
However, through some means, Malice is able to prevent redirection of Bob's
user agent.
5. Malices does not know the value for `consent_csrf`, accessing
`https://hydra/oauth2/auth?client=...&consent=example-id` without
setting `consent_csrf` causes the request to fail and the consent to
be revoked.
This patch does not introduce breaking changes. Upgrading to the version
which contains this patch does not require any code changes or deployment
changes.
# [0.11.4](https://github.com/ory/hydra/compare/v0.11.3...v0.11.4) (2018-01-23)
docs: Incorporates changes from version v0.11.3
### Documentation
* Incorporates changes from version v0.11.3 ([c9d1bf1](https://github.com/ory/hydra/commit/c9d1bf1aa96b6c1fd8cb440c9c1644edab43fdbe))
# [0.11.3](https://github.com/ory/hydra/compare/v0.11.2...v0.11.3) (2018-01-23)
teleme: Improves telemetry module and upgrades to segment 3.0.0 (#752)
### Documentation
* Incorporates changes from version v0.11.2 ([bf03815](https://github.com/ory/hydra/commit/bf0381580a56bcd60cef0395158144ea45ce4d7c))
### Unclassified
* Improves telemetry module and upgrades to segment 3.0.0 ([#752](https://github.com/ory/hydra/issues/752)) ([4ef50f3](https://github.com/ory/hydra/commit/4ef50f37fefa35a5903fc8e25043ca5611aa630d))
# [0.11.2](https://github.com/ory/hydra/compare/v0.11.1...v0.11.2) (2018-01-22)
oauth2: Protects consent flow against session fixation (#754)
Closes #753
### Unclassified
* Protects consent flow against session fixation ([#754](https://github.com/ory/hydra/issues/754)) ([a4b6888](https://github.com/ory/hydra/commit/a4b68886eb4fcbc61c7ec85b9161745f40e0a169)), closes [#753](https://github.com/ory/hydra/issues/753)
* Returns 404 only when policy allows getting a client ([#751](https://github.com/ory/hydra/issues/751)) ([7c5786e](https://github.com/ory/hydra/commit/7c5786eb36fff9490611ead36c67afdbc2b7f8bf))
# [0.11.1](https://github.com/ory/hydra/compare/v0.11.0...v0.11.1) (2018-01-18)
Resolves issues with pagination (#750)
### Unclassified
* Resolves issues with pagination (#750) ([9258083](https://github.com/ory/hydra/commit/9258083ded4211db5b81d4159c2478efa4935a7b)), closes [#750](https://github.com/ory/hydra/issues/750)
* Adds method to return ClusterURL without trailing slashes ([#748](https://github.com/ory/hydra/issues/748)) ([9bff6e7](https://github.com/ory/hydra/commit/9bff6e704d1d9b1e0a078633539a552693b4f6b9)), closes [#650](https://github.com/ory/hydra/issues/650)
# [0.11.0](https://github.com/ory/hydra/compare/v0.10.10...v0.11.0) (2018-01-08)
group: Resolves CI test issues by removing group
### Documentation
* Adds documentation on third-party deps ([#728](https://github.com/ory/hydra/issues/728)) ([260aec8](https://github.com/ory/hydra/commit/260aec86fb149c06eb7d60e1224e1b9218a13e07)), closes [#716](https://github.com/ory/hydra/issues/716)
* Incorporates changes from version v0.10.10 ([297215f](https://github.com/ory/hydra/commit/297215fb230d01b999292abf36641b2f7c03d5f8))
### Unclassified
* Adds list groups command ([f9d5c75](https://github.com/ory/hydra/commit/f9d5c753d1506c76ea08c21eced847ceb9a32d54))
* Adds ListGroup and limit + offsets ([c0099f3](https://github.com/ory/hydra/commit/c0099f30626f58fe0b71d0f892a267d1e51ec41a)), closes [#732](https://github.com/ory/hydra/issues/732)
* Adds offline_access scope alias ([#724](https://github.com/ory/hydra/issues/724)) ([691e598](https://github.com/ory/hydra/commit/691e598e46a23ed12ee3dcaac834582f57fbe051)), closes [#722](https://github.com/ory/hydra/issues/722)
* Adds pagination parsing helper ([b0d40b4](https://github.com/ory/hydra/commit/b0d40b4ddaa3c594b0367d81cb90bcdd7bd99712))
* Adds php registry dummy ([#733](https://github.com/ory/hydra/issues/733)) ([e170231](https://github.com/ory/hydra/commit/e1702314b59cdeda58269c87d3711617f9b9166a))
* Prints debug message to logs and evaluate transmitting it to clients too ([#727](https://github.com/ory/hydra/issues/727)) ([40fc5e6](https://github.com/ory/hydra/commit/40fc5e6af0556820dc9216fac10dd33ce560149e)), closes [#715](https://github.com/ory/hydra/issues/715)
* Replaces pagination parser with helper ([14ebadf](https://github.com/ory/hydra/commit/14ebadf458305b644e8d8101d7b61a934393cc0b))
* Resolves CI test issues by removing group ([82480e5](https://github.com/ory/hydra/commit/82480e5b6c0ed1815cd5efd669a995f63f650340))
* Stop requiring x-forwarded-proto ([#731](https://github.com/ory/hydra/issues/731)) ([b83541c](https://github.com/ory/hydra/commit/b83541ca23cd1f69543cebe837566d93df0cefa8)), closes [#726](https://github.com/ory/hydra/issues/726)
* Updates SDKs to implement list group capabilities ([2e34c36](https://github.com/ory/hydra/commit/2e34c361220c76e7dc0d8a3b6cc91bce72919779))
# [0.10.10](https://github.com/ory/hydra/compare/v0.10.9...v0.10.10) (2017-12-16)
docs: Resolves issue with broken 5-minute tutorial
Closes #717
### Documentation
* Incorporates changes from version v0.10.9 ([61c4611](https://github.com/ory/hydra/commit/61c4611f4fc35f127ceac8ec1a964215d27b46fd))
* Resolves issue with broken 5-minute tutorial ([1d1b945](https://github.com/ory/hydra/commit/1d1b945494c14ac048d3d6040661c9bf7c761593)), closes [#717](https://github.com/ory/hydra/issues/717)
### Unclassified
* Forces use of UTC time everywhere ([4161b61](https://github.com/ory/hydra/commit/4161b61f229fdd52cd7d4a57a4f2f3d79d444174)), closes [#679](https://github.com/ory/hydra/issues/679)
* sdk/go: Resolves incorrect error message (#713) ([1290660](https://github.com/ory/hydra/commit/1290660319c9fd798611ec425379ce921e3f0d93)), closes [#713](https://github.com/ory/hydra/issues/713) [#686](https://github.com/ory/hydra/issues/686)
* Adds a dedicated command for importing policies ([be54a75](https://github.com/ory/hydra/commit/be54a7578508a522fa161b55c5363daed1c87a0a)), closes [#701](https://github.com/ory/hydra/issues/701)
* Adds list of supported auth methods to OIDC discovery ([cba05b4](https://github.com/ory/hydra/commit/cba05b496cb240338046163436b8b912ffd4beee)), closes [#695](https://github.com/ory/hydra/issues/695)
* Corrects group scope documentation ([#710](https://github.com/ory/hydra/issues/710)) ([a58624c](https://github.com/ory/hydra/commit/a58624cf6f6dfb12a9f499d55e1612b90099f21a)), closes [#702](https://github.com/ory/hydra/issues/702)
* Makes scopes in token command configurable ([#712](https://github.com/ory/hydra/issues/712)) ([ed2bc01](https://github.com/ory/hydra/commit/ed2bc01af55bbc62b77397dc01b8b6e04f7392eb)), closes [#711](https://github.com/ory/hydra/issues/711)
* Removes check for authorize code error in auth endpoint ([0d08851](https://github.com/ory/hydra/commit/0d08851268107c2ec842109b45cab2b32156fcd9))
* Removes unknown claims from userinfo endpoint ([7cb4ad2](https://github.com/ory/hydra/commit/7cb4ad28f6571edf2acee76cce673e13ccba330f))
* Sets requested at value in session ([dd1a3f4](https://github.com/ory/hydra/commit/dd1a3f47e4bb4224cd5eec2f72bad06b37b0f86b))
* Updates to fosite 0.15.2 ([05354cb](https://github.com/ory/hydra/commit/05354cb4f32b8e745c0322205bc4434473d49497)):
Improves detection of non-conform OIDC authorizations.
# [0.10.9](https://github.com/ory/hydra/compare/v0.10.8...v0.10.9) (2017-12-13)
pkg: Fixes returning nil instead of empty array in split
### Documentation
* Incorporates changes from version v0.10.8 ([a5583f0](https://github.com/ory/hydra/commit/a5583f0afe4c0ff54d4ce35b637bb7612bbbbaf9))
### Unclassified
* Fixes returning nil instead of empty array in split ([e852207](https://github.com/ory/hydra/commit/e852207f698225bee9c2bc58f5aeeb9e7c401151))
# [0.10.8](https://github.com/ory/hydra/compare/v0.10.7...v0.10.8) (2017-12-12)
Reintroduces alpine based docker image
Closes #703
### Documentation
* Adds introspection breaking change to upgrade guide ([072e54b](https://github.com/ory/hydra/commit/072e54b6f2afbcbd9b1eafedb22b2fc50d2d87f7))
* Incorporates changes from version v0.10.7 ([ad79f6c](https://github.com/ory/hydra/commit/ad79f6ced58066ed52a4a1ba7c489caa440ab2c1))
### Unclassified
* Reintroduces alpine based docker image ([0d47938](https://github.com/ory/hydra/commit/0d47938fe3524060a164f795bd20b8ffa95cf577)), closes [#703](https://github.com/ory/hydra/issues/703)
# [0.10.7](https://github.com/ory/hydra/compare/v0.10.6...v0.10.7) (2017-12-09)
oauth2: Redirects authorize code errors to consent app
### Documentation
* Incorporates changes from version v0.10.6 ([499a1a6](https://github.com/ory/hydra/commit/499a1a6228dba9a8bf361d4b6a32664cfe16cfcd))
### Unclassified
* Hydrates auth time value in id token ([f10e49a](https://github.com/ory/hydra/commit/f10e49ad41b6adc0615187c508b1b139d888bb2a)):
This is only a preliminary solution and must be added to the
consent flow.
* Redirects authorize code errors to consent app ([62547eb](https://github.com/ory/hydra/commit/62547ebabaef67d20c96f845fb7cd984a322e61d))
# [0.10.6](https://github.com/ory/hydra/compare/v0.10.5...v0.10.6) (2017-12-09)
oauth2: Adds ability to configure OIDC Discovery
### Unclassified
* Adds ability to configure OIDC Discovery ([34c5f30](https://github.com/ory/hydra/commit/34c5f30fd42b890877134cea0549be8a689d9171))
* Adds tests for userinfo endpoint and auth code exchange ([e167aba](https://github.com/ory/hydra/commit/e167abab8d058c6c4777a0cf871a0a7e0d0dfaf5))
* Upgrades to fosite 0.14.2 ([c208020](https://github.com/ory/hydra/commit/c208020b2b114a70cb4ccffee977373672cd4464))
* Upgrades to fosite 0.15.0 ([9e370de](https://github.com/ory/hydra/commit/9e370dea762ffc8c0278605595afd65765685698)):
Improves conformity with OpenID Connect Certification.
# [0.10.5](https://github.com/ory/hydra/compare/v0.10.4...v0.10.5) (2017-12-09)
oauth2: Allows POST for userinfo endpoint
### Documentation
* Incorporates changes from version v0.10.4 ([3abcb69](https://github.com/ory/hydra/commit/3abcb69779260eef0752a56b8b2e26c2ba9ca215))
### Unclassified
* Allows POST for userinfo endpoint ([ae3904f](https://github.com/ory/hydra/commit/ae3904fa77ce654b11cea97b1ba189fc6780efe3))
# [0.10.4](https://github.com/ory/hydra/compare/v0.10.3...v0.10.4) (2017-12-09)
oauth2: Adds userinfo endpoint and improves OIDC discovery
### Documentation
* Incorporates changes from version v0.10.3 ([b2e7a8d](https://github.com/ory/hydra/commit/b2e7a8dfdc08a49317e0b4d7321f459a32a5f294))
### Unclassified
* Adds basic userinfo endpoint ([d404328](https://github.com/ory/hydra/commit/d40432819a54820384b815f4d61a155568e3fb5f)), closes [#652](https://github.com/ory/hydra/issues/652)
* Adds userinfo endpoint and improves OIDC discovery ([fabee0d](https://github.com/ory/hydra/commit/fabee0dcafa4056802f9e88492e268e114f03f9d))
# [0.10.3](https://github.com/ory/hydra/compare/v0.10.2...v0.10.3) (2017-12-08)
docs: Removes code climate badge
### Documentation
* Removes code climate badge ([25a123e](https://github.com/ory/hydra/commit/25a123e5a57e3a8db37639b81e202b17224490fa))
# [0.10.2](https://github.com/ory/hydra/compare/v0.10.1...v0.10.2) (2017-12-08)
ci: Adds sudo for install doctoc globally in changelog task
### Continuous Integration
* Adds sudo for install doctoc globally in changelog task ([f1fb016](https://github.com/ory/hydra/commit/f1fb01643b7e7065859b4da0d2b19dc83d05be71))
# [0.10.1](https://github.com/ory/hydra/compare/v0.10.0...v0.10.1) (2017-12-08)
ci: Resolves permission denied issue in changelog
### Continuous Integration
* Resolves permission denied issue in changelog ([0a52ab8](https://github.com/ory/hydra/commit/0a52ab8512ad52e602cf33d184c0b41d3ed7f839))
# [0.10.0](https://github.com/ory/hydra/compare/v0.10.0-alpha.21...v0.10.0) (2017-12-08)
ci: Adds git config to changelog task
### Continuous Integration
* Adds git config to changelog task ([ad3a1f7](https://github.com/ory/hydra/commit/ad3a1f7ea2c711425afdf3a20b7c3a4f05f4d00f))
### Documentation
* Adds ACP best practices ([#681](https://github.com/ory/hydra/issues/681)) ([c2c9c84](https://github.com/ory/hydra/commit/c2c9c84c48584eab2f8f5166654ae700ebda96f7))
* Adds alt tags to images and resolves markdown typos ([9587754](https://github.com/ory/hydra/commit/9587754c28dc14177d171497ae8f7b551d37c412))
* Adds consent state machine ([7b697b1](https://github.com/ory/hydra/commit/7b697b1298f85264b1077e003cc0cce6a722f222))
* Adds guideline for disclosing vulnerabilities ([1b263ef](https://github.com/ory/hydra/commit/1b263eff7455117b21b74de71d6fcdec8b873996))
* Adds multi-tenant best practices ([#684](https://github.com/ory/hydra/issues/684)) ([e46ff15](https://github.com/ory/hydra/commit/e46ff15224a9a46d87d140eebdc5a2b85cb56898))
* Adds rest calls to consent state diagram ([d3838f7](https://github.com/ory/hydra/commit/d3838f70cf35e69a84e4cbfc15e2b0ef73fcd18d))
* Fixes RS256 -> HS256 typo in upgrade notes ([a477ba7](https://github.com/ory/hydra/commit/a477ba766bc1bb17508f9a87b60df88821ed5de3))
* Fixes SDK links in guide ([d4a9f23](https://github.com/ory/hydra/commit/d4a9f230d8444dd3079feaf4e38724c445a92a11))
* Improves access control section ([3171d41](https://github.com/ory/hydra/commit/3171d41774c63dbc23bfb2dafe4f716bf1695623)), closes [#680](https://github.com/ory/hydra/issues/680)
* Improves changelog and release process ([a0cdbb2](https://github.com/ory/hydra/commit/a0cdbb273085051e33a1fbab3b9f460c4d15db85))
* Improves upgrade notes ([4aa82fb](https://github.com/ory/hydra/commit/4aa82fb4503d1d79b84a72d26e2094ea0163b810))
* Make space optional in scope regex ([#661](https://github.com/ory/hydra/issues/661)) ([#668](https://github.com/ory/hydra/issues/668)) ([1a6e445](https://github.com/ory/hydra/commit/1a6e44588f925f0a182d5e7c47fdb900ec5e0f3a))
* Removes adopter list ([e8427aa](https://github.com/ory/hydra/commit/e8427aa5f03c5850258c731901b99c8e9d199749)), closes [#659](https://github.com/ory/hydra/issues/659):
Adopters have been removed as most do not want to be publicly identified, in case of security issues with the open source software.
