We are extremely excited to share this next generation of Ory Kratos! The project is truly maturing and the community is getting larger by the hour. On this special occasion, we would like to bring to your attention that the [**Ory Summit is happening tomorrow and on Friday!**](https://events.hubilo.com/ory-summit/register?mtm_campaign=ory-summit-2021&mtm_kwd=banner-landingpage) You will hear gripping talks from the Ory Community and Ory maintainers! And the best part, tickets are free and we are covering multiple time zones! This release is truly the best version of Ory Kratos to date and we want to give you a tl;dr of the 345 commits and 1152 files changed, and what you can expect from this release: - Full multi-factor authentication with different enforcement policies (soft/hard MFA). - Support for WebAuthn (FIDO2 / U2F) two-factor authentication - from fingerprints to hardware tokens every FIDO2 device is supported! - Ability to fetch the initial OAuth2 Access and Refresh and OpenID Connect ID Tokens an identity receives when performing social sign up. Optionally, these tokens are stored encrypted in the database (XChaCha20Poly1305 or AES-GCM)! - Support for TOTP (Google Authenticator) two-factor verification/authentication. - Advanced two-factor recovery with lookup secrets. - [A complete reference implementation of the Ory Kratos end-user (self-service) facing UI in ReactJS & VercelJS](https://github.com/ory/kratos-react-nextjs-ui). - "Native" support for Single-Page App Single Sign-On. - Much improved single-page app and native app APIs for all self-service flows. - Support for PKBDF2 password hashing, which will help import user passwords from other systems in the future. - Bugfixes and improvements to the OpenAPI spec and auto-generated SDKs. - ARM Docker Images. - Greatly improved internal e2e test pipeline using Cypress 8.x. - Improved functional tests with cupaloy snapshot testing. - Documentation on different error codes and message identifiers to easier translate messages in your own UI. - Better form decoding and ability to mark required JSON Schema fields as required in the UI. - Bug fixes that could result in users ending up in irrecoverable UI states. - Better support for `return_to` across flows (e.g. OIDC) and in custom UIs. - SBOM Software Supply Chain scanning & reporting. - Docker Image vulnerability checking as part of the release pipeline. - Support sending emails via AWS SES SMTP. - A REST endpoint to invalidate all an identity's sessions. As you can see, much has happened and we are grateful for all the great interactions we have with you, every day! Let's take a look at some of the breaking changes. Even though much was added, little has changed in breaking ways! This is a testament that Ory Kratos' internals and APIs are becoming more stable! This release requires you to run SQL migrations. Please, as always, create a backup of your database first! The SDKs are now generated with tag v0alpha2 to reflect that some signatures have changed in a breaking fashion. Please update your imports from `v0alpha1` to `v0alpha2`. The SMTPS scheme used in courier config URL with cleartext/StartTLS/TLS SMTP connection types is now only supporting implicit TLS. For StartTLS and cleartext SMTP, please use the SMTP scheme instead. Example: - SMTP Cleartext: `smtp://foo:bar@my-mailserver:1234/?disable_starttls=true` - SMTP with StartTLS: `smtps://foo:bar@my-mailserver:1234/` -> `smtp://foo:bar@my-mailserver:1234/` - SMTP with implicit TLS: `smtps://foo:bar@my-mailserver:1234/?legacy_ssl=true` -> `smtps://foo:bar@my-mailserver:1234/We are extremely excited to share this next generation of Ory Kratos! The project is truly maturing and the community is getting larger by the hour. On this special occasion, we would like to bring to your attention that the [**Ory Summit is happening tomorrow and on Friday!**](https://events.hubilo.com/ory-summit/register?mtm_campaign=ory-summit-2021&mtm_kwd=banner-landingpage) You will hear gripping talks from the Ory Community and Ory maintainers! And the best part, tickets are free and we are covering multiple time zones! This release is truly the best version of Ory Kratos to date and we want to give you a tl;dr of the 345 commits and 1152 files changed, and what you can expect from this release: - Full multi-factor authentication with different enforcement policies (soft/hard MFA). - Support for WebAuthn (FIDO2 / U2F) two-factor authentication - from fingerprints to hardware tokens every FIDO2 device is supported! - Ability to fetch the initial OAuth2 Access and Refresh and OpenID Connect ID Tokens an identity receives when performing social sign up. Optionally, these tokens are stored encrypted in the database (XChaCha20Poly1305 or AES-GCM)! - Support for TOTP (Google Authenticator) two-factor verification/authentication. - Advanced two-factor recovery with lookup secrets. - [A complete reference implementation of the Ory Kratos end-user (self-service) facing UI in ReactJS & VercelJS](https://github.com/ory/kratos-react-nextjs-ui). - "Native" support for Single-Page App Single Sign-On. - Much improved single-page app and native app APIs for all self-service flows. - Support for PKBDF2 password hashing, which will help import user passwords from other systems in the future. - Bugfixes and improvements to the OpenAPI spec and auto-generated SDKs. - ARM Docker