From 7e2b6cb9e393ca035d241f2fc27ffb5d7b8dce77 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Mon, 31 Aug 2020 13:39:50 +0000 Subject: [PATCH] autogen(docs): generate and format documentation --- docs/docs/configure-deploy.mdx | 14 +- docs/docs/install.md | 4 +- docs/docs/reference/configuration.md | 105 ++++---- .../version-v1.7/5min-tutorial.mdx | 2 - .../cli/hydra-token-introspect.md | 4 +- .../version-v1.7/concepts/logout.mdx | 2 +- .../version-v1.7/configure-deploy.mdx | 14 +- .../version-v1.7/contributing.md | 205 ++++++++++++++++ docs/versioned_docs/version-v1.7/debug.mdx | 8 +- docs/versioned_docs/version-v1.7/install.md | 4 +- .../versioned_docs/version-v1.7/milestones.md | 230 ++++++++++++++++++ .../version-v1.7/reference/api.mdx | 51 ++-- .../version-v1.7/reference/configuration.md | 120 ++++----- .../version-v1.7/security-architecture.md | 7 +- .../version-v1.7-sidebars.json | 11 + quickstart-cockroach.yml | 2 +- quickstart-mysql.yml | 2 +- quickstart-postgres.yml | 2 +- quickstart.yml | 2 +- 19 files changed, 615 insertions(+), 174 deletions(-) create mode 100644 docs/versioned_docs/version-v1.7/contributing.md create mode 100644 docs/versioned_docs/version-v1.7/milestones.md diff --git a/docs/docs/configure-deploy.mdx b/docs/docs/configure-deploy.mdx index 978847f8694..a9de55af1e2 100644 --- a/docs/docs/configure-deploy.mdx +++ b/docs/docs/configure-deploy.mdx @@ -78,11 +78,11 @@ $ export SECRETS_SYSTEM=$(export LC_CTYPE=C; cat /dev/urandom | tr -dc 'a-zA-Z0- $ export DSN=postgres://hydra:secret@ory-hydra-example--postgres:5432/hydra?sslmode=disable # Before starting, let's pull the latest ORY Hydra tag from docker. -$ docker pull oryd/hydra:v1.7.0 +$ docker pull oryd/hydra:v1.7.3 # This command will show you all the environment variables that you can set. Read this carefully. # It is the equivalent to `hydra help serve`. -$ docker run -it --rm --entrypoint hydra oryd/hydra:v1.7.0 help serve +$ docker run -it --rm --entrypoint hydra oryd/hydra:v1.7.3 help serve Starts all HTTP/2 APIs and connects to a database backend. [...] @@ -92,7 +92,7 @@ Starts all HTTP/2 APIs and connects to a database backend. # It is the equivalent to `hydra migrate sql --yes postgres://hydra:secret@ory-hydra-example--postgres:5432/hydra?sslmode=disable` $ docker run -it --rm \ --network hydraguide \ - oryd/hydra:v1.7.0 \ + oryd/hydra:v1.7.3 \ migrate sql --yes $DSN Applying `client` SQL migrations... @@ -110,7 +110,7 @@ $ docker run -d \ -e URLS_SELF_ISSUER=https://localhost:9000/ \ -e URLS_CONSENT=http://localhost:9020/consent \ -e URLS_LOGIN=http://localhost:9020/login \ - oryd/hydra:v1.7.0 serve all + oryd/hydra:v1.7.3 serve all # And check if it's running: $ docker logs ory-hydra-example--hydra @@ -178,7 +178,7 @@ ORY Hydra can be managed using the Hydra Command Line Interface (CLI), which is using ORY Hydra's REST APIs. To see the