* Removes alpha tags from docker images ([c24eb35](https://github.com/ory/hydra/commit/c24eb35fc31c929844152e389d55089339112d01))
* Updates history.md for 0.10.0-alpha.22 release ([df1c91e](https://github.com/ory/hydra/commit/df1c91ef33d8e4f8db1f73b587c29d1ae2114aa8))
* Updates upgrade notes to 0.10.0 ([c939999](https://github.com/ory/hydra/commit/c939999dd7cf3be4a86369cab9c436c1ec00b3ba))
* Use docker network instead of links in installation tutorial ([7963ed0](https://github.com/ory/hydra/commit/7963ed0908a41db0fc3452960dbc701ab202a597)), closes [#555](https://github.com/ory/hydra/issues/555)
### Unclassified
* Makes policy resource names prefixes configurable (#672) ([aee603b](https://github.com/ory/hydra/commit/aee603b42bb1eb47a3c68042a470ab47641d8863)), closes [#672](https://github.com/ory/hydra/issues/672)
* Adds storing subject in token tables ([#674](https://github.com/ory/hydra/issues/674)) ([7d5d857](https://github.com/ory/hydra/commit/7d5d857b7a3149e609a0e9e98a9aba5732c2508f)), closes [#658](https://github.com/ory/hydra/issues/658)
* Adds test for LogError ([#682](https://github.com/ory/hydra/issues/682)) ([9fb69ee](https://github.com/ory/hydra/commit/9fb69ee947feb0a372343b1af474b1b191229272))
* Fixes clients being able to revoke any token ([#677](https://github.com/ory/hydra/issues/677)) ([df8e6eb](https://github.com/ory/hydra/commit/df8e6eb72951e9bcceaf48faccee77c5453b3ffb)), closes [#676](https://github.com/ory/hydra/issues/676)
* Removes incorrect audience field from introspection response ([c630f8e](https://github.com/ory/hydra/commit/c630f8e01b0d410107b7c75dfdb67b341781067d))
* Renames ES521 key generation algorithm to ES512 ([233aa79](https://github.com/ory/hydra/commit/233aa7979e19c4c2322546752c99d142ba8d8dc6)), closes [#651](https://github.com/ory/hydra/issues/651)
* Requires firewall check for introspecting access tokens ([#678](https://github.com/ory/hydra/issues/678)) ([f5b6558](https://github.com/ory/hydra/commit/f5b6558c72a684f53b3373bf51188c470d2bfd97))
* Update telemetry identification ([#654](https://github.com/ory/hydra/issues/654)) ([84bcd68](https://github.com/ory/hydra/commit/84bcd68fa17e606fc8b7ce2258e52bfff46fcf95))
* Updates CLI outputs and adds newlines ([0a54cdf](https://github.com/ory/hydra/commit/0a54cdf247b6f262be4c1555ff852522f67ec2ed))
# [0.10.0-alpha.21](https://github.com/ory/hydra/compare/v0.10.0-alpha.20...v0.10.0-alpha.21) (2017-11-27)
cmd: Fix 'hydra policies subjects remove <policy> <subject>' adding the subject instead. (#665)
Signed-off-by: James Nicolas <james.nicolas@tulip.io>
### Unclassified
* Fix 'hydra policies subjects remove <policy> <subject>' adding the subject instead. ([#665](https://github.com/ory/hydra/issues/665)) ([766fb99](https://github.com/ory/hydra/commit/766fb99d9d571618032d522c8aecee94c17c7d1f))
# [0.10.0-alpha.20](https://github.com/ory/hydra/compare/v0.10.0-alpha.19...v0.10.0-alpha.20) (2017-11-26)
cmd: Added cors support to host process
Closes #506
### Unclassified
* Added cors support to host process ([1c696d2](https://github.com/ory/hydra/commit/1c696d2c9e706af48da80d4f79683887c0b038b1)), closes [#506](https://github.com/ory/hydra/issues/506)
# [0.10.0-alpha.19](https://github.com/ory/hydra/compare/v0.10.0-alpha.18...v0.10.0-alpha.19) (2017-11-26)
vendor: Upgraded ladon and dockertest versions
### Documentation
* Update hydra versions ([9b39795](https://github.com/ory/hydra/commit/9b3979594bd57ed3bd3bdb68911d73ee8e03d357))
### Unclassified
* Make low entropy RSA key generation explicit in function name ([bb960fe](https://github.com/ory/hydra/commit/bb960fe9952d4f214bb6e7d5fe89bcc4aeb8d259))
* Upgraded ladon and dockertest versions ([0a83f1b](https://github.com/ory/hydra/commit/0a83f1bb87220110a22dd640386add598eb7d6e5))
# [0.10.0-alpha.18](https://github.com/ory/hydra/compare/v0.10.0-alpha.17...v0.10.0-alpha.18) (2017-11-06)
ci: Use sudo to update npm in release job
### Continuous Integration
* Use sudo to update npm in release job ([d67d703](https://github.com/ory/hydra/commit/d67d703f47cb49db64bdf7c4fd14d811c2a30fda))
# [0.10.0-alpha.17](https://github.com/ory/hydra/compare/v0.10.0-alpha.16...v0.10.0-alpha.17) (2017-11-06)
ci: Upgrade npm in release job
### Continuous Integration
* Upgrade npm in release job ([dd8a20d](https://github.com/ory/hydra/commit/dd8a20dd733894d6f25be7101a00b9c88bb2908d))
# [0.10.0-alpha.16](https://github.com/ory/hydra/compare/v0.10.0-alpha.15...v0.10.0-alpha.16) (2017-11-06)
ci: Fix typo in workflow job
### Continuous Integration
* Fix typo in workflow job ([de53535](https://github.com/ory/hydra/commit/de535356febdf0aadc05d8f318829e14a298f6a8))
### Documentation
* Update history release notes ([e78c37e](https://github.com/ory/hydra/commit/e78c37e5126c7e1f4e1fe4d3bea9ab69e31dc147))
* Update history.md to 0.10.0-alpha.15 ([33bf2cc](https://github.com/ory/hydra/commit/33bf2cca7d9d8d269e48c984276505e0e97caa98))
### Unclassified
* Add run command to docker test ([f2ed30f](https://github.com/ory/hydra/commit/f2ed30fb3260edde068eb5437b1b523af9aa8998))
* Fix typo in invalid credentials message ([a69ba65](https://github.com/ory/hydra/commit/a69ba65a158806f41e6937ef187810487b9513f0))
* Resolve static build issues ([811293a](https://github.com/ory/hydra/commit/811293a91c4c67d90bc63cb5a2028a29ba8dd29a))
# [0.10.0-alpha.15](https://github.com/ory/hydra/compare/v0.10.0-alpha.14...v0.10.0-alpha.15) (2017-11-06)
docker: Make hydra executable
### Unclassified
* Make hydra executable ([93242ce](https://github.com/ory/hydra/commit/93242ce2e25c7df8aa22ed7103199808b6e84e99))
# [0.10.0-alpha.14](https://github.com/ory/hydra/compare/v0.10.0-alpha.13...v0.10.0-alpha.14) (2017-11-06)
oauth2: Resolve race condition in consent memory manager
Closes #600
### Unclassified
* Resolve race condition in consent memory manager ([39e7dfe](https://github.com/ory/hydra/commit/39e7dfe2ecc2df38aed76faf2f9b1134bf6095e1)), closes [#600](https://github.com/ory/hydra/issues/600)
* Resolve race condition in fosite memory manager ([c465e57](https://github.com/ory/hydra/commit/c465e57e0681c56c540dbd8b0670dcf45b45c9e9))
# [0.10.0-alpha.13](https://github.com/ory/hydra/compare/v0.10.0-alpha.12...v0.10.0-alpha.13) (2017-11-06)
docker: Stop building from source in docker image (#645)
closes #374
### Unclassified
* Stop building from source in docker image ([#645](https://github.com/ory/hydra/issues/645)) ([846799d](https://github.com/ory/hydra/commit/846799db71734202ff1d5358e03b3d87a5cdc3ad)), closes [#374](https://github.com/ory/hydra/issues/374)
# [0.10.0-alpha.12](https://github.com/ory/hydra/compare/v0.10.0-alpha.11...v0.10.0-alpha.12) (2017-11-06)
doc: write history for 0.10.0-alpha.11
### Documentation
* Fix health link in tutorial ([#637](https://github.com/ory/hydra/issues/637)) ([4f3a7cb](https://github.com/ory/hydra/commit/4f3a7cb4970436816518f7a2796d2aee21693062))
### Unclassified
* Add license header to all source files (#644) ([dcbd6d8](https://github.com/ory/hydra/commit/dcbd6d8fcb32a643732ad97656d35e4eda2ddfaf)), closes [#644](https://github.com/ory/hydra/issues/644) [#643](https://github.com/ory/hydra/issues/643)
* Require url-encoding of root client id and secret ([#641](https://github.com/ory/hydra/issues/641)) ([232caa7](https://github.com/ory/hydra/commit/232caa77062adbf2350c017f718e42674e6e615b))
* Write history for 0.10.0-alpha.11 ([8c12bf1](https://github.com/ory/hydra/commit/8c12bf16bcd2a13d35e26db4e2534e8a9684315f))
# [0.10.0-alpha.10](https://github.com/ory/hydra/compare/v0.10.0-alpha.9...v0.10.0-alpha.10) (2017-10-26)
ci: use node 8.x branch with npm for publish
### Continuous Integration
* Use node 8.x branch with npm for publish ([3175a70](https://github.com/ory/hydra/commit/3175a70aae809669162044dae7d6cd02621a3552))
### Documentation
* Update build status badge in readme to circleci ([c5e0622](https://github.com/ory/hydra/commit/c5e06223a05ea98365e8dfad05c8d78ccac41fec))
# [0.10.0-alpha.9](https://github.com/ory/hydra/compare/v0.10.0-alpha.8...v0.10.0-alpha.9) (2017-10-25)
tests: resolve issue with postgresql connectivity
### Documentation
* Fix bash command and version used in tutorial ([#622](https://github.com/ory/hydra/issues/622)) ([4a060a4](https://github.com/ory/hydra/commit/4a060a40917b1c085e691ae4023d65543667773e)):
* bash command that contain regex needs to be quoated, version doesnt exists
* bumped version up to 0.10.0-alpha.8
* Fixed spelling and wording ([#624](https://github.com/ory/hydra/issues/624)) ([8dd21bd](https://github.com/ory/hydra/commit/8dd21bd0afbd021f0c96b7fdec331dde432ce8c0)):
* updated some language words and corrected spelling
* updated docs to list that hydra now supports OpenID Connect Discovery
* Update history.md for 0.10.0-alpha.9 ([525214c](https://github.com/ory/hydra/commit/525214c692639375c294f92db4e01c2a58ccab7a))
* Updated hydra version in the tutorial to v0.10.0-alpha.8 and consent app to v0.10.0-alpha.9 ([#625](https://github.com/ory/hydra/issues/625)) ([affa64e](https://github.com/ory/hydra/commit/affa64e229c6352c6e9c2d60f383b643e01fe9d0))
* Updated links to apiary as the old ones didn't link to the correct section of the page ([#626](https://github.com/ory/hydra/issues/626)) ([6ecbfdc](https://github.com/ory/hydra/commit/6ecbfdc0281a5cef51f50aea7e58b508cc2da215))
### Unclassified
* Add curl to docker files ([1475611](https://github.com/ory/hydra/commit/14756112f2e2cc7f4ac509ea7522f43133beb635))
* Remove unused numeric package ([491a4dc](https://github.com/ory/hydra/commit/491a4dc49a0e82f6bbbdb7bac5b575ebb50057ca))
* Resolve issue with postgresql connectivity ([3850ce7](https://github.com/ory/hydra/commit/3850ce78ecec58f2e00683e0090204e8814e900c))
* Run database tests in parallel ([6aa2178](https://github.com/ory/hydra/commit/6aa2178bd83e742a6c6a715430714e28ca2e87c4)), closes [#617](https://github.com/ory/hydra/issues/617)
* Update to jwk-go 0.3 and replace glide with dep ([0b34388](https://github.com/ory/hydra/commit/0b34388395e245ab9dc10696e868e4a277a42469)), closes [#631](https://github.com/ory/hydra/issues/631)
* Use cryptopasta library ([aff8137](https://github.com/ory/hydra/commit/aff81373caa5f4d5c1a0ef6320aad5bb50b5ec52))
* Use postgres and add consent manager test ([d1ec310](https://github.com/ory/hydra/commit/d1ec310821885a11e6a2a058fa8c629c9d3cc919))
# [0.10.0-alpha.8](https://github.com/ory/hydra/compare/v0.9.14...v0.10.0-alpha.8) (2017-10-18)
cmd/server: SQLConnection should load SQLRequestManager
Closes #613
### Documentation
* SDK for Go is actually for Node, fix this typo ([36ae05f](https://github.com/ory/hydra/commit/36ae05f7bd7a69399d65302a099021ed827c88db)), closes [#615](https://github.com/ory/hydra/issues/615)
### Unclassified
* cmd/server: SQLConnection should load SQLRequestManager ([bb1bf68](https://github.com/ory/hydra/commit/bb1bf68b84f0f6b57bb4a547a91dfc27cbed1289)), closes [#613](https://github.com/ory/hydra/issues/613)
* Add tests ([2fdcc9d](https://github.com/ory/hydra/commit/2fdcc9de75b9e01a23f5442c92c305fbef2ba4a0))
* Format js sdk and remove mock tests ([#609](https://github.com/ory/hydra/issues/609)) ([14ad3e0](https://github.com/ory/hydra/commit/14ad3e09a7cd61ad9a7416a18f0cd0119276b450))
* Gofmt ([afdb1ab](https://github.com/ory/hydra/commit/afdb1abdf76d19d107dd4f9e5a3fbda0e68542ce))
* Remove unused helpers ([1182790](https://github.com/ory/hydra/commit/1182790672a2686ffeef9cfb5777533562790c82))
# [0.9.14](https://github.com/ory/hydra/compare/v0.10.0-alpha.7...v0.9.14) (2017-10-06)
docs: remove old consent policy example
### Documentation
* Remove old consent policy example ([c74e4c2](https://github.com/ory/hydra/commit/c74e4c2fa5c689d583d01521a7e6b2ecc1fddcde))
### Unclassified
* Update docker compose file ([5e1ceec](https://github.com/ory/hydra/commit/5e1ceece8e75018f8c00c8836061418a8eb2cd74))
# [0.10.0-alpha.7](https://github.com/ory/hydra/compare/v0.10.0-alpha.6...v0.10.0-alpha.7) (2017-10-06)
docker: update to consent app alpha.7
### Unclassified
* sdk/js: resolve lower case issue in consent request model ([e15bdf4](https://github.com/ory/hydra/commit/e15bdf4b3fca8c3849932e3b29063f42912db393))
* Update to consent app alpha.7 ([0eff6b8](https://github.com/ory/hydra/commit/0eff6b8de435880b9e8eae85ba065490982bbe04))
# [0.10.0-alpha.6](https://github.com/ory/hydra/compare/v0.10.0-alpha.5...v0.10.0-alpha.6) (2017-10-05)
travis: run predeploy after success on tags
This is required because before_deploy is ran twice if multiple providers exist, see https://github.com/travis-ci/travis-ci/issues/2570
### Unclassified
* Run predeploy after success on tags ([7de505d](https://github.com/ory/hydra/commit/7de505d44a2bb96f9269f8b3fdb679027343b549)):
This is required because before_deploy is ran twice if multiple providers exist, see https://github.com/travis-ci/travis-ci/issues/2570
# [0.10.0-alpha.5](https://github.com/ory/hydra/compare/v0.10.0-alpha.4...v0.10.0-alpha.5) (2017-10-05)
scripts: make run-deploy executable
### Unclassified
* Make run-deploy executable ([5661c3e](https://github.com/ory/hydra/commit/5661c3ea7a7ede5519ca7c8e9cabdfc1b91f821c))
# [0.10.0-alpha.4](https://github.com/ory/hydra/compare/v0.10.0-alpha.3...v0.10.0-alpha.4) (2017-10-05)
travis: move deploy scripts to its own file
This is required because before_deploy is ran twice if multiple providers exist, see https://github.com/travis-ci/travis-ci/issues/2570
### Unclassified
* Move deploy scripts to its own file ([90d1086](https://github.com/ory/hydra/commit/90d1086fda373024273574136c0b44c252166bd3)):
This is required because before_deploy is ran twice if multiple providers exist, see https://github.com/travis-ci/travis-ci/issues/2570
* Skip cpu intense jwk generation in short mode ([2c4539b](https://github.com/ory/hydra/commit/2c4539bc016197b3fcc7641181bc1b360181ecfb))
# [0.10.0-alpha.3](https://github.com/ory/hydra/compare/v0.10.0-alpha.2...v0.10.0-alpha.3) (2017-10-05)
travis: resolve deployment issues
### Unclassified
* Resolve deployment issues ([c93dcdb](https://github.com/ory/hydra/commit/c93dcdbf9ca30534e8bb8e79e5af81e951d56fc8))
# [0.10.0-alpha.2](https://github.com/ory/hydra/compare/v0.10.0-alpha.1...v0.10.0-alpha.2) (2017-10-05)
travis: resolve deployment issues
### Documentation
* Fix sdk links ([26a29ef](https://github.com/ory/hydra/commit/26a29ef66dcbe40c8cee81aec8113bb101bb7f00))
### Unclassified
* Re-add goveralls ([945a3b4](https://github.com/ory/hydra/commit/945a3b475289a48bb08e080d9dff038a19fa90bc))
* Remove deprecated http manager ([6dc05a4](https://github.com/ory/hydra/commit/6dc05a4de6123c14975bb7e0a91ae861ee7cf519))
* Resolve deployment issues ([39c02c6](https://github.com/ory/hydra/commit/39c02c699dd32b2cadc0243c62062400081c6659))
# [0.10.0-alpha.1](https://github.com/ory/hydra/compare/v0.9.13...v0.10.0-alpha.1) (2017-10-05)
docker: update to go 1.9 and update compose.yml
### Documentation
* Add API version note ([ac169d5](https://github.com/ory/hydra/commit/ac169d5eb4af9a9fec4a51575dbf31240338bf20))
* Add wildcard scope strategy documentation ([cff04d7](https://github.com/ory/hydra/commit/cff04d700931e7fb56264a798ebc5a29510026e5))
* Clarify tls termination functionality ([703f2c8](https://github.com/ory/hydra/commit/703f2c8fe35819d88fd3d4bf6b098cdc87575ff8))
* Clean up stale contribute.md ([0c458d3](https://github.com/ory/hydra/commit/0c458d30eac97489df873cf5527a4b26dd804163))
* Document go and js sdk ([c20a461](https://github.com/ory/hydra/commit/c20a4614a7e9a94118b8078bb1959686833068f7))
* Document go sdk ([4c40a48](https://github.com/ory/hydra/commit/4c40a485dc9b26d2f5396888452a7c162e7ed59b))
* Fix exists -> exits typo ([2e7d02b](https://github.com/ory/hydra/commit/2e7d02be90dffae7c08cab48991563f7b5d0d6e2))
* Improve 0.10.0 history ([b99e7ac](https://github.com/ory/hydra/commit/b99e7ace58d68ee6fabdb3ba46f8c1bf4f398a3c))
* Link history.md to new consent flow section ([6004275](https://github.com/ory/hydra/commit/6004275fc07e3d205ef2895dce16adbfd44a801e))
* Notify upgrades of scope change ([9ab6d97](https://github.com/ory/hydra/commit/9ab6d9700a13da112613ac956cec27fc717669a2))
* Remove consent jwk hints ([1dd4b67](https://github.com/ory/hydra/commit/1dd4b67911e2892369eb9cc69249b522e224a506))
* Remove old resources ([39801ea](https://github.com/ory/hydra/commit/39801ea40d6f0c672e18d188b588a309df4d53fe))
* Scopes are now wildcard matches ([df9ae75](https://github.com/ory/hydra/commit/df9ae75b282ce1b7225ac46ecda87cada3695fcc))
* Write docs on new consent flow ([e6f014b](https://github.com/ory/hydra/commit/e6f014b0f39251092f2b956396586833e1899a8a))
* Write down changes to history.md ([fb4935a](https://github.com/ory/hydra/commit/fb4935a1b44f1a6c808faf8370bfe4d355e60e00))
### Unclassified
* sdk/js: set version to latest to prevent accidental publish ([8991798](https://github.com/ory/hydra/commit/8991798cc6272963f621e985b756637865531b4a))
* sdk/go: add helpers for oauth2 configuration ([44194be](https://github.com/ory/hydra/commit/44194bee6041e775df176c94be0438a1894d7012))
* docs/sdk: link sdk docs to readme files ([bcb5459](https://github.com/ory/hydra/commit/bcb5459399a12f92d8b82f5066e521df699e8549))
* sdk/js: officially publish nodejs sdk ([c007c78](https://github.com/ory/hydra/commit/c007c78001b063684b170d8632b5238405bfcc3e))
* sdk/go: write interfaces for APIs & responses ([3785212](https://github.com/ory/hydra/commit/3785212d002bdf6c83626cf1f9d0fc6e1396e769)), closes [#593](https://github.com/ory/hydra/issues/593)
* warden/group: refactor group sdk and group management interface ([7366b1e](https://github.com/ory/hydra/commit/7366b1ec15e5c4d0e2a5baaf691566d71a54e20e))
* cmd/cli: implement policy handler based on swagger client ([fbdd4eb](https://github.com/ory/hydra/commit/fbdd4ebd9bc27d211939910fd02886ce0cb0f67f))
* cmd/cli: fake-tls-termination and refactoring errors checks ([4486d4c](https://github.com/ory/hydra/commit/4486d4cb718df042136e3dbc47d50405dad58afe))
* cmd/client: use new sdk for client cli ([e941e0e](https://github.com/ory/hydra/commit/e941e0e888ed424837060bedee0c73a89a351043))
* sdk/go: switch to resty master for oauth2 compatibility ([9692e9f](https://github.com/ory/hydra/commit/9692e9f0d63f69e8f2868cc84614290052d464ff))
* sdk/go: move go sdk to appropriate package ([3633b90](https://github.com/ory/hydra/commit/3633b905e03c6db04cadd09d187a36640c93d783))
* cmd/cli: typo connection -> policy (#592) ([94eb5ac](https://github.com/ory/hydra/commit/94eb5acf146f75f8cd125b81a0b017e574e2ca04)), closes [#592](https://github.com/ory/hydra/issues/592) [#583](https://github.com/ory/hydra/issues/583)
* Adapt to new consent manager ([6c5a7bb](https://github.com/ory/hydra/commit/6c5a7bb5fbc19e81d4cf251293524c944c5406d4))
* Add go-resty to glide dependencies ([5805e69](https://github.com/ory/hydra/commit/5805e69c490f098a52b195812dc92b92b0f1de6c))
* Add gofmt testing ([4ca7780](https://github.com/ory/hydra/commit/4ca77807e014494bbfe09a8a28ae3f0edcb04862))
* Add hydra to swagger tags ([b6c01d5](https://github.com/ory/hydra/commit/b6c01d5c37a44a8059ed2ef009e3298af0232216))