Images. - Greatly improved internal e2e test pipeline using Cypress 8.x. - Improved functional tests with cupaloy snapshot testing. - Documentation on different error codes and message identifiers to easier translate messages in your own UI. - Better form decoding and ability to mark required JSON Schema fields as required in the UI. - Bug fixes that could result in users ending up in irrecoverable UI states. - Better support for `return_to` across flows (e.g. OIDC) and in custom UIs. - SBOM Software Supply Chain scanning & reporting. - Docker Image vulnerability checking as part of the release pipeline. - Support sending emails via AWS SES SMTP. - A REST endpoint to invalidate all an identity's sessions. As you can see, much has happened and we are grateful for all the great interactions we have with you, every day! Let's take a look at some of the breaking changes. Even though much was added, little has changed in breaking ways! This is a testament that Ory Kratos' internals and APIs are becoming more stable! This release requires you to run SQL migrations. Please, as always, create a backup of your database first! The SDKs are now generated with tag v0alpha2 to reflect that some signatures have changed in a breaking fashion. Please update your imports from `v0alpha1` to `v0alpha2`. The SMTPS scheme used in courier config URL with cleartext/StartTLS/TLS SMTP connection types is now only supporting implicit TLS. For StartTLS and cleartext SMTP, please use the SMTP scheme instead. Example: - SMTP Cleartext: `smtp://foo:bar@my-mailserver:1234/?disable_starttls=true` - SMTP with StartTLS: `smtps://foo:bar@my-mailserver:1234/` -> `smtp://foo:bar@my-mailserver:1234/` - SMTP with implicit TLS: `smtps://foo:bar@my-mailserver:1234/?legacy_ssl=true` -> `smtps://foo:bar@my-mailserver:1234/We are extremely excited to share this next generation of Ory Kratos! The project is truly maturing and the community is getting larger by the hour. On this special occasion, we would like to bring to your attention that the [**Ory Summit is happening tomorrow and on Friday!**](https://events.hubilo.com/ory-summit/register?mtm_campaign=ory-summit-2021&mtm_kwd=banner-landingpage) You will hear gripping talks from the Ory Community and Ory maintainers! And the best part, tickets are free and we are covering multiple time zones! This release is truly the best version of Ory Kratos to date and we want to give you a tl;dr of the 345 commits and 1152 files changed, and what you can expect from this release: - Full multi-factor authentication with different enforcement policies (soft/hard MFA). - Support for WebAuthn (FIDO2 / U2F) two-factor authentication - from fingerprints to hardware tokens every FIDO2 device is supported! - Ability to fetch the initial OAuth2 Access and Refresh and OpenID Connect ID Tokens an identity receives when performing social sign up. Optionally, these tokens are stored encrypted in the database (XChaCha20Poly1305 or AES-GCM)! - Support for TOTP (Google Authenticator) two-factor verification/authentication. - Advanced two-factor recovery with lookup secrets. - [A complete reference implementation of the Ory Kratos end-user (self-service) facing UI in ReactJS & VercelJS](https://github.com/ory/kratos-react-nextjs-ui). - "Native" support for Single-Page App Single Sign-On. - Much improved single-page app and native app APIs for all self-service flows. - Support for PKBDF2 password hashing, which will help import user passwords from other systems in the future. - Bugfixes and improvements to the OpenAPI spec and auto-generated SDKs. - ARM Docker Images. - Greatly improved internal e2e test pipeline using Cypress 8.x. - Improved functional tests with cupaloy snapshot testing. - Documentation on different error codes and message identifiers to easier translate messages in your own UI. - Better form decoding and ability to mark required JSON Schema fields as required in the UI. - Bug fixes that could result in users ending up in irrecoverable UI states. - Better support for `return_to` across flows (e.g. OIDC) and in custom UIs. - SBOM Software Supply Chain scanning & reporting. - Docker Image vulnerability checking as part of the release pipeline. - Support sending emails via AWS SES SMTP. - A REST endpoint to invalidate all an identity's sessions. As you can see, much has happened and we are grateful for all the great interactions we have with you, every day! Let's take a look at some of the breaking changes. Even though much was added, little has changed in breaking ways! This is a testament that Ory Kratos' internals and APIs are becoming more stable! This release requires you to run SQL migrations. Please, as always, create a backup of your database first! The SDKs are now generated with tag v0alpha2 to reflect that some signatures have changed in a breaking fashion. Please update your imports from `v0alpha1` to `v0alpha2`. The SMTPS scheme used in courier config URL with cleartext/StartTLS/TLS SMTP connection types is now only supporting implicit TLS. For StartTLS and cleartext SMTP, please use the SMTP scheme instead. Example: - SMTP Cleartext: `smtp://foo:bar@my-mailserver:1234/?disable_starttls=true` - SMTP with StartTLS: `smtps://foo:bar@my-mailserver:1234/` -> `smtp://foo:bar@my-mailserver:1234/` - SMTP with implicit TLS: `smtps://foo:bar@my-mailserver:1234/?legacy_ssl=true` -> `smtps://foo:bar@my-mailserver:1234/`