Tags

We are very happy to announce the 0.4 release of ORY Kratos with 163 commits and 817 changed files with 52,681 additions and 9,876 deletions.

There have been many improvements and bugfixes merged. The biggest changes are:

1. Account recovery ("reset password") has been implemented.
2. Documentation has been improved with easier to understand examples - currently only for account recovery so let us know what you think!
3. The configuration has been simplified a lot. It is now much easier to enable account recovery and email verification. This is a breaking change - please read the breaking changes section with care!
4. The Identity Traits JSON Schema has been renamed to the Identity JSON Schema. This is a breaking change - please read the breaking changes section with care!
5. `prompt=login` has been renamed to `refresh=true`. This is a breaking change - please read the breaking changes section with care!
6. We have reworked how (error) messages are returned. They now include an ID and all the parameters required for translating and customizing UI messages. This is a breaking change - please read the breaking changes section with care!
7. Instead of keeping track of `update_successful` with booleans, flows (e.g. the settings flow) that have more than one state now include a state machine. This is a breaking change - please read the breaking changes section with care!
8. Tons of tests have been added.
9. We have reworked and fully tested the migration pipeline to prevent breaking schema changes in future versions.
10. ORY Kratos now supports login with Azure AD and the Microsoft Identity Platform.

Before upgrading, please make a backup of your database and read the section "Breaking Changes" with care!

We are very happy to announce the 0.4 release of ORY Kratos with 153 commits and 760 changed files with 36,223 additions and 9,754 deletions.

There have been many improvements and bugfixes merged. The biggest changes are:

1. Account recovery ("reset password") has been implemented.
2. Documentation has been improved with easier to understand examples - currently only for account recovery so let us know what you think!
3. The configuration has been simplified a lot. It is now much easier to enable account recovery and email verification. This is a breaking change - please read the breaking changes section with care!
4. The Identity Traits JSON Schema has been renamed to the Identity JSON Schema. This is a breaking change - please read the breaking changes section with care!
5. `prompt=login` has been renamed to `refresh=true`. This is a breaking change - please read the breaking changes section with care!
6. We have reworked how (error) messages are returned. They now include an ID and all the parameters required for translating and customizing UI messages. This is a breaking change - please read the breaking changes section with care!
7. Instead of keeping track of `update_successful` with booleans, flows (e.g. the settings flow) that have more than one state now include a state machine. This is a breaking change - please read the breaking changes section with care!
8. Tons of tests have been added.
9. We have reworked and fully tested the migration pipeline to prevent breaking schema changes in future versions.
10. ORY Kratos now supports login with Azure AD and the Microsoft Identity Platform.

Before upgrading, please make a backup of your database and read the section "Breaking Changes" with care!

We are very happy to announce the 0.4 release of ORY Kratos with 153 commits and 760 changed files with 36,223 additions and 9,754 deletions.

There have been many improvements and bugfixes merged. The biggest changes are:

1. Account recovery ("reset password") has been implemented.
2. Documentation has been improved with easier to understand examples - currently only for account recovery so let us know what you think!
3. The configuration has been simplified a lot. It is now much easier to enable account recovery and email verification. This is a breaking change - please read the breaking changes section with care!
4. The Identity Traits JSON Schema has been renamed to the Identity JSON Schema. This is a breaking change - please read the breaking changes section with care!
5. `prompt=login` has been renamed to `refresh=true`. This is a breaking change - please read the breaking changes section with care!
6. We have reworked how (error) messages are returned. They now include an ID and all the parameters required for translating and customizing UI messages. This is a breaking change - please read the breaking changes section with care!
7. Instead of keeping track of `update_successful` with booleans, flows (e.g. the settings flow) that have more than one state now include a state machine. This is a breaking change - please read the breaking changes section with care!
8. Tons of tests have been added.
9. We have reworked and fully tested the migration pipeline to prevent breaking schema changes in future versions.
10. ORY Kratos now supports login with Azure AD and the Microsoft Identity Platform.