* Add memory manager instantiator ([4f77e67](https://github.com/ory/hydra/commit/4f77e67cfffe15e8ab85da36259209044bf749a2))
* Add node and go SDK from swagger codegen ([a6e4809](https://github.com/ory/hydra/commit/a6e480927e1d97a555adbe0f66ec292685fa333b))
* Add short mode for tests ([fa46211](https://github.com/ory/hydra/commit/fa4621117028a502f0b70ad8adfec21057253fb7))
* Add swagger codegen cli to repo ([b1484f5](https://github.com/ory/hydra/commit/b1484f549dd51baf7890df07a5199d41425d8f1f))
* Allow redirects in resty client ([b703388](https://github.com/ory/hydra/commit/b703388498539ca26151b95b54e5ef5516e00aa5))
* Appropriately handle client secret responses ([96df498](https://github.com/ory/hydra/commit/96df49822b1dbce648f324ee699f2ec93bbaea46))
* Clean up sdk tests ([c026f4b](https://github.com/ory/hydra/commit/c026f4b8958c1e0b08907b73c8827fddc6d94823))
* Finalize SDK tests ([cc970d9](https://github.com/ory/hydra/commit/cc970d96e17e4033ffb7c0fa4cfce12d9c3fecaa))
* Finalize tests and format ([fcb14db](https://github.com/ory/hydra/commit/fcb14dbae7c1203b1a159909c484e88cd63e9e5c))
* Fix binary building ([#596](https://github.com/ory/hydra/issues/596)) ([22ca5b8](https://github.com/ory/hydra/commit/22ca5b8c6f7ccae9c3347ac30280bb381dcda1f8))
* Force linefeed ([653f175](https://github.com/ory/hydra/commit/653f1758d5ecbc9902d3ba477888c6b5fae43307))
* Force linefeed on windows ([7943f59](https://github.com/ory/hydra/commit/7943f594a6d81f419d4b8bf6aaf8fbc2623c78bd))
* Force swagger array type in list response ([a440d8a](https://github.com/ory/hydra/commit/a440d8a809a8bcf40a9235b63946e70723297299))
* Implement policy sdk and tests based on swagger ([c47d8d1](https://github.com/ory/hydra/commit/c47d8d12042b8155ea16bc3bb15e64e5ec06388f))
* Implement swagger based SDK and write tests ([433e57c](https://github.com/ory/hydra/commit/433e57c251fe4c6f33aa1934518e530b96b62711))
* Implement swagger-based sdk ([7837071](https://github.com/ory/hydra/commit/783707175b9b8f0fcf7401a13086634b00ab775e))
* Implement swagger-based sdk ([87b893e](https://github.com/ory/hydra/commit/87b893e77fb695436ddb768bd0f52cc8a5083bec))
* Improve scripts ([b9bb146](https://github.com/ory/hydra/commit/b9bb1468f25fbed65c38217adf304c3bd57d49d6))
* Improve swagger definitions ([0c05da3](https://github.com/ory/hydra/commit/0c05da3d712d9ab47f826d98f53e67904b8b50d8))
* Improve swagger documentation of all modules ([6fe4bb2](https://github.com/ory/hydra/commit/6fe4bb2996a3ff2afcd325e712ae283a7bcf28cb))
* Improve swagger spec and generate/test client for revoke ([412667b](https://github.com/ory/hydra/commit/412667bd1652fe0f2c4254b1df7353ce8ef72980))
* Make scripts executable ([989bfce](https://github.com/ory/hydra/commit/989bfceecd1491aa5070ce9e6c5bf12e1322a1a5))
* Move sdk one directory down ([364cd90](https://github.com/ory/hydra/commit/364cd90f404476faecf34f0dd78e5d3eacf34c90))
* Ran gofmt and goimports ([57fdfe9](https://github.com/ory/hydra/commit/57fdfe95ea09d95184693566a8e4fca55c5e7567))
* Reduce tags to one and clean up sdk ([8fcc8cb](https://github.com/ory/hydra/commit/8fcc8cb2510cf434062aa89147e096ad6dabd7e3))
* Remove obsolete http manager ([81bfdf2](https://github.com/ory/hydra/commit/81bfdf2c4bc0099e408257ee6dc3ce6113f94499))
* Remove outdated consent helper ([5d29fda](https://github.com/ory/hydra/commit/5d29fda7bb2dd26a47b9c4e88c6e8f6962637726))
* Remove payload from warden token response name ([2dcee12](https://github.com/ory/hydra/commit/2dcee12112d24e799d940b20f9360dbded7706e6))
* Remove swagger-codegen jar from git ([94bd5bd](https://github.com/ory/hydra/commit/94bd5bd84bd4fb453183b2c64117afcef3f5f886))
* Rename audience to client_id/clientId ([6c51606](https://github.com/ory/hydra/commit/6c51606a1801575e487a0c5a36d6bcdfac4cc660)), closes [#595](https://github.com/ory/hydra/issues/595)
* Replace HierarchicScopeStrategy with WildcardScopeStrategy ([a62b9f9](https://github.com/ory/hydra/commit/a62b9f912811f4f7ff5007444974cdf96e7daec5)), closes [#550](https://github.com/ory/hydra/issues/550)
* Replace jwk-based with http-based consent flow ([fc3ee34](https://github.com/ory/hydra/commit/fc3ee34e68ccffc506dcb9cf26f3f864ccb93b82)), closes [#578](https://github.com/ory/hydra/issues/578)
* Replace pkg.AssertError with testify error checks ([8560a1c](https://github.com/ory/hydra/commit/8560a1ce35311e3bb7bcfca9cca21495e03e5bc1))
* Replace response shorthands with more readable names ([becafd0](https://github.com/ory/hydra/commit/becafd06ef6db93d362aaeda65055a489ac1e6ad))
* Resolve failing test ([e600d28](https://github.com/ory/hydra/commit/e600d28164ba12e25b247de7f7831bceec8ba4d9))
* Resolve race issue ([adf99e0](https://github.com/ory/hydra/commit/adf99e0e5bded464bb557505d8a8b428d8e16ecf))
* Return array instead of object on list endpoint ([b4faac6](https://github.com/ory/hydra/commit/b4faac659e3ab9145ea8cd64ce729ce6608155fb))
* Return consent deny reason to oauth2 initiator ([a835a54](https://github.com/ory/hydra/commit/a835a54610c2f4982a880e73b828175a07e596ac))
* Revert audience changes ([1754b6f](https://github.com/ory/hydra/commit/1754b6ff163568128196e25fdfb8a47bf810e248))
* Run gofmt ([459b6f5](https://github.com/ory/hydra/commit/459b6f53de1efa11f86838d32dafbfc59f28eef5))
* Run gofmt ([b786e70](https://github.com/ory/hydra/commit/b786e7055da02cc4e527793583cb5663f06189fe))
* Scripts now format sdk files as well ([cf5ab6b](https://github.com/ory/hydra/commit/cf5ab6be49c1fd863f4fc85d5c9d3c64d17786b8))
* Update format script ([2c79a31](https://github.com/ory/hydra/commit/2c79a315506f652a539bf9ddc2a4aa4fd0f851bf))
* Update fosite dependency ([463314e](https://github.com/ory/hydra/commit/463314e8236cf37baf874293437b7d9b26c9effa))
* Update glide.lock ([89fa18e](https://github.com/ory/hydra/commit/89fa18e0752360ac8d869fcab48cf98139e3bf88))
* Update scripts and format code ([5b9c7f8](https://github.com/ory/hydra/commit/5b9c7f84b27a9d4a0e6b5dba6503e7eb14ad1c47))
* Update sdk definitions ([b5109f8](https://github.com/ory/hydra/commit/b5109f80afa019e6266da63de7114c8e377aa8cc))
* Update sdk generator script ([c99e401](https://github.com/ory/hydra/commit/c99e401c37023894cf21b1ed18319da59bb1810b))
* Update swagger definitions ([d43a594](https://github.com/ory/hydra/commit/d43a59464364c4affb4abe7b0e224cf6a94b0da2))
* Update swagger definitions ([52e83a8](https://github.com/ory/hydra/commit/52e83a848d5b4d9b6ec83dfac55ac4a3f138119b))
* Update swagger definitions and codegens ([97636bf](https://github.com/ory/hydra/commit/97636bf6d92bb259aa1f510f6fd305d14e2b56f3))
* Update swagger definitions and combine in hydra interface ([5a27d4b](https://github.com/ory/hydra/commit/5a27d4bf126126e65a736f9f32004f5aaebd59fe))
* Update swagger definitions and fix failing tests ([92fe6bb](https://github.com/ory/hydra/commit/92fe6bbece4680448a9fc2cdcc80ed00504d5ac3))
* Update swagger location ([dc9738c](https://github.com/ory/hydra/commit/dc9738c40fac7b8fe3b0ba83ba489eb432ed6060))
* Update to fosite 0.11.0 ([d0a7e77](https://github.com/ory/hydra/commit/d0a7e775ad8581ad10e47b18d0501353c63028ae)), closes [#460](https://github.com/ory/hydra/issues/460) [#550](https://github.com/ory/hydra/issues/550) [#556](https://github.com/ory/hydra/issues/556)
* Update to go 1.9 and update compose.yml ([f8dd4a1](https://github.com/ory/hydra/commit/f8dd4a16e921b5cb798e7e1bc15867ab7ddb8863))
* Write swagger docs ([635d0a1](https://github.com/ory/hydra/commit/635d0a1cce6f2dcf28796569d8221de47570522a))
* Write test for handling consent deny ([df5f415](https://github.com/ory/hydra/commit/df5f4152fee71f74a6c6f396008f1aa290d3ea34)), closes [#597](https://github.com/ory/hydra/issues/597)
* Write test for swagger codegen sdk ([c71c1e7](https://github.com/ory/hydra/commit/c71c1e7ccd745b1e77d06c85fb71fde428e22aad))
# [0.9.13](https://github.com/ory/hydra/compare/v0.9.12...v0.9.13) (2017-09-26)
health: disable TLS restriction for health check (#587)
Removes TLS restriction on health endpoint when termination is set - closes #586
### Documentation
* Install.md port typo ([#566](https://github.com/ory/hydra/issues/566)) ([5a4325d](https://github.com/ory/hydra/commit/5a4325dd3c9cf3131daea3623af752338a56d8cd))
* Update banner ([df91ba6](https://github.com/ory/hydra/commit/df91ba61132af56c2e86859bec75afd3335c251e))
* Update banner in readme ([3a78859](https://github.com/ory/hydra/commit/3a788595af3a2227b8b6ccec20b60f3108227c91))
* Update banner in readme ([87999b1](https://github.com/ory/hydra/commit/87999b1287d1ad3c3963489045d5d26689c8fe67))
* Update gatekeeper section ([53f7d64](https://github.com/ory/hydra/commit/53f7d6471beea4496995cba6bb3b8f9497ff6677))
* Update readme ([2f0ccb9](https://github.com/ory/hydra/commit/2f0ccb910dee3015498fa008ef6a547fd4000c9a))
* Update readme ([f831da8](https://github.com/ory/hydra/commit/f831da8983d5f40900c32867e07870e7b043d5b8))
* Update readme ([f53e0f2](https://github.com/ory/hydra/commit/f53e0f26ba2d148db0d813335be75d0f153c5a78))
* Update readme ([c94ba07](https://github.com/ory/hydra/commit/c94ba07f251af90e800e1d0fb50c0805ba473e75))
### Unclassified
* Update README.md ([12bb9c3](https://github.com/ory/hydra/commit/12bb9c3383b3483fd0fb6964a82433b8b85e3f0e))
* Update README.md ([d55bf91](https://github.com/ory/hydra/commit/d55bf91c97831467380175acce63f475d992bfec))
* Update README.md ([4569f1b](https://github.com/ory/hydra/commit/4569f1bf366f8a0ddca4d203700d7564f1c715a2))
* Update README.md ([478a19d](https://github.com/ory/hydra/commit/478a19d02ede85b6e80248d2ec846d62cc5f0b8e))
* `token user` should use clusterurl instead of empty string ([#582](https://github.com/ory/hydra/issues/582)) ([89d429e](https://github.com/ory/hydra/commit/89d429e728990be047aad273669e3d9cd2a27e07)), closes [#581](https://github.com/ory/hydra/issues/581)
* Disable TLS restriction for health check ([#587](https://github.com/ory/hydra/issues/587)) ([b1169ad](https://github.com/ory/hydra/commit/b1169aded753a357666864c983fb588e5e8cc4c6)), closes [#586](https://github.com/ory/hydra/issues/586)
* Give meaningful hint when subject claim is empty ([#554](https://github.com/ory/hydra/issues/554)) ([3f01ff8](https://github.com/ory/hydra/commit/3f01ff816a53014a9b73cfc564918f7f2ebc44de)), closes [#460](https://github.com/ory/hydra/issues/460)
* Update to ladon 0.8.2 ([#570](https://github.com/ory/hydra/issues/570)) ([c2adce2](https://github.com/ory/hydra/commit/c2adce237d6701af5beb8c5b2dec850446babee4))
* Update various dependencies ([#579](https://github.com/ory/hydra/issues/579)) ([f4176a6](https://github.com/ory/hydra/commit/f4176a6f61b06aeb320cca7938f788fbfb42add8)), closes [#571](https://github.com/ory/hydra/issues/571)
# [0.9.12](https://github.com/ory/hydra/compare/v0.9.11...v0.9.12) (2017-07-06)
vendor: update glide lock
### Documentation
* Fix typo in tutorial ([#547](https://github.com/ory/hydra/issues/547)) ([dc98708](https://github.com/ory/hydra/commit/dc98708d7c57cab5d120a25329cab2ae14d457d1))
* Hydra container doesn't include bash ([#548](https://github.com/ory/hydra/issues/548)) ([e837bba](https://github.com/ory/hydra/commit/e837bba5aa5ecce8dc7995b6b84f6ecaad60455f))
* Move install section on top of security in toc ([97c2237](https://github.com/ory/hydra/commit/97c2237b72ba34190076183e77610bca680161f6))
* Update badge alignment ([1d41a50](https://github.com/ory/hydra/commit/1d41a50ed52752aa93aff354d85b4b4d6c9c1f8d))
* Update badges, install guide and tutorial ([#545](https://github.com/ory/hydra/issues/545)) ([07a7fdd](https://github.com/ory/hydra/commit/07a7fdd961176aeefef92f11531e9b18395a49de)):
* docs: update badges in readme
* docs: update install guide and tutorial
* Update header ([50aa87b](https://github.com/ory/hydra/commit/50aa87bfd507ff52c469f13f2623507792102640))
* Update ocs section ([e0fe736](https://github.com/ory/hydra/commit/e0fe7360ad975eb3a8b9713fe5644ed3a5bf769a))
* Update ocs section in the reademe ([4622f97](https://github.com/ory/hydra/commit/4622f9733411750364c13cf8add1a347eff2e9e8))
### Unclassified
* cmd/token/user: fix auth and token-url mixup ([34d8404](https://github.com/ory/hydra/commit/34d840408a67fe2c608a607b4b1b294113e746d0))
* Gofmt -w -s ([13c6915](https://github.com/ory/hydra/commit/13c6915a001555d1d4fcb6d4699371a8fef62d5a))
* Refresh tokens are no longer proof of authZ ([d38dcf3](https://github.com/ory/hydra/commit/d38dcf38d7dffb1d51bbfdc071b80a5df3ca1e41)), closes [#549](https://github.com/ory/hydra/issues/549)
* Resolve broken import ([9efe853](https://github.com/ory/hydra/commit/9efe8533f35380896e68f1292b10d0db6c2d77a6))
* Resolve logrus case mess ([b480a3e](https://github.com/ory/hydra/commit/b480a3ea2eac16cdf573aab7c7785e902950a88c))
* Update glide lock ([4651a23](https://github.com/ory/hydra/commit/4651a2303a695ed79955ae64ec9fd7e5dc697906))
# [0.9.11](https://github.com/ory/hydra/compare/v0.9.10...v0.9.11) (2017-06-30)
docs: added step-by-step install guide
### Documentation
* Add issue template ([749dd2e](https://github.com/ory/hydra/commit/749dd2e76eb7d80938f5a981e1b2b310d6a635ca))
* Add pr tempalte ([9f15309](https://github.com/ory/hydra/commit/9f15309025e2a994cf8f5e41fd3ad7d5ecbd734e))
* Add product teasers ([#543](https://github.com/ory/hydra/issues/543)) ([32c0c14](https://github.com/ory/hydra/commit/32c0c14e0223ef89cbcf4c6f3c3fd9746e856cf4))
* Added step-by-step install guide ([9268e02](https://github.com/ory/hydra/commit/9268e02b295a090e147d65a7615a5154beafc2e0))
### Unclassified
* cmd/token/user: cluster is now auth-url/token-url ([705b473](https://github.com/ory/hydra/commit/705b47337b3b273a908ebca6b34540fa31d07330))
* Create CODE_OF_CONDUCT.md ([c689e33](https://github.com/ory/hydra/commit/c689e33ab953a2456bc54f24b4acb96102521057))
* Update PULL_REQUEST_TEMPLATE.md ([42f5eeb](https://github.com/ory/hydra/commit/42f5eeb1c9d4d66769e1b6f6b72e0addcdd3bb58))
* Update ISSUE_TEMPLATE.md ([8b5ff5f](https://github.com/ory/hydra/commit/8b5ff5fa1f9e012338cc1159a376073caa93670f))
* Remove skip-tls-verify warning ([e30b3c3](https://github.com/ory/hydra/commit/e30b3c35e7ffd35e68c094ef8e538a213422931a))
* Return "ok" response instead of 204 ([888ec56](https://github.com/ory/hydra/commit/888ec56f9cd767c1a815bfc2f9e7ecbf87f2e672))
# [0.9.10](https://github.com/ory/hydra/compare/v0.9.9...v0.9.10) (2017-06-29)
vendor: update fosite to remove forced nonce (#542)
### Documentation
* Clarify health check section in install ([57022eb](https://github.com/ory/hydra/commit/57022ebf1b6d9ef688ce33d805735e9c064e4a99))
* Update "Build from source" section to actual state ([#534](https://github.com/ory/hydra/issues/534)) ([10ff151](https://github.com/ory/hydra/commit/10ff1510ab5933dca5c4c333721090181b0dd7f8))
* Update install.md ([5d1bd50](https://github.com/ory/hydra/commit/5d1bd50bafb44ed08b859fd9620c78118119640c))
### Unclassified
* cmd/host: move status info to dedicated endpoint ([b872f0b](https://github.com/ory/hydra/commit/b872f0baf03c642dbd9985cd75f4158eccc58251)), closes [#532](https://github.com/ory/hydra/issues/532)
* Form-urldecode authorization basic header ([#537](https://github.com/ory/hydra/issues/537)) ([0868e80](https://github.com/ory/hydra/commit/0868e80a48be0276e4e2b648242f4647be3107c9)), closes [#536](https://github.com/ory/hydra/issues/536)
* Update fosite to remove forced nonce ([#542](https://github.com/ory/hydra/issues/542)) ([1e2ad84](https://github.com/ory/hydra/commit/1e2ad8460d61d7f020801815c9fe68d12bc8fd6a))
# [0.9.9](https://github.com/ory/hydra/compare/v0.9.8...v0.9.9) (2017-06-17)
cmd: add test for get handler
### Unclassified
* cmd/policy/create: exit on error - closes #527 ([4fd7e9d](https://github.com/ory/hydra/commit/4fd7e9d2a8bb96109d422c2112a955339db4d4d0)), closes [#527](https://github.com/ory/hydra/issues/527)
* cmd/cli/client: added get handler ([075b4c2](https://github.com/ory/hydra/commit/075b4c2051acef05ea5e32271219ec8a6cf8462c))
* Add test for get handler ([bb31d76](https://github.com/ory/hydra/commit/bb31d763f174ae79c355950dacc632c9105dcea9))
# [0.9.8](https://github.com/ory/hydra/compare/v0.9.7...v0.9.8) (2017-06-17)
oauth2: resolve session issue with deep nested session
Closes #512
### Documentation
* Add consent app client guidance to faq ([6abd26d](https://github.com/ory/hydra/commit/6abd26d8e1684d3c389df81aeffdc2bd9b744ef6))
### Unclassified
* Added failing test case for [#512](https://github.com/ory/hydra/issues/512) ([0f98e88](https://github.com/ory/hydra/commit/0f98e88a1ba5f14da8340bb0db0caa9fc58413c7))
* Resolve session issue with deep nested session ([a89a470](https://github.com/ory/hydra/commit/a89a470b993904804f4143f24301ef09bc4620e0)), closes [#512](https://github.com/ory/hydra/issues/512)
* Update to ladon 0.8.0 - closes [#503](https://github.com/ory/hydra/issues/503) ([#528](https://github.com/ory/hydra/issues/528)) ([23902a0](https://github.com/ory/hydra/commit/23902a0b173775fb746ac35288d9cee5a5352031))
# [0.9.7](https://github.com/ory/hydra/compare/v0.9.6...v0.9.7) (2017-06-16)
cmd/server: supply admin client policy with id
### Documentation
* Update engineer membership typos ([0ca54de](https://github.com/ory/hydra/commit/0ca54de802a0540745516453424e2656bdd26e08))
* Update readme to reflect issuer change ([429fd0a](https://github.com/ory/hydra/commit/429fd0aac8fc242361bf82f993781cd9e2851e1f))
### Unclassified
* cmd/server: supply admin client policy with id ([1ff9838](https://github.com/ory/hydra/commit/1ff9838896d17f101367e54c136432d5c02c533d))
# [0.9.6](https://github.com/ory/hydra/compare/v0.9.5...v0.9.6) (2017-06-15)
all: add ability to load database connectors from plugins
### Unclassified
* Add ability to load database connectors from plugins ([f64771f](https://github.com/ory/hydra/commit/f64771f8a8ffd42d45013d43d75e9ed204a9e16f))
# [0.9.5](https://github.com/ory/hydra/compare/v0.9.4...v0.9.5) (2017-06-15)
vendor: upgrade ladon to 0.7.7 (#523)
### Unclassified
* Upgrade ladon to 0.7.7 ([#523](https://github.com/ory/hydra/issues/523)) ([d18c68a](https://github.com/ory/hydra/commit/d18c68ab21afc730d780167437a60f03b14f01c2))
# [0.9.4](https://github.com/ory/hydra/compare/v0.9.3...v0.9.4) (2017-06-14)
all: improve test exports (#521)
### Documentation
* Improve faq section ([2de9bd8](https://github.com/ory/hydra/commit/2de9bd87d7c66c8cbd1de86414106166b31332cf))
* Start writing faq from gitter ([#504](https://github.com/ory/hydra/issues/504)) ([8e9ca61](https://github.com/ory/hydra/commit/8e9ca610e2c02aa09c3a0299e2f96bc1d5088689))
### Unclassified
* Improve test exports ([#521](https://github.com/ory/hydra/issues/521)) ([b40e879](https://github.com/ory/hydra/commit/b40e87906c3e43bf04fe8a8198c5d085a85676ad))
* Resolve issuer test issue ([#522](https://github.com/ory/hydra/issues/522)) ([d91305b](https://github.com/ory/hydra/commit/d91305baece8a14e7d6d39fca8b064a4e956be31))
# [0.9.3](https://github.com/ory/hydra/compare/v0.9.2...v0.9.3) (2017-06-14)
oauth2: use issuer-prefixed auth URL in challenge redirect (#509)
In order to support running Hydra with a different path prefix behind
a proxy, issue a challenge token with an issuer-prefixed auth redirect
URL instead of the URL received with the auth request.