available commands, run: ```shell -$ docker run --rm -it --entrypoint hydra oryd/hydra:v1.7.0 help +$ docker run --rm -it --entrypoint hydra oryd/hydra:v1.7.3 help Hydra is a cloud native high throughput OAuth2 and OpenID Connect provider Usage: @@ -237,7 +237,7 @@ URLs the client may request: $ docker run --rm -it \ -e HYDRA_ADMIN_URL=https://ory-hydra-example--hydra:4445 \ --network hydraguide \ - oryd/hydra:v1.7.0 \ + oryd/hydra:v1.7.3 \ clients create --skip-tls-verify \ --id facebook-photo-backup \ --secret some-secret \ @@ -284,7 +284,7 @@ for an access token. The same thing happens with this command: $ docker run --rm -it \ --network hydraguide \ -p 9010:9010 \ - oryd/hydra:v1.7.0 \ + oryd/hydra:v1.7.3 \ token user --skip-tls-verify \ --port 9010 \ --auth-url https://localhost:9000/oauth2/auth \ diff --git a/docs/docs/install.md b/docs/docs/install.md index d20be0c96a6..858ea845fd2 100644 --- a/docs/docs/install.md +++ b/docs/docs/install.md @@ -11,8 +11,8 @@ binaries, Docker Images and support various package managers. We recommend using Docker to run ORY Hydra: ```shell -$ docker pull oryd/hydra:v1.7.0 -$ docker run --rm -it oryd/hydra:v1.7.0 help +$ docker pull oryd/hydra:v1.7.3 +$ docker run --rm -it oryd/hydra:v1.7.3 help ``` ## macOS diff --git a/docs/docs/reference/configuration.md b/docs/docs/reference/configuration.md index a3423351d66..676061652d3 100644 --- a/docs/docs/reference/configuration.md +++ b/docs/docs/reference/configuration.md @@ -53,7 +53,7 @@ log: # - Windows Command Line (CMD): # > set LOG_LEVEL= # - level: info + level: panic ## leak_sensitive_values ## # @@ -86,7 +86,7 @@ log: # - Windows Command Line (CMD): # > set LOG_FORMAT= # - format: text + format: json_pretty ## serve ## # @@ -108,7 +108,7 @@ serve: # - Windows Command Line (CMD): # > set SERVE_PUBLIC_PORT= # - port: 30347 + port: 8303 ## host ## # @@ -123,7 +123,7 @@ serve: # - Windows Command Line (CMD): # > set SERVE_PUBLIC_HOST= # - host: '' + host: localhost ## cors ## # @@ -142,7 +142,7 @@ serve: # - Windows Command Line (CMD): # > set SERVE_PUBLIC_CORS_ENABLED= # - enabled: false + enabled: true ## allowed_origins ## # @@ -162,9 +162,7 @@ serve: # > set SERVE_PUBLIC_CORS_ALLOWED_ORIGINS= # allowed_origins: - - https://example.com - - https://*.example.com - - https://*.foo.example.com + - '*' ## allowed_methods ## # @@ -179,7 +177,10 @@ serve: # > set SERVE_PUBLIC_CORS_ALLOWED_METHODS= # allowed_methods: - - OPTIONS + - POST + - POST + - DELETE + - HEAD ## allowed_headers ## # @@ -194,8 +195,8 @@ serve: # > set SERVE_PUBLIC_CORS_ALLOWED_HEADERS= # allowed_headers: - - est - - incididunt Lorem amet + - minim commodo ut nulla + - ea aute do officia in ## exposed_headers ## # @@ -210,9 +211,9 @@ serve: # > set SERVE_PUBLIC_CORS_EXPOSED_HEADERS= # exposed_headers: - - non - - qui - - esse commodo aliquip incididunt Duis + - do aliqua dolor + - Duis