Before upgrading, please make a backup of your database and read the section "Breaking Changes" with care! This release requires running SQL migrations when upgrading!

This release finalizes the OpenID Connect and OAuth2 login, registration, and settings strategy with JsonNet data transformation! From now on, "Sign in with Google, Github, ..." is officially supported! It's also possible to link and unlink these connections using the Self-Service Settings Flow! The documentation has been updated to reflect those changes and includes guides to setting up "Sign in with GitHub" in under 5 Minutes! Please be aware that existing OpenID Connect connections will stop working. Check out the "Breaking Changes" section for more info! Want to learn more? Check [out the docs](https://www.ory.sh/kratos/docs/concepts/credentials/openid-connect-oidc-oauth2)!

We also changed the config validation output, making it easier than ever to find bugs in your config:

```
% kratos --config invalid-config.yml serve
INFO[0001] Config file loaded successfully.              path=invalid-config.yml
ERRO[0001] The provided configuration is invalid and could not be loaded. Check the output below to understand why.  config_file=invalid-config.yml

dsn: <nil>
     ^-- one or more required properties are missing

urls.whitelisted_return_to_urls: https://selfservice.office.example.com
                                 ^-- expected array, but got string

FATA[0001] The services failed to start because the configuration is invalid. Check the output above for more details.
```

This release concludes over 50 commits and 16.000 lines of code changed.

Resolves a bug in the kratos-selfservice-ui-node application.

This is a heavy release with over hundreds of commits and files changed! Let's
take a look at some of the highlights!

**ORY Oathkeeper now optional**

Using ORY Oathkeeper to protect your API is now optional. The basic quickstart
now uses a much simpler set up. Go
[check it out](https://www.ory.sh/kratos/docs/quickstart) now!

**PostgreSQL, MySQL, CockroachDB support now tested and official!**

All three databases now pass acceptance tests and are thus officially supported!

**Self-Service Profile Flow**

The self-service profile flow has been refactored into a more generic flow
allowing users to make modifications to their traits and credentials. Check out
the [docs to learn
more](https://www.ory.sh/kratos/docs/self-service/flows/user-settings-profile-management)
about the flow and it's features.

Please keep in mind that the flow's APIs have changed. We recommend re-reading
the docs!

**Managing Privileged Profile Fields**

Flows such as changing ones profile or primary email address should not be
possible unless the login session is fresh. This prevents your colleague or evil
friend to take over your account while you make yourself a coffee.

ORY Kratos now supports this by redirecting the user to the login screen if
changes to sensitive fields are made. The changes will only be applied after
successful reauthentication.

**Changes to Hooks**

This patch focuses on refactoring how self-service flows terminate and changes
how hooks behave and when they are executed.

Before this patch, it was not clear whether hooks run before or after an
identity is persisted. This caused problems with multiple writes on the HTTP
ResponseWriter and other bugs.

This patch removes certain hooks from after login, registration, and profile
flows. Per default, these flows now respond with an appropriate payload (
redirect for browsers, JSON for API clients) and deprecate the `redirect` hook.
This patch includes documentation which explains how these hooks work now.

Additionally, the documentation was updated. Especially the sections about hooks
have been refactored. The login and user registration docs have been updated to
reflect the latest changes as well.

BREAKING CHANGE: Please remove the `redirect` hook from both login,
registration, and settings after configuration. Please remove the `session` hook
from your login after configuration. Hooks have moved down a level and are now
configured at `selfservice.<login|registration|settings>.<after|before>.hooks`
instead of `selfservice.<login|registration|settings>.<after|before>.hooks`.
Hooks are now identified by `hook:` instead of `job:`. Please rename those
sections accordingly.

We recommend re-reading the
[Hooks Documentation](https://www.ory.sh/kratos/docs/self-service/hooks/index).

**Changing Passwords**

It's now possible to change your password using the Self-Service Settings Flow!
Lean more about this flow
[here](https://www.ory.sh/kratos/docs/self-service/flows/user-settings-profile-management)

**End-To-End Tests**

We added tons of end-to-end and integration tests to find and fix pesky bugs.