Signed-off-by: Wyatt Anderson <wanderson@gmail.com>
### Documentation
* Add sponsor section ([3675cf8](https://github.com/ory/hydra/commit/3675cf84ccae50e1fe165f48b106558644081c2d))
* Update to latest go-swagger compatibility ([fa46dbd](https://github.com/ory/hydra/commit/fa46dbdee7a6d857037cab5c66d5352e31c5f727))
### Unclassified
* Add tests for refresh token grant ([8af0df5](https://github.com/ory/hydra/commit/8af0df57c86e1b164e2407f45dc34a7756781540))
* Export test helpers ([#518](https://github.com/ory/hydra/issues/518)) ([c65ae77](https://github.com/ory/hydra/commit/c65ae77c7d48624a8331b516b245145ee05a934f))
* Resolve failing test and data race ([#501](https://github.com/ory/hydra/issues/501)) ([ab573c8](https://github.com/ory/hydra/commit/ab573c84c7dda38de075706916b0a1e730c884d5))
* Resolve potential data race ([#520](https://github.com/ory/hydra/issues/520)) ([d7ef3a5](https://github.com/ory/hydra/commit/d7ef3a5b17c54096155f52492f7901b27c75cf8a))
* Use issuer-prefixed auth URL in challenge redirect ([#509](https://github.com/ory/hydra/issues/509)) ([688103c](https://github.com/ory/hydra/commit/688103c7ffc59b7012c606f2c7c375f12337c35f)):
In order to support running Hydra with a different path prefix behind
a proxy, issue a challenge token with an issuer-prefixed auth redirect
URL instead of the URL received with the auth request.
# [0.9.2](https://github.com/ory/hydra/compare/v0.9.1...v0.9.2) (2017-06-13)
cmd/server: print full error message on http startup (#514)
Towards #513
### Unclassified
* cmd/server: print full error message on http startup (#514) ([b5cb0c6](https://github.com/ory/hydra/commit/b5cb0c690e53605cb42f34ef4bc02276fd6846e6)), closes [#514](https://github.com/ory/hydra/issues/514) [#513](https://github.com/ory/hydra/issues/513)
# [0.9.1](https://github.com/ory/hydra/compare/v0.9.0...v0.9.1) (2017-06-12)
client: export tests (#510)
### Unclassified
* Add auto migration image ([#502](https://github.com/ory/hydra/issues/502)) ([62eb355](https://github.com/ory/hydra/commit/62eb3557622337d7726193ba1c582ed9ce5bb862))
* Export tests ([#510](https://github.com/ory/hydra/issues/510)) ([e6920d3](https://github.com/ory/hydra/commit/e6920d3029a5c0b5166101a355348bffd626c17d))
* Improve metrics ([#508](https://github.com/ory/hydra/issues/508)) ([163b439](https://github.com/ory/hydra/commit/163b4393d0751d28a257ecdf2c044e5dfdbd679c))
# [0.9.0](https://github.com/ory/hydra/compare/v0.8.7...v0.9.0) (2017-06-07)
metrics: add metrics and telemetry package (#500)
### Documentation
* Add FAQ on missing migrate in docker image ([#498](https://github.com/ory/hydra/issues/498)) ([6f38157](https://github.com/ory/hydra/commit/6f38157f076eb2f258dd98dbf7ccc8a585d6ec30)), closes [#484](https://github.com/ory/hydra/issues/484)
* Add scopes to oauth2 ([#495](https://github.com/ory/hydra/issues/495)) ([8b412fc](https://github.com/ory/hydra/commit/8b412fc0acfb550ea9cd96e23e1f4fb3073a5cea))
### Unclassified
* warden/group: add rollback to transactions (#494) ([6feffb2](https://github.com/ory/hydra/commit/6feffb2a094e2f265772fa6e7baad4142fac7f86)), closes [#494](https://github.com/ory/hydra/issues/494)
* Add metrics and telemetry package ([#500](https://github.com/ory/hydra/issues/500)) ([a04e6f2](https://github.com/ory/hydra/commit/a04e6f2f1b2f748e0ed762375ec65204a326dd7b))
* Add simple example of hydra sdk ([#499](https://github.com/ory/hydra/issues/499)) ([4d3a6ad](https://github.com/ory/hydra/commit/4d3a6adf0b0c880c93aff1d20a1237b7fe349b06)), closes [#358](https://github.com/ory/hydra/issues/358)
* Upgrade to ladon 0.7.4 - closes [#350](https://github.com/ory/hydra/issues/350) ([#497](https://github.com/ory/hydra/issues/497)) ([874c62d](https://github.com/ory/hydra/commit/874c62d984a4202c0ffe61295c1194cfc4da87f3))
# [0.8.7](https://github.com/ory/hydra/compare/v0.8.6...v0.8.7) (2017-06-05)
client/manager_sql: return an empty slice if string is empty (#491)
Signed-off-by: Mohamedh Fazal <mohamedhfazal@gmail.com>
### Unclassified
* client/manager_sql: return an empty slice if string is empty (#491) ([e88fdb7](https://github.com/ory/hydra/commit/e88fdb7d5f42bdca5d6a3cef0eb95103d2dd3721)), closes [#491](https://github.com/ory/hydra/issues/491)
* oauth2/introspect>: resolve 401 on invalid token (#492) ([9e0cb23](https://github.com/ory/hydra/commit/9e0cb23dda77d88062a152c2e8b63968c4b2119e)), closes [#492](https://github.com/ory/hydra/issues/492) [#457](https://github.com/ory/hydra/issues/457)
* Implement --fake-tls-termination flag ([#493](https://github.com/ory/hydra/issues/493)) ([79580e1](https://github.com/ory/hydra/commit/79580e1ea9f28ed0298436dc7f8f0e611e8f5f34))
# [0.8.6](https://github.com/ory/hydra/compare/v0.8.5...v0.8.6) (2017-06-05)
oauth2: allow redirection to client if consent was denied (#489)
* oauth2: allow redirection to client if consent was denied
Closes #371
* oauth2: allow redirection to client if consent was denied
Closes #371
### Documentation
* Add health check to swagger and resolve swagger issues ([#488](https://github.com/ory/hydra/issues/488)) ([ddca997](https://github.com/ory/hydra/commit/ddca997bc6b43efd1ef8f1aee5d78ac246e72877)), closes [#355](https://github.com/ory/hydra/issues/355)
* Added sections on install errors ([6c22c4a](https://github.com/ory/hydra/commit/6c22c4aac8b8047297e0cdbbdf09ca31f9ae394d))
* Update docker instructions in readme ([485f073](https://github.com/ory/hydra/commit/485f073d1db6a80da6fb97f97af794c5657a7200))
* Update swagger definition for warden groups ([#476](https://github.com/ory/hydra/issues/476)) ([401466e](https://github.com/ory/hydra/commit/401466ed9ef3b1cee9c7bb0517635e40318151c9)):
* update swagger group members
* update
Signed-off-by: pbarker <pbarker@datapipe.com>
* swagger update
Signed-off-by: pbarker <pbarker@datapipe.com>
### Unclassified
* oauth2/introspect: send issuer in introspection ([a9f500b](https://github.com/ory/hydra/commit/a9f500b75a3acd6ef00f1dda97d06ce78ab38187)), closes [#399](https://github.com/ory/hydra/issues/399)
* pkg/errors: make ErrNotFound return a status code (#486) ([6688b94](https://github.com/ory/hydra/commit/6688b9439de706b49ddf4d87e75fd7ff4678fbf2)), closes [#486](https://github.com/ory/hydra/issues/486) [#348](https://github.com/ory/hydra/issues/348)
* jwk/handler: nest ac check and resolve stray log message (#487) ([694bf57](https://github.com/ory/hydra/commit/694bf579cf93f7f05f23f1b0f320342a274720ee)), closes [#487](https://github.com/ory/hydra/issues/487) [#271](https://github.com/ory/hydra/issues/271)
* cmd/policies: description is a string field, not slice (#485) ([0f73971](https://github.com/ory/hydra/commit/0f7397124b723eaab3e5fe190c0821a84b9bec4c)), closes [#485](https://github.com/ory/hydra/issues/485) [#472](https://github.com/ory/hydra/issues/472)
* client/manager: remove merging of stored and updated client (#478) ([af88368](https://github.com/ory/hydra/commit/af88368c2f748f2b149cb9623d2ac8e361c6b39d)), closes [#478](https://github.com/ory/hydra/issues/478)
* Allow redirection to client if consent was denied ([#489](https://github.com/ory/hydra/issues/489)) ([48c229b](https://github.com/ory/hydra/commit/48c229b62af56ab16f26e827b221b9e04bb0c077)), closes [#371](https://github.com/ory/hydra/issues/371) [#371](https://github.com/ory/hydra/issues/371):
* oauth2: allow redirection to client if consent was denied
* Update to latest versions ([2f617c5](https://github.com/ory/hydra/commit/2f617c55fff0957c444f806b2b2bf2f20ba17235))
* Update to latest versions ([#482](https://github.com/ory/hydra/issues/482)) ([83118d1](https://github.com/ory/hydra/commit/83118d1df7b8ea224ca07ef23f047f61ca05f8ea)):
* vendor: update to latest versions
* vendor: update to latest versions
* vendor: update to latest versions
* vendor: update to latest versions
# [0.8.5](https://github.com/ory/hydra/compare/v0.8.4...v0.8.5) (2017-06-01)
cmd/server: resolve gorilla session mem leak - closes #461
### Unclassified
* cmd/server: resolve gorilla session mem leak - closes #461 ([baf60d2](https://github.com/ory/hydra/commit/baf60d29d99aae9b5100181374b150075796342f)), closes [#461](https://github.com/ory/hydra/issues/461)
* Fix spelling of challenge ([#471](https://github.com/ory/hydra/issues/471)) ([851fea5](https://github.com/ory/hydra/commit/851fea5020fa1234579147ff42260ed1e5b90fcb))
* Remove unused implicit grant storage ([#469](https://github.com/ory/hydra/issues/469)) ([8acf0f9](https://github.com/ory/hydra/commit/8acf0f9482ceeda7334a876795f2424f3eca8f82))
# [0.8.4](https://github.com/ory/hydra/compare/v0.8.3...v0.8.4) (2017-05-24)
config: connect to cleaned DSN
Closes #464
### Documentation
* Add running hydra in production section ([138c7cd](https://github.com/ory/hydra/commit/138c7cd31a8b0d971dbe8450aa513650e9bccb74))
* Hint to kubernetes helm chart - see [#430](https://github.com/ory/hydra/issues/430) ([69f0c2f](https://github.com/ory/hydra/commit/69f0c2fe8d3fe1001e615da030edf37a0568913b))
* Update jwk resource names in consent app guide ([8f1330b](https://github.com/ory/hydra/commit/8f1330b277d8aff82a09d59e48fcf21495bc790b))
### Unclassified
* Connect to cleaned DSN ([78ea521](https://github.com/ory/hydra/commit/78ea5219e661df5be50e04ad02320ec703682776)), closes [#464](https://github.com/ory/hydra/issues/464)
# [0.8.3](https://github.com/ory/hydra/compare/v0.8.2...v0.8.3) (2017-05-23)
config: remove sql control parameters from dsn before connecting
Closes #464
### Documentation
* Change readme sections and ordering of sponsors ([6e631ab](https://github.com/ory/hydra/commit/6e631ab8b49e8ef174ab578f618615c55f2712ab))
* Update banner ([1ca4780](https://github.com/ory/hydra/commit/1ca478012bd38ff0604d160aa9a1ad0301483378))
* Update ory hydra for enterprise section ([e81bf43](https://github.com/ory/hydra/commit/e81bf43bb071c8064b1e80b9d92817488231be85))
* Update readme header ([4cb2d2f](https://github.com/ory/hydra/commit/4cb2d2f66b4aa6d8e3053c262ea2eb56a2c7188e))
### Unclassified
* Remove sql control parameters from dsn before connecting ([7d6a6e7](https://github.com/ory/hydra/commit/7d6a6e7ad3d89694ea3b2f112ea72265ae8000ec)), closes [#464](https://github.com/ory/hydra/issues/464)
* Resolve issue with offset and limit in policy listing ([#459](https://github.com/ory/hydra/issues/459)) ([9d833a2](https://github.com/ory/hydra/commit/9d833a2ea223191297919a9f842cc40ed31eb2ad))
# [0.8.2](https://github.com/ory/hydra/compare/v0.8.1...v0.8.2) (2017-05-10)
oauth2: add key id to jwt header - closes #433
Signed-off-by: pbarker <pbarker@datapipe.com>
### Unclassified
* Add key id to jwt header - closes [#433](https://github.com/ory/hydra/issues/433) ([0d64c67](https://github.com/ory/hydra/commit/0d64c6792326dfe379a4b995fb1cb9fec128bbaa))
* Adds /.well-known/openid-configuration - closes [#379](https://github.com/ory/hydra/issues/379) ([3769676](https://github.com/ory/hydra/commit/3769676d482bafa66a295e7550010e2414c2f943))
* Improve error message for when database tables are missing ([a0a6ad1](https://github.com/ory/hydra/commit/a0a6ad10fe7c68fb7f3ba64fe3e97ff22af38e73))
# [0.8.1](https://github.com/ory/hydra/compare/v0.8.0...v0.8.1) (2017-05-08)
ci: resolve publishing travis go 1.8
### Continuous Integration
* Resolve publishing travis go 1.8 ([1205c34](https://github.com/ory/hydra/commit/1205c34d2b09555cba8b16ae763a46c9ea1519ae))
# [0.8.0](https://github.com/ory/hydra/compare/v0.7.13...v0.8.0) (2017-05-07)
ci: resolve travis issues
### Continuous Integration
* Resolve travis issues ([b16c0f3](https://github.com/ory/hydra/commit/b16c0f3dc83e1eccb3b37f641e70c690a3c44405))
### Documentation
* ✏️ minor grammar typo in security doc ([#452](https://github.com/ory/hydra/issues/452)) ([ebac781](https://github.com/ory/hydra/commit/ebac781ca6c8fbaebca94ca72504fb63a74b39ff))
* Add faq sections for ropc and mobile ([1170093](https://github.com/ory/hydra/commit/1170093f54799b0b89431e61bb4f7ac3ea4bcafb))
* Add history doc ([85b69b8](https://github.com/ory/hydra/commit/85b69b863f2d2f702ac556d724f418a8487a8fa9))
* Add oauth2 native link ([5cd1253](https://github.com/ory/hydra/commit/5cd1253222964479a91e1c1da6799885be2fc5dc))
* Add offline scope to swagger ([8750718](https://github.com/ory/hydra/commit/87507185f5ebbfe2d8249816355beb98e911e8b3))
* Add scopes docs, move swagger json to yaml ([0fd52b2](https://github.com/ory/hydra/commit/0fd52b2d3aa0d2bcdf76650bc45717977ffe6343))
* Add security section ([5af56c3](https://github.com/ory/hydra/commit/5af56c374cf20b333b519f7d8e4b02029079bf0e))
* Add swagger docs for the client endpoint ([ede8768](https://github.com/ory/hydra/commit/ede87686e94affbdd9fb0a6636323829ff036404))
* Add swagger spec for listing clients ([a9d50cf](https://github.com/ory/hydra/commit/a9d50cf9e0e0457b9bcfbe6b1e275653aa4b6c3d))
* Add who is using it section ([4c7551c](https://github.com/ory/hydra/commit/4c7551cb2bdb44ecdaccf5ad8ff7c8b5a0994c03))
* Beef up security docs ([52c7336](https://github.com/ory/hydra/commit/52c733612a321b8a5db52e6c3de2c30e4433035f))
* Improve client swagger specs and add jwk specs ([c613540](https://github.com/ory/hydra/commit/c6135403d5e738235ba6f1ad2e182f53ecd67dfc))
* Improve documentation ([dcc090d](https://github.com/ory/hydra/commit/dcc090d73b1c03010f81953660e287b2db3cdd56))
