Ory Kratos v1.1 is the most complete, most scalable, and most secure open-source identity server on the planet, and we are thrilled to announce its release! This release comes with over 270 commits and an incredible amount of new features and capabilities!
- **Phone Verification & 2FA with SMS**: Enhance convenient security with phone verification and two-factor authentication (2FA) via SMS, integrating easily with SMS gateways like Twilio. This feature not only adds a convenient layer of security but also offers a straightforward method for user verification, increasing your trust in user accounts.
- **Translations & Internationalization**: Ory Kratos now supports multiple languages, making it accessible to a global audience. This improvement enhances the user experience by providing a localized interface, ensuring users interact with the system in their preferred language.
- **Native Support for Sign in with Google and Apple on Android/iOS**: Get more sign-ups with native support for "Sign in with Google" and "Sign in with Apple" on mobile platforms. Great user experience matters!
- **Account Linking**: Simplify user management with new features that facilitate account linking. If a user registers with a password and later signs in with a social account sharing the same email, new screens make account linking straightforward, enhancing user convenience and reducing support inquiries.
- **Passwordless "Magic Code"**: Introduce a passwordless login method with "Magic Code," which sends a one-time code to the user's email for sign-up and login. This method can also serve as a fallback when users forget their password or their social login is unavailable, streamlining the login process and improving user accessibility.
- **Session to JWT Conversion**: Convert an Ory Session Cookie or Ory Session Token into a JSON Web Token (JWT), providing more flexibility in handling sessions and integrating with other systems. This feature allows for seamless authentication and authorization processes across different platforms and services.
**Note:** To ensure a seamless upgrade experience with minimal impact, some of these features are gated behind the `feature_flags` config parameter, allowing controlled deployment and testing.
The following features have been shipped exclusively to Ory Network for this version:
- **[B2B SSO](https://www.ory.sh/docs/kratos/organizations)** allows your customers to connect their LDAP / Okta / AD / … to your login. Ory selects the correct login provider based on the user’s email domain.
- [**Significantly better API performance](https://www.ory.sh/docs/api/eventual-consistency)** for expensive API operations by specifying the desired consistency (`strong`, `eventual`).
- **Finding users effortlessly** with our new fuzzy search for credential identifiers available for the [Identity List API](https://www.ory.sh/docs/kratos/reference/api#tag/identity/operation/listIdentities).
- Better reliability when sending out emails across different providers.
- Streamlining the HTTP API and improving related SDK methods.
- Better performance when calling the whoami API endpoint, updating identities, and listing identities.
- The performance of listing identities has significantly improved with the introduction of keyset pagination. Page pagination is still available but will be fully deprecated soon.
- Ability to list multiple identities in a batch call.
- Passkeys and WebAuthn now support multiple origins, useful when working with subdomains.
- The logout flow now redirects the user back to the `return_to` parameter set in the API call.
- When updating their settings, the user was sometimes incorrectly asked to confirm the changes by providing their password. This issue has now been fixed.
- When signing up with an account that already exists, the user will be shown a hint helping them sign in to their existing account.
- CORS configuration can now be hot-reloaded.
- The integration with Ory OAuth2 / Ory Hydra has improved for logout, login session management, verification, and recovery flows.
- A new passwordless method has been added: "Magic code". It sends a one-time code to the user's email during sign-up and log-in. This method can additionally be used as a fallback login method when the user forgets their password.
- Integration with social sign-in has improved, and it is now possible to use the email verified status from the social sign-in provider.
- Ory Elements and the default Ory Account Experience are now internationalized with translations.
- It is now possible to convert an Ory Session Cookie or Ory Session Token into a JSON Web Token.
- Recovery on native apps has improved significantly and no longer requires the user to switch to a browser for the recovery step.
- Administrators can now find users by their identifiers with fuzzy search - this feature is still in preview.
- Importing HMAC-hashed passwords is now possible.
- Webhooks can now update identity admin metadata.
- New screens have been added to make account linking possible when a user has registered with a password and later tries signing in with a social account sharing the same email.
- Ability to revoke all sessions of a user when they change their password.
- Webhooks are now available for all login, registration, and login methods, including Passkeys, TOTP, and others.
- The login screen now longer shows “ID” for the primary identifier, but instead extracts the correct label - for example, “Email” or “Username” from the Identity Schema.
- Login hints help users with guidance when they are unable to sign in (wrong social sign-in provider) but have an active account.
- Phone numbers can now be verified via an SMS gateway like Twilio.
- SMS OTP is now a two-factor option.
Ory Kratos 1.1 is a major release that marks a significant milestone in our journey.
We sincerely hope that you find these new features and improvements in Ory Kratos 1.1 valuable for your projects. To experience the power of the latest release, we encourage you to get the latest version of Ory Kratos [here](https://github.com/ory/kratos) or leverage Ory Kratos in [Ory Network](https://www.ory.sh/network/) — the easiest, simplest, and most cost-effective way to run Ory.
For organizations seeking to upgrade their self-hosted solution, **Ory offers enterprise support services to ensure a smooth transition**. Our team is ready to assist you throughout the migration process, ensuring uninterrupted access to the latest features and improvements. Additionally, we provide various [support plans](https://www.ory.sh/support/) specifically tailored for self-hosting organizations. These plans offer comprehensive assistance and guidance to optimize your Ory deployments and meet your unique requirements.
We extend our heartfelt gratitude to the vibrant and supportive Ory Community. Without your constant support, feedback, and contributions, reaching this significant milestone would not have been possible. As we continue on this journey, your feedback and suggestions are invaluable to us. Together, we are shaping the future of identity management and authentication in the digital landscape.
Contributors to this release in no particular order: [moose115](https://github.com/ory/kratos/commits?author=moose115), [K3das](https://github.com/ory/kratos/commits?author=K3das), [sidartha](https://github.com/ory/kratos/commits?author=sidartha), [efesler](https://github.com/ory/kratos/commits?author=efesler), [BrandonNoad](https://github.com/ory/kratos/commits?author=BrandonNoad) ,[Saancreed](https://github.com/ory/kratos/commits?author=Saancreed), [jpogorzelski](https://github.com/ory/kratos/commits?author=jpogorzelski), [dreksx](https://github.com/ory/kratos/commits?author=dreksx), [martinloesethjensen](https://github.com/ory/kratos/commits?author=martinloesethjensen), [cpoyatos1](https://github.com/ory/kratos/commits?author=cpoyatos1), [misamu](https://github.com/ory/kratos/commits?author=misamu), [tristankenney](https://github.com/ory/kratos/commits?author=tristankenney), [nxy7](https://github.com/ory/kratos/commits?author=nxy7), [anhnmt](https://github.com/ory/kratos/commits?author=anhnmt)
Are you passionate about security and want to make a meaningful impact in one of the biggest open-source communities? Join the [Ory community](https://slack.ory.sh/) and become a part of the new ID stack. Together, we are building the next generation of IAM solutions that empower organizations and individuals to secure their identities effectively.
Want to check out Ory Kratos yourself? Use these commands to get your Ory Kratos project running on the Ory Network:
```
brew install ory/tap/cli
scoop bucket add ory <https://github.com/ory/scoop.git>
scoop install ory
bash <(curl <https://raw.githubusercontent.com/ory/meta/master/install.sh>) -b . ory
sudo mv ./ory /usr/local/bin/
ory auth login
ory create project --name "My first Kratos project"
ory open account-experience registration
ory patch identity-config \
--replace '/identity/default_schema_id="preset://username"' \
--replace '/identity/schemas=[{"id":"preset://username","url":"preset://username"}]' \
--format yaml
ory open account-experience registration
```