* Re-add tutorial on consent app by [@matteosuppo](https://github.com/matteosuppo) ([67ffe33](https://github.com/ory/hydra/commit/67ffe3338aa2958f2846b42da2466a106b68e439))
* Remove rethinkdb from readme ([fb84d5e](https://github.com/ory/hydra/commit/fb84d5ea30b04107fc52a16cd68eb26f57d53897))
* Update security section in readme ([b88abf1](https://github.com/ory/hydra/commit/b88abf1ca6b2f664e68e34078ad62495786ca873))
* Update swagger description ([c536685](https://github.com/ory/hydra/commit/c5366856886be4009fb5c00fbb89585c8e1723a2))
* Update typos in history ([1f898ba](https://github.com/ory/hydra/commit/1f898badcdab9cf9d16b900b64ac876dd3add43b))
### Unclassified
* docker-demo: get dockerfile working again ([d47410e](https://github.com/ory/hydra/commit/d47410ed7c7e7da54e2239fdad6112efb4607910))
* warden/group: fix c&p typos ([7efb71f](https://github.com/ory/hydra/commit/7efb71f582fe0854cdbbfa8034b8023a0c9e1c5f))
* config/sql: implement ability to handle sql parallelism ([d9ae845](https://github.com/ory/hydra/commit/d9ae845d1641f24e7bca29ae9d98698910053c2c))
* Add migrate dummies ([5b2e737](https://github.com/ory/hydra/commit/5b2e737ba546dcaec50bb4aaad809bd14aaf9bd2))
* Added swagger docs for the rest of the apis ([0ebf0ec](https://github.com/ory/hydra/commit/0ebf0ec8cdc9812f22c14afb5295df3fa9e2391f))
* Allow setting SkipTLSVerify option value ([#448](https://github.com/ory/hydra/issues/448)) ([3cfab4e](https://github.com/ory/hydra/commit/3cfab4e914f2575fbb52d7b7b487cd25b6a58931))
* Finalize ladon and logrus changes ([b764c8e](https://github.com/ory/hydra/commit/b764c8e876a03ce22e10a91a0f24ed1b36d87f22))
* Fix typo ([b3a4486](https://github.com/ory/hydra/commit/b3a44863dae04b4620caa90067b7af4148c2e5f5))
* Goimports ([1f65068](https://github.com/ory/hydra/commit/1f650688039cae0e719586205e80944979448bff))
* Goimports ([0985a59](https://github.com/ory/hydra/commit/0985a594e1ed85566ce5f50298524301f8e74a19))
* Goimports ([91dc026](https://github.com/ory/hydra/commit/91dc02628cea1bd9e3b8391024cdc27722f763e0))
* Goimports ([9be2ff3](https://github.com/ory/hydra/commit/9be2ff31645df153c99d0b5d623fecbb1e947c8c))
* Implement better migration handling ([819d4b4](https://github.com/ory/hydra/commit/819d4b40deb1153a26736d92672a2094e40496c5))
* Implement list functionality ([bde0aa6](https://github.com/ory/hydra/commit/bde0aa6ece66466e667a1229b0016114ad99b21a))
* Implement listing policies ([f16cb77](https://github.com/ory/hydra/commit/f16cb7727a58eb4d0047defa0a1e6d2833facf7a))
* Improve openid connect error message - closes [#439](https://github.com/ory/hydra/issues/439) ([dbf2b33](https://github.com/ory/hydra/commit/dbf2b330a39e17d1fcae2500e73945933678a45a))
* Introduce log_format and log_level ([ada626c](https://github.com/ory/hydra/commit/ada626c87c427b5e02a41b3899d1324f9a8aef61))
* Limit maximum open connections, document timeout options through DSN ([fa8d15c](https://github.com/ory/hydra/commit/fa8d15c0870d98b773d1a65e33552f8c4f9b6d0d)), closes [#359](https://github.com/ory/hydra/issues/359)
* Move move most writers in handlers to ory/herodot ([708c1a2](https://github.com/ory/hydra/commit/708c1a2d31e20b60c72800c067e5553259bed377))
* Move move ory-am/ladon to ory/ladon ([e02b017](https://github.com/ory/hydra/commit/e02b01730f55bd2cfcbe80853f8d959b043257eb))
* Move to new ladon structure ([9cae465](https://github.com/ory/hydra/commit/9cae465b5436492951102b1da4d29eb21b1b42af))
* Move to new org ([e912acc](https://github.com/ory/hydra/commit/e912acc3a1d203a1a4e7a3f349c1c7c7c47bf660))
* Move to one logrus instance ([2869ed1](https://github.com/ory/hydra/commit/2869ed16e1e9db7b3fc6cf052a23352ac8124789))
* Reflect ladon memory manager changes ([e3a3837](https://github.com/ory/hydra/commit/e3a38379a42991732e2ffddb7720d95627f35f84))
* Remove context from herodot calls ([ca898d6](https://github.com/ory/hydra/commit/ca898d655bd591018473e283034f5f52ccb000b6))
* Remove graceful ([15ca194](https://github.com/ory/hydra/commit/15ca194e9aaa9222b89cf5a4fd0a99faef67daee))
* Remove redis and rethinkdb adapters ([af52e68](https://github.com/ory/hydra/commit/af52e68cf763df0d6fe9d8340bca9e3d53078fbb))
* Rename GetAll to List ([2313570](https://github.com/ory/hydra/commit/23135702e31e5cf9ce1d3b4a2cae7c7c7f5e99b8))
* Resolve issues with jwk manager ([11da23b](https://github.com/ory/hydra/commit/11da23be72dcd9ff6eb72e96c0044943520d6dd0))
* Resolve remaining test issues ([cb97cd1](https://github.com/ory/hydra/commit/cb97cd184ebe2950e33e9c83c9de79063b7abbd2))
* Resolve test issues ([f7ce565](https://github.com/ory/hydra/commit/f7ce5651690b47884dd0cc479a71d7b8b7f1c1b5))
* Resolve test issues with memory adapter ([2c3c8e3](https://github.com/ory/hydra/commit/2c3c8e36976c74a1038167d513c52cd3b288d178))
* Update glide lockfile ([4fdda53](https://github.com/ory/hydra/commit/4fdda5365f33afdc70a31f54ad1d96b32eb63416))
* Upgrade consent app image ([c95ab53](https://github.com/ory/hydra/commit/c95ab534225a82274070a85828593f3511e26d6a))
* Upgrade glide ([6f696b1](https://github.com/ory/hydra/commit/6f696b1204e82bd47374107a538a1f8b86f0aab8))
* Upgrade glide ([d6b12cc](https://github.com/ory/hydra/commit/d6b12cca93126c1c0ba63aa4bf4252de4773f2b8))
# [0.7.13](https://github.com/ory/hydra/compare/v0.7.12...v0.7.13) (2017-05-03)
vendor: upgrade fosite to resolve regression issue (#446)
### Documentation
* Add Auth0 to sponsor section ([#435](https://github.com/ory/hydra/issues/435)) ([65105f4](https://github.com/ory/hydra/commit/65105f47d0bb907cb94cd5ad9cc896b9b15e2550))
### Unclassified
* Upgrade fosite to resolve regression issue ([#446](https://github.com/ory/hydra/issues/446)) ([a6935c1](https://github.com/ory/hydra/commit/a6935c1c3ecbdbb19f8a9b35536b78cc5d7cb667))
# [0.7.12](https://github.com/ory/hydra/compare/v0.7.11...v0.7.12) (2017-04-30)
herodot: resolve issue with infinite loop caused by certain error chain (#442)
Closes #441
### Unclassified
* Resolve issue with infinite loop caused by certain error chain ([#442](https://github.com/ory/hydra/issues/442)) ([e4284f2](https://github.com/ory/hydra/commit/e4284f244d2b08f5470d81ff8e0bbe9853d6a0f1)), closes [#441](https://github.com/ory/hydra/issues/441)
# [0.7.11](https://github.com/ory/hydra/compare/v0.7.10...v0.7.11) (2017-04-28)
vendor: resolve issues with glide lock file (#438)
### Unclassified
* Resolve issues with glide lock file ([#438](https://github.com/ory/hydra/issues/438)) ([14ad439](https://github.com/ory/hydra/commit/14ad439cae7058dcc79407cd8ba3172d2e08e858))
# [0.7.10](https://github.com/ory/hydra/compare/v0.7.9...v0.7.10) (2017-04-14)
vendor: update redis imports
### Documentation
* Add enterprise edition note to readme ([31954ad](https://github.com/ory/hydra/commit/31954adca194ed1294c97e0c762a56c6e6b6e2df))
* Changes apiary url to current version ([d8ce401](https://github.com/ory/hydra/commit/d8ce401e6d79d7ebe60592484e4c834730694c42))
* Remove references to uname from docs ([#423](https://github.com/ory/hydra/issues/423)) ([842e140](https://github.com/ory/hydra/commit/842e14069cea04d91df649ed191d268e65bf70e5))
* Resolve broken build instructions in readme - closes [#420](https://github.com/ory/hydra/issues/420) ([#421](https://github.com/ory/hydra/issues/421)) ([a209990](https://github.com/ory/hydra/commit/a2099900c41531a36767223269d32166b3c1b4de))
* Update apiary links in readme ([#409](https://github.com/ory/hydra/issues/409)) ([48b0677](https://github.com/ory/hydra/commit/48b0677d8692186cbb718688b070caaf24a34897))
* Update enterprise edition section ([6ebe835](https://github.com/ory/hydra/commit/6ebe8355ac29f2f8d207aed09c602ab58543d52d))
* Update enterprise edition section ([e152ce6](https://github.com/ory/hydra/commit/e152ce6811da95ab8cc21a693b3d2f6d04a0917d))
### Unclassified
* docs/tutorial: update bash command (#412) ([e40db39](https://github.com/ory/hydra/commit/e40db3980e2e24d3514e4eb9cf943de51e7f14f2)), closes [#412](https://github.com/ory/hydra/issues/412):
updating bash command to `/bin/sh`
* Improves doc by dropping brackets in cmd usage ([#415](https://github.com/ory/hydra/issues/415)) ([d60625d](https://github.com/ory/hydra/commit/d60625ddcbd72bcd4934b201438267c0d2fadc68))
* Update common and ladon dependencies ([d0e7752](https://github.com/ory/hydra/commit/d0e77525f765acbf8cff0d710f909f5a401f101e)), closes [#419](https://github.com/ory/hydra/issues/419)
* Update gorethink imports ([77deb6c](https://github.com/ory/hydra/commit/77deb6cf72c817eb0e6d26f0e612f004fbe45cb7))
* Update redis imports ([d6fd930](https://github.com/ory/hydra/commit/d6fd930a8fd56ea97f08880ee8826a7a8e0195ac))
# [0.7.9](https://github.com/ory/hydra/compare/v0.7.8...v0.7.9) (2017-04-02)
vendor: updated ladon version in glide.lock (#404)
### Unclassified
* Add golang consent example ([22e33c4](https://github.com/ory/hydra/commit/22e33c4bac96911bb745483f4901655d2f903be5))
* Fix typo ([4827507](https://github.com/ory/hydra/commit/4827507614b7bfcac7158cc310d8f9abc720e308))
* Updated ladon version in glide.lock ([#404](https://github.com/ory/hydra/issues/404)) ([de2c4bb](https://github.com/ory/hydra/commit/de2c4bbad9045ff4b2c892d890675c86d8c03e7a))
# [0.7.8](https://github.com/ory/hydra/compare/v0.7.7...v0.7.8) (2017-03-24)
sdk: improve consent api and docs
### Documentation
* Add articles section ([4722b8c](https://github.com/ory/hydra/commit/4722b8c207fdddfa03a1f1968c64a7053449cfc1))
* Add example policy for consent app signing ([#389](https://github.com/ory/hydra/issues/389)) ([879d05b](https://github.com/ory/hydra/commit/879d05bcfea518d521d46b545b0b76d1db5afc8b))
* Added information about auth code exchange to oauth2 docs ([#392](https://github.com/ory/hydra/issues/392)) ([26a1284](https://github.com/ory/hydra/commit/26a12847c0827b58045ddc93bb759dc530755c1a))
* Update docker hub repo references ([b08d521](https://github.com/ory/hydra/commit/b08d5213aa089e6199f07544edd41b14955f4c11))
### Unclassified
* Add consent helper - closes [#397](https://github.com/ory/hydra/issues/397) ([e182085](https://github.com/ory/hydra/commit/e1820857a22b2286a295ac0940e74fc34e97039a))
* Add documentation to the consent sdk ([63f8dc4](https://github.com/ory/hydra/commit/63f8dc4b6bf38ea4994c91dba036ceb62c4c5528))
* Deleting a group creates it - closes [#383](https://github.com/ory/hydra/issues/383) ([2038e8c](https://github.com/ory/hydra/commit/2038e8c6bbccb5459d1a9f854c906c63df9c86e8))
* Gitter link doesn't work - closes [#386](https://github.com/ory/hydra/issues/386) ([dd6ad40](https://github.com/ory/hydra/commit/dd6ad4002e38344085b80723e05b8e1a0356ca19))
* Gofmt -w -s ([b22d26f](https://github.com/ory/hydra/commit/b22d26f9b0f978579651e46ad1c99998ed2a03d5))
* Improve consent api and docs ([93bb521](https://github.com/ory/hydra/commit/93bb521963ab05557553de6a5b0b34f7a1b8def4))
* Introduction ([e4e5199](https://github.com/ory/hydra/commit/e4e5199eb23d316f7dcb7126be83add675f401c3))
* New constent app image ([1a347a3](https://github.com/ory/hydra/commit/1a347a3c6f5b44d61dd38953ad33950ba6713044))
* Redirect_uri domains are case-sensitive - closes [#380](https://github.com/ory/hydra/issues/380) ([b5378d4](https://github.com/ory/hydra/commit/b5378d46f09b96655fe31d69b0f989083974ad4e))
* Reduce docker image size ([b8c10c3](https://github.com/ory/hydra/commit/b8c10c3eb0e846f3d8a20dec8a730d246cd00e84))
* Resolve ci issues and improve readme ([51fd393](https://github.com/ory/hydra/commit/51fd3935ffed268a3648b10044d6bf576c59c29b))
* Resolve typo in host command ([#391](https://github.com/ory/hydra/issues/391)) ([a910a35](https://github.com/ory/hydra/commit/a910a35257273874f6b0d2f5b899c88e2a8292fd))
* Update libraries section ([681dc8c](https://github.com/ory/hydra/commit/681dc8ce88a291055039c570a3bf28af11649510))
* Update libraries section and introduction ([57e0055](https://github.com/ory/hydra/commit/57e00558a998d135c010fc7f2d1d352ff7c89aaf))
# [0.7.7](https://github.com/ory/hydra/compare/v0.7.6...v0.7.7) (2017-02-11)
oauth2: invalid consent response causes panic - closes #369
### Unclassified
* Invalid consent response causes panic - closes [#369](https://github.com/ory/hydra/issues/369) ([868a02b](https://github.com/ory/hydra/commit/868a02b376ad699be9512b20d6fd40f515f0a00f))
# [0.7.6](https://github.com/ory/hydra/compare/v0.7.5...v0.7.6) (2017-02-11)
config: remove unused import
### Unclassified
* Force hydra-idp-react version ([7cf5d79](https://github.com/ory/hydra/commit/7cf5d79feb2b67f8512378a689d28ba7497b3027))
* Remove unused import ([0401de9](https://github.com/ory/hydra/commit/0401de99dbcab699da95243a54179625b19eba01))
* Resolve issue with cookie store ([5331bbb](https://github.com/ory/hydra/commit/5331bbbc95d1950795cab336c2135d31cb4c0a2b))
* Update ory references ([8fc3c7b](https://github.com/ory/hydra/commit/8fc3c7b2341d4fd01f98305e313e01b1644d10b0))
# [0.7.3](https://github.com/ory/hydra/compare/v0.7.2...v0.7.3) (2017-01-22)
policy: investigate potential sql connection leak - closes #363
### Unclassified
* policy: investigate potential sql connection leak - closes #363 ([fe31f1f](https://github.com/ory/hydra/commit/fe31f1ff441a31e20f45774991a3f3b3405d0163)), closes [#363](https://github.com/ory/hydra/issues/363)
* Update fosite_store_redis.go ([#361](https://github.com/ory/hydra/issues/361)) ([65b4584](https://github.com/ory/hydra/commit/65b4584da8267d212f9f31f9b7f7404a6c9329fe)):
There was an additional quote on the JSON struct tag.
# [0.7.2](https://github.com/ory/hydra/compare/v0.7.1...v0.7.2) (2017-01-02)
vendor: update to fosite 0.6.12 - closes #342
### Unclassified
* Improve sql migration routine and add test ([4f931cd](https://github.com/ory/hydra/commit/4f931cd6097d9fb7c45f4569f624fb42a5e76f19))
* Remove stray log ([971d7ba](https://github.com/ory/hydra/commit/971d7ba5275a7298ccb2ba542ca397c520428a6f))
* Update to fosite 0.6.11 - closes [#338](https://github.com/ory/hydra/issues/338) ([c59d8a4](https://github.com/ory/hydra/commit/c59d8a4b5c84c3d48e12094fb6c1c5453cd837ec))
* Update to fosite 0.6.12 - closes [#342](https://github.com/ory/hydra/issues/342) ([699163f](https://github.com/ory/hydra/commit/699163ffefc1d3bf01d9d7f971ba3469ab647a90))
# [0.7.1](https://github.com/ory/hydra/compare/v0.7.0...v0.7.1) (2016-12-30)
groups: fix issue with sql migration
### Unclassified
* Fix issue with sql migration ([5b42537](https://github.com/ory/hydra/commit/5b425372b0e54a2e9ff00aa555083b8b6034ee6a))
# [0.7.0](https://github.com/ory/hydra/compare/v0.6.10...v0.7.0) (2016-12-30)
oidc: at_hash / c_hash mismatch - closes #338
### Documentation
* Update five minute tutorial ([fc830c5](https://github.com/ory/hydra/commit/fc830c54712f09665f931b140567d02647785aea))
### Unclassified
* oidc: at_hash / c_hash mismatch - closes #338 ([fcdf664](https://github.com/ory/hydra/commit/fcdf6643845ff8b743a910295c5761dfd389a8a3)), closes [#338](https://github.com/ory/hydra/issues/338)
* api docs ([57d2d5b](https://github.com/ory/hydra/commit/57d2d5b4424c57ebefa8dcd326978d1971b80f21))
* groups improve ([ffc9ad4](https://github.com/ory/hydra/commit/ffc9ad4a3c7aa883245d0cb0c368b15a0291f4d3))
* oauth2/consent: force jti echo in consent response -closes #322 ([e93840d](https://github.com/ory/hydra/commit/e93840d0ca51f813af3a5ee49655e187337991a1)), closes [#322](https://github.com/ory/hydra/issues/322)
* cmd: add configuration options for `hydra token user` - closes #327 ([f5f371d](https://github.com/ory/hydra/commit/f5f371d00b6e51be1994f86f1207bebb046d496e)), closes [#327](https://github.com/ory/hydra/issues/327)
* Add group management - closes [#68](https://github.com/ory/hydra/issues/68) ([ce46d45](https://github.com/ory/hydra/commit/ce46d45ebe2aecd544288f6bf31bd1853d4ca553))
* Add sql migrations - closes [#194](https://github.com/ory/hydra/issues/194) ([40bcc24](https://github.com/ory/hydra/commit/40bcc24df0ae9c184ca3aa366c31d83dc933dd6f))
* Clean up docker files ([0316825](https://github.com/ory/hydra/commit/03168256f1b029a97c78bdf6b798571a2523e2c5))
* Correct error wrapping ([07441f9](https://github.com/ory/hydra/commit/07441f93639217fb947f502a85c3e71558eefd32))
* Fix tests ([136453f](https://github.com/ory/hydra/commit/136453f26969312d6545cb087c1471ef3fa5be63))
* Glide update ([86e88b8](https://github.com/ory/hydra/commit/86e88b834dd2be4fcf9edcd81d5e26ecd374ae51))
* Gofmt -w -s . ([0383022](https://github.com/ory/hydra/commit/038302245ba5cd6bc46df7ac96ff48db16ebe093))
* Gofmt -w -s . ([5aed256](https://github.com/ory/hydra/commit/5aed2566cfc9731be2bcae4c7c42264f3f78aca9))
* Improve error handling ([00cc2ca](https://github.com/ory/hydra/commit/00cc2ca2b3ba6bf80266dec5eebdfa93e81afc39))
* Improve error handling ([def560c](https://github.com/ory/hydra/commit/def560cbd9de004516b4185c9973fa174d24e262))
* Provide rest endpoint for policy updates - closes [#305](https://github.com/ory/hydra/issues/305) ([257a447](https://github.com/ory/hydra/commit/257a447e23f956130f06839ba4a14789e1e37aba))
* Remove api spec ([491dcf8](https://github.com/ory/hydra/commit/491dcf8fcac4a454351899e790801f1cf8733b78))
* Resolve issue with firewall set up ([bdd3d88](https://github.com/ory/hydra/commit/bdd3d8853a7ba3fcfcda6bb8799aba7dd9c68e39))
* Resolve issues with SQL migration and update dockerfiles ([35548a8](https://github.com/ory/hydra/commit/35548a82a4d5ddaa5ff1037fc01cd39d4ecdfb68))
* Update glide dependencies ([9ff9fd4](https://github.com/ory/hydra/commit/9ff9fd40926acb3de31f200f33698c363316c31d))
# [0.6.10](https://github.com/ory/hydra/compare/v0.6.9...v0.6.10) (2016-12-26)
oauth2: improve error responses returned by http introspector
### Unclassified
* Improve error responses returned by http introspector ([76fa19c](https://github.com/ory/hydra/commit/76fa19c309aa32eb11d38b999fcaead555686503))
* Improve error results ([812b588](https://github.com/ory/hydra/commit/812b588e42f1cf2601d286a8e359cfe9e7feb104))
# [0.6.9](https://github.com/ory/hydra/compare/v0.6.8...v0.6.9) (2016-12-20)
openid: support response_type=code id_token - closes #332
### Documentation
* Make it clear that docker-compose is only for the example ([20c8681](https://github.com/ory/hydra/commit/20c868124f315bfdc4168008da7e96775c8ab7b3))
### Unclassified
* openid: support response_type=code id_token - closes #332 ([9dcc41b](https://github.com/ory/hydra/commit/9dcc41b89edfd3025fb5792c1dedef175f623e6c)), closes [#332](https://github.com/ory/hydra/issues/332)
* Replace newline in HTTP_TLS ([5a4a2e8](https://github.com/ory/hydra/commit/5a4a2e8adf54062fc4317426a32de6ebc8932cc2)):
HTTPS_TLS_CERT and HTTPS_TLS_KEY environment variables can contain \n
see:https://github.com/ory-am/hydra/blob/master/cmd/host.go
This commit replaces the \n character with an actual newline to allow
the tls package to correctly create a X509 key pair.
* Resolve issues with LOG_LEVEL and log confidentiality ([37be2ba](https://github.com/ory/hydra/commit/37be2badd6dcbcf0948598cd41266bcbee703df5)), closes [#324](https://github.com/ory/hydra/issues/324)
# [0.6.8](https://github.com/ory/hydra/compare/v0.6.7...v0.6.8) (2016-12-06)
oauth2: resolve issue with expires_in value
### Unclassified
* Http introspector should return well known error ([0abfbfd](https://github.com/ory/hydra/commit/0abfbfd6809d0de72663451dfdff17a82b08d5b7))
* Resolve issue with expires_in value ([c06dc36](https://github.com/ory/hydra/commit/c06dc363548089146252325f4b66ccadee246a8a))
# [0.6.7](https://github.com/ory/hydra/compare/v0.6.6...v0.6.7) (2016-12-04)
vendor: update glide yaml
### Unclassified
* Improve cli and oauth2 error reporting ([3d61a70](https://github.com/ory/hydra/commit/3d61a70aa38bffd7993ea33184829af4f29015fb))
* Migrate to dockertest v3 and resolve broken tests ([6f356d1](https://github.com/ory/hydra/commit/6f356d1366cc01f9bd3e388bf0ac18706270877f))
* Update glide yaml ([c9a77fa](https://github.com/ory/hydra/commit/c9a77fa9f57b6492fb3a77aeff7bbacbc223068d))
# [0.6.6](https://github.com/ory/hydra/compare/v0.6.5...v0.6.6) (2016-12-04)
cmd/connect: allow passing values as flags
### Documentation
* Add missing work in docs/oauth2.md ([#317](https://github.com/ory/hydra/issues/317)) ([ce65b10](https://github.com/ory/hydra/commit/ce65b103cbece1c38ec394c230444f322384b940))
### Unclassified
* cmd/connect: allow passing values as flags ([3b0b943](https://github.com/ory/hydra/commit/3b0b943abe166742a95a5666a47d210204c51bb0))
* --name should be before the image's name ([9a71e18](https://github.com/ory/hydra/commit/9a71e18b4d980b9cb3aa61d914bd31c9dad60e76))
# [0.6.5](https://github.com/ory/hydra/compare/v0.6.4...v0.6.5) (2016-11-28)
store/redis: redis backend for hydra (#313)
Signed-off-by: Son Dinh <son.dinh@blacksquaremedia.com>
* oauth2: Add Redis manager
* jwk: Add Redis manager
* cmd/server: Add Redis handlers to factories
* config: Add Redis connections
* core: Update documentation; update Redis deps
* docker: Add redis container to compose
* oauth2/redis: Remove tokens signatures from set store on revoke
* cmd/host: Change Redis documentation port to database default
* docker: Comment out non-default Hydra backends on compose
### Unclassified
* store/redis: redis backend for hydra (#313) ([32f5caf](https://github.com/ory/hydra/commit/32f5caf7802091e8a964667bb9c03a014ca430f7)), closes [#313](https://github.com/ory/hydra/issues/313):
* oauth2: Add Redis manager
* jwk: Add Redis manager
* cmd/server: Add Redis handlers to factories
* config: Add Redis connections
* core: Update documentation; update Redis deps
* docker: Add redis container to compose
* oauth2/redis: Remove tokens signatures from set store on revoke
* cmd/host: Change Redis documentation port to database default
* docker: Comment out non-default Hydra backends on compose
# [0.6.4](https://github.com/ory/hydra/compare/v0.6.3...v0.6.4) (2016-11-22)
oauth2/recovation: resolve issues with tests
### Unclassified
* oauth2/recovation: resolve issues with tests ([2e58355](https://github.com/ory/hydra/commit/2e5835507cf2835d9b6e67e5b0d999ccd7e61672))
* docs: clean up TokenValid leftovers - closes #310 ([994b596](https://github.com/ory/hydra/commit/994b596593cfc86d63cce3eaffbe306d3395be9c)), closes [#310](https://github.com/ory/hydra/issues/310)
* oauth2/revocation: token revocation fails silently with sql store - closes #311 ([7d3cb4e](https://github.com/ory/hydra/commit/7d3cb4eb71c0ca1f0da63856ddae4432e26bc2cc)), closes [#311](https://github.com/ory/hydra/issues/311)
# [0.6.3](https://github.com/ory/hydra/compare/v0.6.2...v0.6.3) (2016-11-17)
oauth2: resolve issues with token introspection on user tokens (#309)
### Documentation
* Update readme ([9129ac8](https://github.com/ory/hydra/commit/9129ac8fa0ae629fe291215cc644fe2e5350f929))
* Update readme ([a5386df](https://github.com/ory/hydra/commit/a5386df9f6aff7eacb32340ccec9026a685fcad8))
### Unclassified
* Resolve issues with token introspection on user tokens ([#309](https://github.com/ory/hydra/issues/309)) ([00bdd28](https://github.com/ory/hydra/commit/00bdd28ef47ed1b766b01637f7256befdec4aaaf))
* Update readme ([a110994](https://github.com/ory/hydra/commit/a1109948949da1d714e10eaa0deafec0d515d3e7))
# [0.6.2](https://github.com/ory/hydra/compare/v0.6.1...v0.6.2) (2016-11-05)
client/mysql: fix missing client_name (#303)
Signed-off-by: John Wu <johnwu96822@gmail.com>
### Unclassified
* client/mysql: fix missing client_name (#303) ([b861e25](https://github.com/ory/hydra/commit/b861e25279ff1a39680d912a5a505e23e86572b8)), closes [#303](https://github.com/ory/hydra/issues/303)
# [0.6.1](https://github.com/ory/hydra/compare/v0.6.0...v0.6.1) (2016-10-26)
0.6.1 (#301)
* manager/mysql: MySQL DB not creating on start – JSON column types only supported from MySQL 5.7 and onwards - closes #299
* docs: improve gitbook front page
### Documentation
* Fix some minor typos and the broken tutorial links ([#298](https://github.com/ory/hydra/issues/298)) ([1bbd6ed](https://github.com/ory/hydra/commit/1bbd6ed9b1a111ece69c42df06fc74da5df08ac2))
* More docs ([955200c](https://github.com/ory/hydra/commit/955200cba6f6cccf375388e3917debd6a82a4a98))
* Update readme ([1215e98](https://github.com/ory/hydra/commit/1215e985478fd49433b1fc4e468a02b7c1ab1422))
* Update README ([bce141f](https://github.com/ory/hydra/commit/bce141f2d0769830f7f9d39d6d38946c78b80e62))
* Update README ([eff6b86](https://github.com/ory/hydra/commit/eff6b8679b6210104a2fdf85b00f41a3f869416f))
### Unclassified
* 0.6.1 (#301) ([c743e37](https://github.com/ory/hydra/commit/c743e3738735b31803505dbe4f95ac3c17983a6c)), closes [#301](https://github.com/ory/hydra/issues/301) [#299](https://github.com/ory/hydra/issues/299)
* Added wayne robinson ([6347d0b](https://github.com/ory/hydra/commit/6347d0bc08362612d9ee3c696f8af164ca231c64))
# [0.6.0](https://github.com/ory/hydra/compare/v0.5.8...v0.6.0) (2016-10-25)
0.6.0 (#293)
* oauth2: scopes should be separated by %20 and not +, to ensure javascript compatibility - closes #277
* oauth2/introspect: make endpoint rfc7662 compatible - closes #289
* warden: make it clear that ladon.Request.Subject is not required or break bc and remove it - closes #270
* travis: execute gox build only when new commit is a new tag - closes #285
* docs: improve introduction (#267)
* core: (health) monitoring endpoint - closes #216
* oauth2/introspect: make endpoint rfc7662 compatible - closes #289
* connections: remove connections API - closes #265
* oauth2: token revocation endpoint - closes #233
* vendor: update to fosite 0.5.0
* core: add sql support #292
* connections: remove connections API - closes #265
* all: coverage report is missing covered lines of nested packages - closes #296
* cmd: prettify the `hydra token user` output - closes #281
* travis: make it possible for travis-ci to build forked repos - closes #295
### Unclassified
* 0.6.0 (#293) ([8256356](https://github.com/ory/hydra/commit/8256356b9b4704c369b4d01498b5cd0b11fd1919)), closes [#293](https://github.com/ory/hydra/issues/293) [#277](https://github.com/ory/hydra/issues/277) [#289](https://github.com/ory/hydra/issues/289) [#270](https://github.com/ory/hydra/issues/270) [#285](https://github.com/ory/hydra/issues/285) [#267](https://github.com/ory/hydra/issues/267) [#216](https://github.com/ory/hydra/issues/216) [#289](https://github.com/ory/hydra/issues/289) [#265](https://github.com/ory/hydra/issues/265) [#233](https://github.com/ory/hydra/issues/233) [#292](https://github.com/ory/hydra/issues/292) [#265](https://github.com/ory/hydra/issues/265) [#296](https://github.com/ory/hydra/issues/296) [#281](https://github.com/ory/hydra/issues/281) [#295](https://github.com/ory/hydra/issues/295)
* Build only on tags and go1.7 ([#288](https://github.com/ory/hydra/issues/288)) ([f5299a1](https://github.com/ory/hydra/commit/f5299a105a2d1ae0ab8e25c69f22afe21fc8a28d))
* Fix typo in host command help text ([#291](https://github.com/ory/hydra/issues/291)) ([6b9dd26](https://github.com/ory/hydra/commit/6b9dd26e4ab62ae5838e70be5b2354d3e1956f38))
# [0.5.8](https://github.com/ory/hydra/compare/v0.5.7...v0.5.8) (2016-10-06)
oauth2: refresh token does not migrate session object to new token - closes #283 (#284)
### Unclassified
* Refresh token does not migrate session object to new token - closes [#283](https://github.com/ory/hydra/issues/283) ([#284](https://github.com/ory/hydra/issues/284)) ([835bb2b](https://github.com/ory/hydra/commit/835bb2bcfa832696b1a87bf0823307aca7b1e5cb))
# [0.5.7](https://github.com/ory/hydra/compare/v0.5.6...v0.5.7) (2016-10-04)
jwk: add use parameter to generated JWKs - closes #279 (#280)
### Unclassified
* Add use parameter to generated JWKs - closes [#279](https://github.com/ory/hydra/issues/279) ([#280](https://github.com/ory/hydra/issues/280)) ([05b5f84](https://github.com/ory/hydra/commit/05b5f841ef24dbd9242ad667d53a9cea98e5088f))
# [0.5.6](https://github.com/ory/hydra/compare/v0.5.5...v0.5.6) (2016-10-03)
oauth2: scopes should be separated by %20 and not +, to ensure javascript compatibility (#278)
* herodot: improve error logging
* oauth2: scopes should be separated by %20 and not +, to ensure javascript compatibility - closes #277
### Unclassified
* Fix [#272](https://github.com/ory/hydra/issues/272) typos in the host command controls ([#276](https://github.com/ory/hydra/issues/276)) ([efc7e58](https://github.com/ory/hydra/commit/efc7e58ce5c403da23145d1353c328182a4fda56))
* Replace HYDRA_PROFILING with PROFILING - closes [#274](https://github.com/ory/hydra/issues/274) ([#275](https://github.com/ory/hydra/issues/275)) ([16209f6](https://github.com/ory/hydra/commit/16209f66d5acf9a6ef383d783a4434e603084988))
* Scopes should be separated by %20 and not +, to ensure javascript compatibility ([#278](https://github.com/ory/hydra/issues/278)) ([e33df89](https://github.com/ory/hydra/commit/e33df89401e6b4c88a599b1be7ce4f1b40653164)), closes [#277](https://github.com/ory/hydra/issues/277):
* herodot: improve error logging
# [0.5.5](https://github.com/ory/hydra/compare/v0.5.4...v0.5.5) (2016-09-29)
docker: fix typo in docker-http image
### Unclassified
* Fix typo in docker-http image ([7d16c7e](https://github.com/ory/hydra/commit/7d16c7ef2086d9ae4286f8b2a1a427c3800af825))
# [0.5.4](https://github.com/ory/hydra/compare/v0.5.3...v0.5.4) (2016-09-29)
docker: resolve issue with docker-http image
### Unclassified
* Resolve issue with docker-http image ([407d650](https://github.com/ory/hydra/commit/407d65040aace9acef7e097eb15a18e471e6662e))
# [0.5.3](https://github.com/ory/hydra/compare/v0.5.2...v0.5.3) (2016-09-29)
docker: add http-only dockerfile and upgrade to go 1.7 base image (#273)
### Documentation
* Fix typo in consent.md ([575f2e5](https://github.com/ory/hydra/commit/575f2e5f4375f1dbcd87871b195ffd59dac2c3c4))
### Unclassified
* Add http-only dockerfile and upgrade to go 1.7 base image ([#273](https://github.com/ory/hydra/issues/273)) ([784b5b2](https://github.com/ory/hydra/commit/784b5b2a7ea029b4c9836e5d5d9457b6236bb92b))
# [0.5.2](https://github.com/ory/hydra/compare/v0.5.1...v0.5.2) (2016-09-23)
client: owner should be fetched from original client when updating
### Unclassified
* Owner should be fetched from original client when updating ([06077e9](https://github.com/ory/hydra/commit/06077e99c5f33966f92158d186165f11d4dce0b4))
# [0.5.1](https://github.com/ory/hydra/compare/v0.5.0...v0.5.1) (2016-09-22)
0.5.0 (#243)
* cmd: hydra token user should show id token in browser - closes #224
* cli: hydra clients import doesn't print client's secret - closes #221
* travis: ld flags are wrong - closes #242
* all: resolve naming inconsistencies in jwk set names used in hydra - closes #239
* sdk: resolve naming inconsistencies - closes #226
* docs: resolve gitbook issue with image assets
* jwk: anonymous request can't read public keys - closes #253
* client: add ability to update client - closes #250
* core: document hard-wired JWK sets - closes #247
* docs: fix images in readme - closes #261
### Documentation
* Add notes on operational considerations ([#252](https://github.com/ory/hydra/issues/252)) ([777e45b](https://github.com/ory/hydra/commit/777e45be0e44333cf5678910e270ee65129310f9))
* Resolve gitbook issue with image assets ([3c3b93e](https://github.com/ory/hydra/commit/3c3b93e6886a473c9472fdb61c584acda3d758aa))
### Unclassified
* 0.5.0 (#243) ([a922002](https://github.com/ory/hydra/commit/a92200278ab7e5e843a2b4520a53253da025795f)), closes [#243](https://github.com/ory/hydra/issues/243) [#224](https://github.com/ory/hydra/issues/224) [#221](https://github.com/ory/hydra/issues/221) [#242](https://github.com/ory/hydra/issues/242) [#239](https://github.com/ory/hydra/issues/239) [#226](https://github.com/ory/hydra/issues/226) [#253](https://github.com/ory/hydra/issues/253) [#250](https://github.com/ory/hydra/issues/250) [#247](https://github.com/ory/hydra/issues/247) [#261](https://github.com/ory/hydra/issues/261)
# [0.4.3](https://github.com/ory/hydra/compare/v0.4.2-alpha.4...v0.4.3) (2016-09-03)
travis: fix gox build process
### Unclassified
* Fix gox build process ([0575b43](https://github.com/ory/hydra/commit/0575b437eabbf29253867c33e11f405524939aa8))
# [0.4.2-alpha.3](https://github.com/ory/hydra/compare/v0.4.2-alpha.2...v0.4.2-alpha.3) (2016-09-02)
travis: dpl is not accepting API keys
### Unclassified
* Dpl is not accepting API keys ([05fe98d](https://github.com/ory/hydra/commit/05fe98dfefe29d39e124fd1c540dc77c380c9cc7))
# [0.4.2-alpha.2](https://github.com/ory/hydra/compare/v0.4.2-alpha.1...v0.4.2-alpha.2) (2016-09-01)
travis: resolve issues with autodeploy
### Unclassified
* Resolve issues with autodeploy ([a0ae42d](https://github.com/ory/hydra/commit/a0ae42db6494668eba93dcae9539e4f6776f78ab))
# [0.4.2-alpha.1](https://github.com/ory/hydra/compare/0.4.2-alpha...v0.4.2-alpha.1) (2016-09-01)
travis: resolve deploy issues
### Unclassified
* Resolve deploy issues ([30350ca](https://github.com/ory/hydra/commit/30350cac1cf7a9b91ed1b9aab84122e099339409))
# [0.4.2-alpha](https://github.com/ory/hydra/compare/v0.4.1...0.4.2-alpha) (2016-09-01)
### Documentation
* Add 3rd party section to readme ([3f80cc9](https://github.com/ory/hydra/commit/3f80cc9f9d164f1b4677ce55ab8585eaa995422e))
* Add a feature overview ([a12f353](https://github.com/ory/hydra/commit/a12f353a9ae4f02960ac90d8a7ae7973af49f055))
* Add section "what's it good for" ([c77f435](https://github.com/ory/hydra/commit/c77f435572c02baf64766f0728599a4853acd95c))
* Add what is hydra / what is hydra not section ([975b2ce](https://github.com/ory/hydra/commit/975b2ce670b7ac2a57dbd40a05add232b32d3f2b))
* Fix broken tutorial link in readme ([107c94c](https://github.com/ory/hydra/commit/107c94c942d54f0db4cc5287abea025814efad16))
### Unclassified
* docs/demo: improve tutorial ([837476d](https://github.com/ory/hydra/commit/837476de16aa2bdf81875e4b16552f00f903e2ff))
* docs/sdk: fix typo in policy condition ([448fc3e](https://github.com/ory/hydra/commit/448fc3eb1f328b86efdf1ee4ca4d3b424f74a23e))
* docs/sdk: improve sdk examples ([8eea29f](https://github.com/ory/hydra/commit/8eea29f01a39944a7ceccbf5fa23311891a6ef87))
* Firewal.Audience overridden with requesting clients subject in TokenAllowed and TokenValid ([#236](https://github.com/ory/hydra/issues/236)) ([d5c267f](https://github.com/ory/hydra/commit/d5c267f87b9f8c4bb6cc05e1246214f4cb856851))
* Resolve regression issue in tests and wrong scope definition ([8911e0f](https://github.com/ory/hydra/commit/8911e0f6b03604d9a9cacbf7b2c72b0b8e243050))
* Update fosite 0.3.0 ([39b3fc3](https://github.com/ory/hydra/commit/39b3fc3b88a58130bc6704be3611e15fb02130f9))
* Updated jwt-go to 3.0.0. Also fixed a few go vet issues. ([7ab95c5](https://github.com/ory/hydra/commit/7ab95c5b6e7a81c08bbc1c5b6708193a65ea6334))
* Versioned automated builds ([76c23f8](https://github.com/ory/hydra/commit/76c23f86d10d30015de87127715a27020c80470a)), closes [#210](https://github.com/ory/hydra/issues/210) [#218](https://github.com/ory/hydra/issues/218)
# [0.4.1](https://github.com/ory/hydra/compare/v0.4.0...v0.4.1) (2016-08-18)
cmd: resolve issue with token user flow (#212)
### Unclassified
* 0.4.0 (#203) ([cd6daed](https://github.com/ory/hydra/commit/cd6daedfe42cab14717b3a5fc9fe99efc81e5447)), closes [#203](https://github.com/ory/hydra/issues/203) [#199](https://github.com/ory/hydra/issues/199) [#201](https://github.com/ory/hydra/issues/201) [#200](https://github.com/ory/hydra/issues/200) [#205](https://github.com/ory/hydra/issues/205) [#198](https://github.com/ory/hydra/issues/198) [#204](https://github.com/ory/hydra/issues/204)
* Update book.json ([c8c67dc](https://github.com/ory/hydra/commit/c8c67dce3391340e4741e25b8c10c973ad9eeb94))
* Create book.json ([27cc32f](https://github.com/ory/hydra/commit/27cc32fbace2c2d77a6da4cbb7a063e9182e7f43))
* Add introspection to the sdk ([4b24be4](https://github.com/ory/hydra/commit/4b24be4c0c3865b98ecd8e17c0937d1d143396c5))
* Fix broken image links ([c1d3e88](https://github.com/ory/hydra/commit/c1d3e88cf2ce2345c55288805f80e26c4224ee58))
* Fix broken links ([b9b755a](https://github.com/ory/hydra/commit/b9b755aafdda7e314d45d4eba68a5fbbaef502e1))
* Instantiate token introspection ([56a9eda](https://github.com/ory/hydra/commit/56a9edacbe6fa04a85faf8bf3f51f1c6705cccfb))
* Resolve issue with token user flow ([#212](https://github.com/ory/hydra/issues/212)) ([8230eac](https://github.com/ory/hydra/commit/8230eacf2ee3e85f8b96a40d96f3961b56fc2ba1))
# [0.3.1](https://github.com/ory/hydra/compare/v0.3.0...v0.3.1) (2016-08-17)
all: resolve and test for issues in rethinkdb coldstart - closes #207
### Documentation
* Resolve broken examples in the docs, add badges and code documentation ([0baa04e](https://github.com/ory/hydra/commit/0baa04ebbbc62446b21824ecda7490864642ce68))
### Unclassified
* Resolve and test for issues in rethinkdb coldstart - closes [#207](https://github.com/ory/hydra/issues/207) ([6a0bbd7](https://github.com/ory/hydra/commit/6a0bbd7f953f23668a59c4fe2c87d5d6afb88b6b))
# [0.3.0](https://github.com/ory/hydra/compare/v0.2.0...v0.3.0) (2016-08-09)
0.3.0 (#195)
* cmd: resolve broken formatting issue
* client: field scopes should be scope
* config: fix broken system secret method and add test case for it
* client: scope should be scope in rethinkdb too
* client: scope should be scope in rethinkdb too
* oauth2: resolve import paths broken by goimports
### Unclassified
* 0.3.0 (#195) ([95ff77d](https://github.com/ory/hydra/commit/95ff77d24c3a698e407162f5c389ed1695c1e317)), closes [#195](https://github.com/ory/hydra/issues/195):
* cmd: resolve broken formatting issue
* client: field scopes should be scope
* config: fix broken system secret method and add test case for it
* client: scope should be scope in rethinkdb too
* client: scope should be scope in rethinkdb too
* oauth2: resolve import paths broken by goimports
# [0.2.0](https://github.com/ory/hydra/compare/5df442b04c18c5f9a419f40c8750d2531952d38a...v0.2.0) (2016-08-09)
:fire: 0.2.0 (#165)
* warden: rename `assertion` to `token` - closes #158
* config: do not log database credentials - closes #147
* oauth2: upgrade fosite - close #160
* config: do not store database config in hydra config - closes #164
* oauth2: id_token at_hash / c_hash is null - closes #129
* jwk: improve error message of wrong system secrect - closes #104
* readme: improve images, add benchmarks - closes #161
* cmd: improve connect dialogue - closes #170
* cmd: fix --dry option - closes #157
* firewall: document warden interface sdk
* readme: link openid connect and oauth2 introduction
* cmd: introduce FORCE_ROOT_CLIENT_CREDENTIALS env var - closes #140
* readme: document error redirect to identity provider - closes #96
* internal: fosite store must be consistent to avoid errors - closes #176
* client: add GetConcreteClient to http manager
* cmd: host process now logs basic information on all http requests - closes #178
* all: add memory profiling - closes #179
* warden: resolve nil pointer issue - closes #181
* cmd: clean up env to struct mapping, add more controls
* cmd: bcrypt cost should be configurable - closes #184
* cmd: token lifespans should be configurable - closes #183
* cmd: resolve issues with envirnoment config - closes #182
* cmd: implement tls termination capability - closes #177
* cmd: resolve issues with redirect logic and TLS
* oauth2: implement default oauth2 consent endpoint - closes #185
* warden - closes #188
* oauth2: id token claims should be set by using id_token - closes #188
* oauth2: oauth2 implicit flow should allow custom protocols - closes #180
* oauth2: core scope should not be mandatory - closes #189
* warden: warden sdk should not make distinction between token and request - closes #190
* warden: rename authorized / allowed endpoints to something more meaningful - closes #162
* ci: improve travis config
### Documentation
* Create CONTRIBUTING.md ([63702a9](https://github.com/ory/hydra/commit/63702a97556e95b86d9ca5d2e5fea65f05315d22))
* Remove shell guide requirements ([5d4d024](https://github.com/ory/hydra/commit/5d4d0248fd7e2397f866161606290a2d0aa3bc74))
### Unclassified
* :fire: 0.2.0 (#165) ([a297f7e](https://github.com/ory/hydra/commit/a297f7e57b12c31c8936af02c0bc00600eae0347)), closes [#165](https://github.com/ory/hydra/issues/165) [#158](https://github.com/ory/hydra/issues/158) [#147](https://github.com/ory/hydra/issues/147) [#160](https://github.com/ory/hydra/issues/160) [#164](https://github.com/ory/hydra/issues/164) [#129](https://github.com/ory/hydra/issues/129) [#104](https://github.com/ory/hydra/issues/104) [#161](https://github.com/ory/hydra/issues/161) [#170](https://github.com/ory/hydra/issues/170) [#157](https://github.com/ory/hydra/issues/157) [#140](https://github.com/ory/hydra/issues/140) [#96](https://github.com/ory/hydra/issues/96) [#176](https://github.com/ory/hydra/issues/176) [#178](https://github.com/ory/hydra/issues/178) [#179](https://github.com/ory/hydra/issues/179) [#181](https://github.com/ory/hydra/issues/181) [#184](https://github.com/ory/hydra/issues/184) [#183](https://github.com/ory/hydra/issues/183) [#182](https://github.com/ory/hydra/issues/182) [#177](https://github.com/ory/hydra/issues/177) [#185](https://github.com/ory/hydra/issues/185) [#188](https://github.com/ory/hydra/issues/188) [#188](https://github.com/ory/hydra/issues/188) [#180](https://github.com/ory/hydra/issues/180) [#189](https://github.com/ory/hydra/issues/189) [#190](https://github.com/ory/hydra/issues/190) [#162](https://github.com/ory/hydra/issues/162)
* ensure client endpoint is initialised for CLI "clients import" command ([6070a80](https://github.com/ory/hydra/commit/6070a80cc0839c27291696affb8003c27d9ac339))
* Fix table of contents (#145) ([9945c11](https://github.com/ory/hydra/commit/9945c118da162ccaaa4418d76d20252cbe1b8aa3)), closes [#145](https://github.com/ory/hydra/issues/145)
* Resolve issues with warden and client api (#120) ([c77d2dc](https://github.com/ory/hydra/commit/c77d2dc7b8e268ee927489a57c3e681d0743573d)), closes [#120](https://github.com/ory/hydra/issues/120) [#118](https://github.com/ory/hydra/issues/118) [#119](https://github.com/ory/hydra/issues/119)
* :fire: 0.1-beta2 (#90) :fire: ([8593699](https://github.com/ory/hydra/commit/85936992ada6c3ca9da22ba7e5849450d17f98ce)), closes [#90](https://github.com/ory/hydra/issues/90) [#86](https://github.com/ory/hydra/issues/86) [#91](https://github.com/ory/hydra/issues/91) [#99](https://github.com/ory/hydra/issues/99) [#93](https://github.com/ory/hydra/issues/93) [#88](https://github.com/ory/hydra/issues/88) [#97](https://github.com/ory/hydra/issues/97) [#92](https://github.com/ory/hydra/issues/92) [#89](https://github.com/ory/hydra/issues/89)
* :zap: vendor: switch to versioned gorethink api (#81) ([15242e2](https://github.com/ory/hydra/commit/15242e2cf481afff110302dab3082884939b80e1)), closes [#81](https://github.com/ory/hydra/issues/81):
* vendor: switch to versioned gorethink api
* readme: bug bounty / hall of fame
* readme: add fosite and ladon reference
* :fire: 0.1-beta :fire: ([00fd93c](https://github.com/ory/hydra/commit/00fd93cab2e8f8938100f29c8b393f97c8870453))
* Update README.md ([f0b40f1](https://github.com/ory/hydra/commit/f0b40f150bbbd3979cb8d7c8baf356110fab187a))
* Remove go get of govet in .travis.yml ([cff9754](https://github.com/ory/hydra/commit/cff975456370f1f926b00ac128913ffc8f360a2b)):
Fix error where vet cmd package cannot be found.
The package seems to be included in go now. No need to download it
anymore.
* oauth/google: fixed status code error message ([0b7b163](https://github.com/ory/hydra/commit/0b7b1639ed0d22a92e6f3d2c94591dd89e06cc6d))
* oauth/google: fixed status code error message ([8ed78e5](https://github.com/ory/hydra/commit/8ed78e5ed069913c03442443c70c3caaec06576f))
* Update README.md ([acae0e7](https://github.com/ory/hydra/commit/acae0e7882f5dd145bfa81d49803c2c4ded4c020)):
README: Updated smaller typo
* Storage/RethinkDB: Added RethinkDB as backend storage. ([cb9c2f4](https://github.com/ory/hydra/commit/cb9c2f488c85fa1d34342817bc1ba28caf8d2a5e)):
Storage/PostgreSQL: Updated some PostgreSQL tests.
Hydra: Fixed smaller bugs.
* handler.go:300: no formatting directive in Sprintf call ([6ee1376](https://github.com/ory/hydra/commit/6ee13768c1a2f4cfb07fd698e202f239b850a5cf))
* handle multiple return values from gopass ([8124765](https://github.com/ory/hydra/commit/81247658266fff9fc31d45d86aa4e91867420757))
* update accounts CLI Usage ([9881e2a](https://github.com/ory/hydra/commit/9881e2a4251763ec3d4911de8be15811734c3f43))
* Update README.md ([2fadfae](https://github.com/ory/hydra/commit/2fadfae00b5b4fc3455fc4c80c1118e1c20db96f))
* Add Gitter badge ([4f3d9ce](https://github.com/ory/hydra/commit/4f3d9ce9c6d6df67cdeb3c7e9a02e6a7bdd6bd21))
* oauth/provider/signin/signin.go: arg err for printf verb %d of wrong type: error ([16fddf2](https://github.com/ory/hydra/commit/16fddf2c516b1fe1b86a1681812b874a8b7f3e1c))
* cli/hydra-host/handler/tls.go: no formatting directive in Errorf call ([78698d5](https://github.com/ory/hydra/commit/78698d5429985896ed2afacddc28d9045b23d995))
* Update README.md ([be43ff6](https://github.com/ory/hydra/commit/be43ff6d4c91a15700ccf69af0e614edcbf2a446))
* jwt/oauth: refresh grant now is tested and works properly ([8d88305](https://github.com/ory/hydra/commit/8d883050ed4337d2b077ed3182f09656f2e67b5e))
* Update README.md ([3e2e81a](https://github.com/ory/hydra/commit/3e2e81af957a9ba56e2d9ec44e02881a41e440ec))
* Update README.md ([8510dd9](https://github.com/ory/hydra/commit/8510dd97ca9ccba2d82671620db8c6ab1ec9e67e))
* Update LICENSE ([62f7c67](https://github.com/ory/hydra/commit/62f7c67a54f3a551e4208e187bc2c8b69ff93f6b))
* Update CONCEPTS.md ([dd4df17](https://github.com/ory/hydra/commit/dd4df17daa49072195cd06c4421dc84674bbf443))
* Initial commit ([5df442b](https://github.com/ory/hydra/commit/5df442b04c18c5f9a419f40c8750d2531952d38a))
* Adapt ladon policy api changes ([b8bacb0](https://github.com/ory/hydra/commit/b8bacb04dce37e3492d262c3570a1f5b2063a1d7))
* Add basic debug log level support ([9686a91](https://github.com/ory/hydra/commit/9686a91dfa9c9d4b551d820efe66edb105f29531))
* Add glide command to develop snippet ([e513d2a](https://github.com/ory/hydra/commit/e513d2a23f4a1aef760556fa99fbb097a4e07669))
* Add glide command to install snippet ([e62b3d3](https://github.com/ory/hydra/commit/e62b3d36f0e354e325590d8afb5a1bc395986167))
* Add google group ([ed5be40](https://github.com/ory/hydra/commit/ed5be4062be31af4081d2a03eb82fd34e8b1f884))
* Add managed hydra note ([3450300](https://github.com/ory/hydra/commit/345030005194221b68bc5e5697628c475148f561))
* Add refact warning ([07da6a0](https://github.com/ory/hydra/commit/07da6a0a1614f69fb82a94c48a0ee85bca51e5cb))
* Add security considerations ([340c855](https://github.com/ory/hydra/commit/340c855e4fdcba67f0a2b867cc05f40c715195ff)), closes [#42](https://github.com/ory/hydra/issues/42)
* Add security section ([#87](https://github.com/ory/hydra/issues/87)) ([2ae682b](https://github.com/ory/hydra/commit/2ae682b44d1a3b438bd06ec2fb63c56da9eaaf03))
* Add test cases for methods returning slices or maps of entities ([#152](https://github.com/ory/hydra/issues/152)) ([e62e385](https://github.com/ory/hydra/commit/e62e3850b2a3b80041caa3d22de9d4cafe2f7d30))
* Add token validation ([#134](https://github.com/ory/hydra/issues/134)) ([9dfd4ea](https://github.com/ory/hydra/commit/9dfd4eae07cb7f7593d4278eb3670406043f872f))
* Add wrapper library for HTTP Managers ([#130](https://github.com/ory/hydra/issues/130)) ([266b324](https://github.com/ory/hydra/commit/266b32442870f379ce4d047d7a5c9f87f05b0e5b))
* Added benchmark section ([39d2802](https://github.com/ory/hydra/commit/39d2802cc7342f70ad877e8ec769f174601e4ae6))
* Added connection and client handlers ([47070f5](https://github.com/ory/hydra/commit/47070f5de7368fdb129e3a045434c338f4eb23fc))
* Added godeps ([ff027b5](https://github.com/ory/hydra/commit/ff027b55c64e0aa0bb7a3ca9685adbaf6e100575))
* Added google provider ([9ae9316](https://github.com/ory/hydra/commit/9ae9316add1a1140b1c74704794681b1fac443a4))
* Added heroku app.json ([7c1d25e](https://github.com/ory/hydra/commit/7c1d25e151207cf2406cdc8a3662a88967307383))
* Added heroku deployment notes ([98b83d7](https://github.com/ory/hydra/commit/98b83d7b2e8bdddddfe2163b53870fd955818e96))
* Added http/2 description ([1f0d6f9](https://github.com/ory/hydra/commit/1f0d6f9d79e6e79afc2c47cb6e1e77640912fe1e))
* Added microsoft and improved existing providers ([b2d3e06](https://github.com/ory/hydra/commit/b2d3e0665d2f9769b9e64dd5fe1ed6127d8fac89))
* Added mock for easier testing ([fe25be6](https://github.com/ory/hydra/commit/fe25be6737977a34f18c922392fc0bdbecebf749))
* Added mock for easier testing ([c4c1166](https://github.com/ory/hydra/commit/c4c1166668b88ad2f5ca082a5c53c7fad920588d))
* Added policy endpoint to host process ([c62cec5](https://github.com/ory/hydra/commit/c62cec534480b986de38bcfed76aa3320413e25d))
* Added port and host env var descriptions ([c32ac10](https://github.com/ory/hydra/commit/c32ac1081445359102ef97c036361b4ec9eb24ed))
* Added possibility to skip CA check ([09094f4](https://github.com/ory/hydra/commit/09094f401c33dd3bee72b46057648eabed1dafba))
* Added procfile ([1a38744](https://github.com/ory/hydra/commit/1a387440a0d89938f9caaf45348831e4b60b4129))
* Added start, client create and user create ([69d39ca](https://github.com/ory/hydra/commit/69d39ca1914a2af09891e66a7035036f3c2c9c33))
* Added status section ([cea52c6](https://github.com/ory/hydra/commit/cea52c6c097895f89faf86a5ed97309c698142c8))
* Added vagrant, fixed minor issues, added login capabilities, added examples ([b79b547](https://github.com/ory/hydra/commit/b79b54737af3840731cd8fd5458ad0ad79ae0dda))
* Allow loading certificates directly from env vars ([62ecd3d](https://github.com/ory/hydra/commit/62ecd3d73a4900e2f22b3b7b18c31a151638dc11))
* Always return non-nil error when validation fails. ([aca141d](https://github.com/ory/hydra/commit/aca141d415eae4ea76bfd6d2f0a347254454dd2a))
* Attached policy handler to router ([2d15cd7](https://github.com/ory/hydra/commit/2d15cd7af4cf3c1038dc9871a50a6b2d0098ad53))
* Authorization requests now properly set the code token subject ([df189d6](https://github.com/ory/hydra/commit/df189d6573c9fbf34d6634fa50ca0a09e4951197))
* Badgemania ([bb02665](https://github.com/ory/hydra/commit/bb026655c805868cac394d900235cd49088170b9))
* Beta preparations ([5ab50dc](https://github.com/ory/hydra/commit/5ab50dc7254764f8bc75bb3a26710a94133161d8))
* Clarified storage message ([8b9d41e](https://github.com/ory/hydra/commit/8b9d41e50d4d08f4639dd867bc49132ab52e106a))
* Cleanup ([0621e1a](https://github.com/ory/hydra/commit/0621e1ad6640143e3af5762d1f28c927638cbed0))
* Cleanup ([0fb905e](https://github.com/ory/hydra/commit/0fb905e470787b60f70e997edb30881e2b1aff19))
* Cleanup and issue resolving ([29c943f](https://github.com/ory/hydra/commit/29c943f6ce4446d4b6f39aad1ab0ca10356ea87e))
* Client libraries and refactoring ([e77940f](https://github.com/ory/hydra/commit/e77940fb7269b7434681452d4b2b5d6e993349ee))
* Client middleware works now ([18d46f8](https://github.com/ory/hydra/commit/18d46f8078c5f2ab6f4fc397b8a9c6c110dd6700))
* Connect to rethinkdb with custom root certificate ([#116](https://github.com/ory/hydra/issues/116)) ([74432b0](https://github.com/ory/hydra/commit/74432b071c4c52fdb985a7c716c5ddb0d5555ab6)):
* Connect to rethinkdb with a custom certificate
* Test importRethinkDBRootCA
Signed-off-by: Matteo Suppo <matteo.suppo@gmail.com>
* Move backend_connections tests
Signed-off-by: Matteo Suppo <matteo.suppo@gmail.com>
* Create MAINTAINERS ([adefff9](https://github.com/ory/hydra/commit/adefff99216e896c796ab08d3f6dec7d0f9f4e21))
* Created provider handler ([9338754](https://github.com/ory/hydra/commit/9338754fa1433d3b1acc1b0c3206c1d671385af8))
* Database connection is now only opened when required. ([6ac8de5](https://github.com/ory/hydra/commit/6ac8de53b863c07291e94ebb0e289da45b6438cc))
* DROPBOX_CALLBACK's default value is now smarter ([5f6457b](https://github.com/ory/hydra/commit/5f6457b886253da53b658ef689ac46a638763d49))
* Export AuthKey ([0bec260](https://github.com/ory/hydra/commit/0bec260748703eb9049229669c540de739520721))
* Fix broken link in TOC ([b40beda](https://github.com/ory/hydra/commit/b40beda9aa5df7febccda944ec56e21ddd841264))
* Fix client.GetClients() for multiple clients ([#151](https://github.com/ory/hydra/issues/151)) ([93dc837](https://github.com/ory/hydra/commit/93dc837490fcaf700302af18920c814260c9d1cc)), closes [#150](https://github.com/ory/hydra/issues/150)
* Fix idiom ([ebfc9a9](https://github.com/ory/hydra/commit/ebfc9a9a7ab33d1831e14434603ef101bc6a79dd)):
"What it looks like", not "how it looks like" (Very common mistake)
* Fix osin.CheckBasicAuth return value inconsistency ([57d5427](https://github.com/ory/hydra/commit/57d5427d64bad49e8cf7683ee80d371a791198af))
* Fix typo ([#100](https://github.com/ory/hydra/issues/100)) ([3ca01db](https://github.com/ory/hydra/commit/3ca01db2bcbcd40ae57731967931be4731576d09))
* Fix typo in exemplary policy ([386fb0c](https://github.com/ory/hydra/commit/386fb0caf3fd3a7209181e4c04f5c7befd3e8120))
* Fix typos ([873a816](https://github.com/ory/hydra/commit/873a816e6fa298f9a2f64eb11a44220f26362f90))
* Fix typos in exemplary policies ([#112](https://github.com/ory/hydra/issues/112)) ([5b44457](https://github.com/ory/hydra/commit/5b444573008dd228efb56f4b82250dabee4677b7))
* Fixed default TLS and JWT filepaths ([53827a2](https://github.com/ory/hydra/commit/53827a2c4d0d02807e5ad6893046f38b677df18d))
* Fixed environment issues ([d816e92](https://github.com/ory/hydra/commit/d816e9242934ce3ea25b48d391f994606c4e437f))
* Fixed error response ([f2ee621](https://github.com/ory/hydra/commit/f2ee621f789d8d3e55a7862262de0ab53f97a451))
* Fixed issue when account is not existing ([741ee9f](https://github.com/ory/hydra/commit/741ee9f23101570d706756450f2c53961b5aafac))
* Fixed nil pointer issue ([7695692](https://github.com/ory/hydra/commit/769569219548e4f04d2b493ea8947aafebf7857f))
* Fixed nil pointer issue ([f09bc08](https://github.com/ory/hydra/commit/f09bc08d152a98eba5a31b9266c3b65237b17520))
* Fixed null pointer in cli call to oauthHandler ([e7a827f](https://github.com/ory/hydra/commit/e7a827f3b7adf4a91c46afa8e918da34580e2b43))
* Fixed permission typo and tests ([5a4ec4a](https://github.com/ory/hydra/commit/5a4ec4ab6968df4ca53a415a7ec1ea1f7974ae89))
* Fixed smaller bugs and typos in RethinkDB and PostgreSQL. ([aebd9d6](https://github.com/ory/hydra/commit/aebd9d61c939e3e56cf8363c5f969d7f3bb68694)), closes [#53](https://github.com/ory/hydra/issues/53)
* Fixed tests on linux hosts ([82c7431](https://github.com/ory/hydra/commit/82c74319d223e4e9c1143f5cd015001058be5501))
* Fixed typos, improved instructions ([546a109](https://github.com/ory/hydra/commit/546a1094d1acbc3ba4b61afaacbc8f699944cdd6))
* Fosite note ([f09cf2d](https://github.com/ory/hydra/commit/f09cf2dedfc5ef888efee40f1da47fa4668ccf51))
* Go highlight code examples ([3d59681](https://github.com/ory/hydra/commit/3d59681d8006c79bc18838a78c0bcc203c9c8bef))
* Godep cleanup ([a43a6fc](https://github.com/ory/hydra/commit/a43a6fc443173c7c9d329267c418fff562578c62))
* Godep save ([2b0df43](https://github.com/ory/hydra/commit/2b0df43ec06eb4472f5cf446ddb2296392211575))
* Godep save ([42335ee](https://github.com/ory/hydra/commit/42335eee937a23e67e32696c6b64abea847122d1))
* Godep save ([1b84d53](https://github.com/ory/hydra/commit/1b84d538f5bac3a4b03c6a7f4194ad90b8df1fce))
* Godep save ([560a6a0](https://github.com/ory/hydra/commit/560a6a06eff252ee693fc58cfbc7d56f31fd47a7))
* Godep update ([e4e9b03](https://github.com/ory/hydra/commit/e4e9b0316fd1977773eb8fc0937db596f9474df8))
* Godep update ([aac79e9](https://github.com/ory/hydra/commit/aac79e9bb136a7ded5a74d1f319971a996598057))
* Godir ([988824d](https://github.com/ory/hydra/commit/988824dd76246b389558001699c1ac32f2f1a0ba))
* Gofmt ([ae5b637](https://github.com/ory/hydra/commit/ae5b637364271b27c9fcfceeecc717c79ee48b04))
* Gofmt ([46bcfda](https://github.com/ory/hydra/commit/46bcfda4af419b8ccd6aab0a946f8e00f96600b0))
* Gofmt ([1a6aba1](https://github.com/ory/hydra/commit/1a6aba11823d8bdee73695f6bcfddf0375dc6214))
* Goimports ([9b51600](https://github.com/ory/hydra/commit/9b516002d04c3fd84ec9fac214f937f891d53829))
* Handler updates and tests ([911fc88](https://github.com/ory/hydra/commit/911fc883d36dadfe5f64c8593fe4f0aee8aab1f8))
* HTTP/2 + TLS support, refactored jwt and tls commands ([e5b5a47](https://github.com/ory/hydra/commit/e5b5a471897fe5fd63da4261ce165973b7ab8de2))
* HttpErrorHandler is now WriteError ([a3f809f](https://github.com/ory/hydra/commit/a3f809f9abdb4c979d5f508c476080a294189cd2))
* Implemented hash and account ([4c345d3](https://github.com/ory/hydra/commit/4c345d3f4d72878477c6afaf2fb0ffda4459d87e))
* Implemented jwt, middleware, test coverage and handlers. ([10ba9ef](https://github.com/ory/hydra/commit/10ba9ef2dd96d87fce45dfb3ad8d78fde0da3e47))
* Implemented provider "sso" flow ([6f365ff](https://github.com/ory/hydra/commit/6f365ff911697f382a675de0e117a5da3dd26c9a))
* Improve installation guide ([#131](https://github.com/ory/hydra/issues/131)) ([c0cbf09](https://github.com/ory/hydra/commit/c0cbf09d1a936c5b641e26d9a31e082581d603cb))
* Improved cli options, improved provider workflow ([f1021e8](https://github.com/ory/hydra/commit/f1021e878bcf3473eb3e91154954455e82f49273))
* Improved provider workflow and resolved dropbox issues ([d8f2c03](https://github.com/ory/hydra/commit/d8f2c03137fecee6a0b648bc2c250e61b8c75c91))
* Improved signature ([0358b6b](https://github.com/ory/hydra/commit/0358b6bedd0522ef99c65785727131d39c5c119c))
* Improved tests ([5359952](https://github.com/ory/hydra/commit/5359952200fb1dc1ea1198c8ed56779ed6ecec88))
* Increased coverage ([e20043b](https://github.com/ory/hydra/commit/e20043b69d23c66b22ce0c349cd6ee9c2a7caf87))
* Increased test coverage ([5b4f6ac](https://github.com/ory/hydra/commit/5b4f6ac583bf7d1399c2bd4a220447f07523a04f))
* Linked assertion todo to [#29](https://github.com/ory/hydra/issues/29) ([a6c8beb](https://github.com/ory/hydra/commit/a6c8beba95d2dea5028c3712616a6ceedaa8bb16))
* Log refactoring ([90a0a8c](https://github.com/ory/hydra/commit/90a0a8c4ea74803266997bda2f5e55d679426a69))
* Make access token lifetime configurable ([2f69644](https://github.com/ory/hydra/commit/2f69644fd4b0b789123fc54d0710b7bfb1535f5b))
* Migrated ladon policy struct changes ([1d97e00](https://github.com/ory/hydra/commit/1d97e00762ab981f5b5a18b4d3bb96a78acbc9a5))
* Minor grammar/spelling fixes ([#144](https://github.com/ory/hydra/issues/144)) ([1c87dc9](https://github.com/ory/hydra/commit/1c87dc9e772492ae065aa1f59d55268b30a1cdff))
* Mocks and tests ([848d6db](https://github.com/ory/hydra/commit/848d6db75521963dbf7118b04d16e6a5ab2cd7d5))
* Mount warden handler ([#110](https://github.com/ory/hydra/issues/110)) ([127db0a](https://github.com/ory/hydra/commit/127db0a8555cb541b8ff04256683f25a929530f3))
* Moved package pkg to ory-am/common ([71d870b](https://github.com/ory/hydra/commit/71d870b561790fae54160f53907a8880121e228d))
* New concept, moved backend to postgres, added tests, cleaned up legacy code ([a48297d](https://github.com/ory/hydra/commit/a48297db6b0b0260bca6b54cd2c3ebe72a10b8e1))
* New go vendor format ([fa710a8](https://github.com/ory/hydra/commit/fa710a82a57fddfb478db73ffd9820b0101a2239))
* Now ContextAdapter is chainable, decreasing middleare code complexity a lot. ([e6e3799](https://github.com/ory/hydra/commit/e6e3799a2687440e681701912c0f72a0e37ec30a)):
Chainable model is inspired by https://github.com/justinas/alice
* Now tries to refresh when token is invalid ([29c16dc](https://github.com/ory/hydra/commit/29c16dc977ebb46b0288606e17cb9634b6fe5f5d))
* Oauth and guard endpoints now accept basic auth instead of token auth. ([7d6b191](https://github.com/ory/hydra/commit/7d6b19103aaa6606171a75307bdf454cc0a0ce8b))
* Policy import ([3afd199](https://github.com/ory/hydra/commit/3afd199757f471bc5675244860e96aa1aace7634))
* Print out newlines at string end ([0a0ff98](https://github.com/ory/hydra/commit/0a0ff9834356dcbed63e3555c8d026176f8057b8))
* Refactor, more endpoints and tests ([ff69586](https://github.com/ory/hydra/commit/ff6958616f73b98946d70dad064b4193dc1bad8b))
* Refactored the DATABASE_URL to accept given database technology instead of using an extra environment variable DATABASE (as per discussions in [#53](https://github.com/ory/hydra/issues/53)). ([c9ef33d](https://github.com/ory/hydra/commit/c9ef33da8e412a2c3687a94b1eb7a8d7095eda78))
* Refactored usage and added tests ([9fd1676](https://github.com/ory/hydra/commit/9fd1676fd3b5708968a329751ee5f69ff288a55a))
* Refactoring, added introspection ([adec4ae](https://github.com/ory/hydra/commit/adec4ae308824e0c3aa6128833c038a0b9fb6a99))
* Remove godeps and keep removed until release ([6a2176a](https://github.com/ory/hydra/commit/6a2176aadd8f89c6f4b875631e70553723cb6779))
* Remove http2 dependency ([1c8c770](https://github.com/ory/hydra/commit/1c8c77094b48d58f78b60c47482c36ff048fca18))
* Remove wait time on boot and use restart unless-stopped option instead ([#105](https://github.com/ory/hydra/issues/105)) ([eb72850](https://github.com/ory/hydra/commit/eb7285085fe37ad6b3792a116795b1b21bdaa67e))
* Removed skipping of CA checks and instead added option to use HTTP without TLS ([6f3411a](https://github.com/ory/hydra/commit/6f3411abc27f0b74cfc8e9aa719235e2bcb36e2b))
* Resolve date and scope issues ([24d34b3](https://github.com/ory/hydra/commit/24d34b312ee95f82def54d9f6a48e1cf3f5e3902)), closes [#126](https://github.com/ory/hydra/issues/126) [#125](https://github.com/ory/hydra/issues/125) [#124](https://github.com/ory/hydra/issues/124)
* Resolve issues with the sdk and cli, set scopes in token user cmd ([#142](https://github.com/ory/hydra/issues/142)) ([b8673b7](https://github.com/ory/hydra/commit/b8673b728ceb288667d123b2ef81ddfd06f2d985)), closes [#141](https://github.com/ory/hydra/issues/141) [#137](https://github.com/ory/hydra/issues/137) [#138](https://github.com/ory/hydra/issues/138)
* Resolve race condition ([0a17528](https://github.com/ory/hydra/commit/0a1752898de3ed5470c19d092a0a1556ae8cd71e))
* Resolve rethinkdb and warden endpoint issues ([ac7710d](https://github.com/ory/hydra/commit/ac7710db583b429ea3a8f0c7bcd79b432d091446)), closes [#122](https://github.com/ory/hydra/issues/122) [#121](https://github.com/ory/hydra/issues/121):
* rethinkdb: resolve an issue where missing refresh tokens cause duplicate key error
* Resolve too many open files issue ([6e9b681](https://github.com/ory/hydra/commit/6e9b681b73c3978b4dce28cc7be23a1422c90e26)), closes [#47](https://github.com/ory/hydra/issues/47)
* Resolved remaining issues with jwt and middlewares ([bfcd40f](https://github.com/ory/hydra/commit/bfcd40f128ced7961ab497251ea45e216608fc2d))
* Resolved that secrets can not be set when using http or cli ([#102](https://github.com/ory/hydra/issues/102)) ([8dc1e1f](https://github.com/ory/hydra/commit/8dc1e1f92ce86ef8aa7d458528813cd60007ba0e))
* Return client secret on POST and remove it from GET ([#117](https://github.com/ory/hydra/issues/117)) ([8ab555d](https://github.com/ory/hydra/commit/8ab555deef095b7f8b1bd1b7418eace3108b29e3)), closes [#113](https://github.com/ory/hydra/issues/113)
* Revert ([1e23f45](https://github.com/ory/hydra/commit/1e23f45e9aade58587b6a0fdb9d99a2928749e28))
* Set keep alive, close [#146](https://github.com/ory/hydra/issues/146) ([7075f63](https://github.com/ory/hydra/commit/7075f63fd3ca5e28dd3cc6bb2cddd9526c64c3d7))
* Test cleaup ([219318a](https://github.com/ory/hydra/commit/219318a03edf344ce4f299f510009a996360983c))
* Test for errors ([d981f52](https://github.com/ory/hydra/commit/d981f52f30cf0bcd33bf5ff1e6e379d5ee41b0c9))
* Tests are now more verbose and fixed issues in tests ([b7a9916](https://github.com/ory/hydra/commit/b7a9916efe7b209b3a6f63350daae7af2356f2c0))
* Tests have to wait for database to be booted ([a5ad3fb](https://github.com/ory/hydra/commit/a5ad3fb3950c67f28684f0ad8ecb320485033fb7))
* Tls should also allow certificates from env ([89e8922](https://github.com/ory/hydra/commit/89e89225c0ec9556c774d6eb89dd62f4accb4ff7))
* Update cli usage ([2863e25](https://github.com/ory/hydra/commit/2863e251459e2a880f41d3e5fcf5be770187ae7f))
* Update faq section ([b11a44d](https://github.com/ory/hydra/commit/b11a44de2298665cb5e0577484e08fcaf2371e0f))
* Update jwt-go to versioned package and update dependencies ([#111](https://github.com/ory/hydra/issues/111)) ([fc2ad6a](https://github.com/ory/hydra/commit/fc2ad6a9e71a16387df35b912ad1487c1d9aa45e))
* Update performance section ([1e48e18](https://github.com/ory/hydra/commit/1e48e1819672fada95d8b24251d12cd883ba61fc))
* Update sections on environment variables ([f441885](https://github.com/ory/hydra/commit/f44188539c297e4b4d2e9679cefe701c08b63ea0))
* Updates ([ea2196f](https://github.com/ory/hydra/commit/ea2196fc44ddc99288e7c2d00dfa7ea1cc1c252b))
* Username instead of email, token revocation, introspect spec alignments, more tests ([3994ef0](https://github.com/ory/hydra/commit/3994ef064417533b4d71cbdf003b9cd77841f17d))
* Username instead of email, token revocation, introspect spec alignments, more tests ([1585866](https://github.com/ory/hydra/commit/15858662c7d26eacc94f562d7fe63750c9c0189b))