dolor + - esse Duis aute ## allow_credentials ## # @@ -240,7 +241,7 @@ serve: # - Windows Command Line (CMD): # > set SERVE_PUBLIC_CORS_OPTIONS_PASSTHROUGH= # - options_passthrough: true + options_passthrough: false ## max_age ## # @@ -254,7 +255,7 @@ serve: # - Windows Command Line (CMD): # > set SERVE_PUBLIC_CORS_MAX_AGE= # - max_age: 9597851 + max_age: 42139848 ## debug ## # @@ -285,7 +286,7 @@ serve: # - Windows Command Line (CMD): # > set SERVE_PUBLIC_SOCKET_OWNER= # - owner: ex elit cupidatat + owner: aute id ## group ## # @@ -297,7 +298,7 @@ serve: # - Windows Command Line (CMD): # > set SERVE_PUBLIC_SOCKET_GROUP= # - group: sunt aliquip occaecat proident Ut + group: eiusmod qui ## mode ## # @@ -315,7 +316,7 @@ serve: # - Windows Command Line (CMD): # > set SERVE_PUBLIC_SOCKET_MODE= # - mode: 374 + mode: 460 ## access_log ## # @@ -334,7 +335,7 @@ serve: # - Windows Command Line (CMD): # > set SERVE_PUBLIC_ACCESS_LOG_DISABLE_FOR_HEALTH= # - disable_for_health: true + disable_for_health: false ## admin ## # @@ -349,7 +350,7 @@ serve: # - Windows Command Line (CMD): # > set SERVE_ADMIN_PORT= # - port: 32941 + port: 28993 ## host ## # @@ -364,7 +365,7 @@ serve: # - Windows Command Line (CMD): # > set SERVE_ADMIN_HOST= # - host: '' + host: localhost ## cors ## # @@ -383,7 +384,7 @@ serve: # - Windows Command Line (CMD): # > set SERVE_ADMIN_CORS_ENABLED= # - enabled: false + enabled: true ## allowed_origins ## # @@ -403,7 +404,9 @@ serve: # > set SERVE_ADMIN_CORS_ALLOWED_ORIGINS= # allowed_origins: - - '*' + - https://example.com + - https://*.example.com + - https://*.foo.example.com ## allowed_methods ## # @@ -419,8 +422,6 @@ serve: # allowed_methods: - PUT - - OPTIONS - - HEAD ## allowed_headers ## # @@ -435,9 +436,8 @@ serve: # > set SERVE_ADMIN_CORS_ALLOWED_HEADERS= # allowed_headers: - - Lorem - - sint enim dolore - - laborum Ut + - ex + - amet ipsum velit exercitation ## exposed_headers ## # @@ -452,11 +452,9 @@ serve: # > set SERVE_ADMIN_CORS_EXPOSED_HEADERS= # exposed_headers: - - consequat - - voluptate veniam qui laboris eiusmod - - laboris veniam sit ea - - ipsum dolore consectetur sunt - - cupidatat + - reprehenderit et sint officia + - ut qui in est ipsum + - voluptate eu adipisicing deserunt sint ## allow_credentials ## # @@ -484,7 +482,7 @@ serve: # - Windows Command Line (CMD): # > set SERVE_ADMIN_CORS_OPTIONS_PASSTHROUGH= # - options_passthrough: false + options_passthrough: true ## max_age ## # @@ -498,7 +496,7 @@ serve: # - Windows Command Line (CMD): # > set SERVE_ADMIN_CORS_MAX_AGE= # - max_age: 86678242 + max_age: 59025101 ## debug ## # @@ -529,7 +527,7 @@ serve: # - Windows Command Line (CMD): # > set SERVE_ADMIN_SOCKET_OWNER= # - owner: minim + owner: nostrud ## group ## # @@ -541,7 +539,7 @@ serve: # - Windows Command Line (CMD): # > set SERVE_ADMIN_SOCKET_GROUP= # - group: eiusmod laboris + group: cupidatat deserunt labore ## mode ## # @@ -559,7 +557,7 @@ serve: # - Windows Command Line (CMD): # > set SERVE_ADMIN_SOCKET_MODE= # - mode: 487 + mode: 112 ## access_log ## # @@ -605,15 +603,15 @@ serve: # Configures the private key (pem encoded). # cert: - ## path ## + ## base64 ## # # Set this value using environment variables on # - Linux/macOS: - # $ export SERVE_TLS_CERT_PATH= + # $ export SERVE_TLS_CERT_BASE64= # - Windows Command Line (CMD): - # > set SERVE_TLS_CERT_PATH= + # > set SERVE_TLS_CERT_BASE64= # - path: /path/to/file.pem + base64: b3J5IGh5ZHJhIGlzIGF3ZXNvbWUK ## allow_termination_from ## # @@ -627,6 +625,8 @@ serve: # allow_termination_from: - 127.0.0.1/32 + - 127.0.0.1/32 + - 127.0.0.1/32 ## cookies ## # @@ -665,7 +665,7 @@ serve: # - Windows Command Line (CMD): # > set SERVE_COOKIES_SAME_SITE_LEGACY_WORKAROUND= # - same_site_legacy_workaround: false + same_site_legacy_workaround: true ## dsn ## # @@ -677,7 +677,7 @@ serve: # - Windows Command Line (CMD): # > set DSN= # -dsn: do consequat amet +dsn: laboris nisi Duis ## webfinger ## # @@ -704,8 +704,7 @@ webfinger: # - Windows Command Line (CMD): # > set WEBFINGER_JWKS_BROADCAST_KEYS= # - broadcast_keys: - - hydra.openid.id-token + broadcast_keys: hydra.jwt.access-token ## oidc_discovery ## # @@ -980,7 +979,7 @@ strategies: # - Windows Command Line (CMD): # > set STRATEGIES_SCOPE= # - scope: DEPRECATED_HIERARCHICAL_SCOPE_STRATEGY + scope: exact ## access_token ## # @@ -1071,7 +1070,7 @@ ttl: # - Windows Command Line (CMD): # > set TTL_AUTH_CODE= # - auth_code: 1h + auth_code: 10m ## oauth2 ## # @@ -1091,7 +1090,7 @@ oauth2: # - Windows Command Line (CMD): # > set OAUTH2_EXPOSE_INTERNAL_ERRORS= # - expose_internal_errors: false + expose_internal_errors: true ## hashers ## # @@ -1117,7 +1116,7 @@ oauth2: # - Windows Command Line (CMD): # > set OAUTH2_HASHERS_BCRYPT_COST= # - cost: 25604689 + cost: 80302629 ## pkce ## # @@ -1346,7 +1345,7 @@ tracing: # - Windows Command Line (CMD): # > set TRACING_PROVIDERS_ZIPKIN_SERVER_URL= # - server_url: http://Qxnyhjycb.exemH6IgXQuEfm3pIcZvkpW6av2RAfYBMWqNnkn.vwDiT1KjQwK7rxDI3blGaTEVyU0x9L2Nb + server_url: https://vGbnl.rxhmumKIl,MblIvqILsaRi9WINuV2yRFcg ## The Hydra version this config is written for. ## # @@ -1358,5 +1357,5 @@ tracing: # - Windows Command Line (CMD): # > set VERSION= # -version: v0.0.80-0.8097509w6ZLuPjn3j.526016149-K1ohtX.2988935926V-.77644988.44755748.0.0.03580158M.72779036dVqDBHfT.0+HPLiF.Dq7YfGcms.QmWxGFwz.yJ.x-wv8qKThN.NZJ7kXozFy.8s.CoDApT.JCoJ.YMJeHcYX.j5qwPk9JH6 +version: v427341.68337.3967595104-81504i.60060150.298752588gmt.34JoRsuy8Mv.597907805pwU.92I.118542239 ``` diff --git a/docs/versioned_docs/version-v1.7/5min-tutorial.mdx b/docs/versioned_docs/version-v1.7/5min-tutorial.mdx index 9353c1a0a6a..64a1b2bdf61 100644 --- a/docs/versioned_docs/version-v1.7/5min-tutorial.mdx +++ b/docs/versioned_docs/version-v1.7/5min-tutorial.mdx @@ -114,8 +114,6 @@ just got and not the dummy value. $ docker-compose -f quickstart.yml exec hydra \ hydra token introspect \ --endpoint http://127.0.0.1:4445/ \ - --client-id my-client \ - --client-secret secret \ UDYMha9TwsMBejEvKfnDOXkhgkLsnmUNYVQDklT5bD8.ZNpuNRC85erbIYDjPqhMwTinlvQmNTk_UvttcLQxFJY diff --git a/docs/versioned_docs/version-v1.7/cli/hydra-token-introspect.md b/docs/versioned_docs/version-v1.7/cli/hydra-token-introspect.md index f7c896ef600..38f0480c39c 100644 --- a/docs/versioned_docs/version-v1.7/cli/hydra-token-introspect.md +++ b/docs/versioned_docs/version-v1.7/cli/hydra-token-introspect.md @@ -26,8 +26,8 @@ hydra token introspect [flags] ``` --access-token string Set an access token to be used in the Authorization header, defaults to environment variable OAUTH2_ACCESS_TOKEN - --client-id string Use the provided OAuth 2.0 Client ID, defaults to environment variable OAUTH2_CLIENT_ID - --client-secret string Use the provided OAuth 2.0 Client Secret, defaults to environment variable OAUTH2_CLIENT_SECRET + --client-id string This field is DEPRECATED and has no effect. Use the provided OAuth 2.0 Client ID, defaults to environment variable OAUTH2_CLIENT_ID + --client-secret string This field is DEPRECATED and has no effect. Use the provided OAuth 2.0 Client Secret, defaults to environment variable OAUTH2_CLIENT_SECRET --endpoint string Set the URL where ORY Hydra is hosted, defaults to environment variable HYDRA_ADMIN_URL -h, --help help for introspect --scope strings Additionally check if scope was granted diff --git a/docs/versioned_docs/version-v1.7/concepts/logout.mdx b/docs/versioned_docs/version-v1.7/concepts/logout.mdx index c04e743a949..559f0ca8e6a 100644 --- a/docs/versioned_docs/version-v1.7/concepts/logout.mdx +++ b/docs/versioned_docs/version-v1.7/concepts/logout.mdx @@ -29,7 +29,7 @@ Login UI and Consent UI) to confirm the logout request. There are several possible pathways for executing this flow, explained in the following diagram: -[![User Logout](https://mermaid.ink/img/eyJjb2RlIjoiZ3JhcGggVEQ7XG4gICAgSVtHRVQgL29hdXRoMi9zZXNzaW9uL2xvZ291dF0tLT58aGFzIGlkX3Rva2VuX2hpbnQqfFJQSVtSUC1pbml0aWF0ZWQgbG9nb3V0XTtcbiAgICBJW0dFVCAvb2F1dGgyL3Nlc3Npb24vbG9nb3V0XS0tPnxkb2VzIG5vdCBoYXZlIGlkX3Rva2VuX2hpbnQqfE9QSVtPUC1pbml0aWF0ZWQgbG9nb3V0XVxuT1BJLS0-fGhhcyBzdGF0ZSp8RVtFcnJvcl1cbk9QSS0tPnxoYXMgcG9zdF9sb2dvdXRfdXJpKnxFW0Vycm9yXVxuT1BJLS0-fGhhcyB2YWxpZCBzZXNzaW9uIGNvb2tpZXxMVUlbTG9nb3V0IFVJIHdpdGggP2xvZ291dF9jaGFsbGVuZ2U9Li4uXVxuT1BJLS0-fGhhcyBubyB2YWxpZCBzZXNpb24gY29va2llfEVuZFtSZXR1cm4gdG8gcG9zdF9sb2dvdXRfdXJsKioqXVxuUlBJLS0-fGhhcyBhY3RpdmUgc2Vzc2lvbioqKip8TFVJXG5SUEktLT58bm8gYWN0aXZlIHNlc3Npb24qKioqfFJQSTJcbkxVSS0tPnx2ZXJpZnkgbG9nb3V0IHJlcXVlc3R8TFVJXG5MVUktLT58cmVkaXJlY3Qgd2l0aCBsb2dvdXRfdmVyaWZpZXIqfFJQSTJbIC9vYXV0aDIvc2Vzc2lvbnMvbG9nb3V0P2xvZ291dF92ZXJpZmllcj0uLi5dXG5SUEkyLS0-fGV4ZWN1dGUgZnJvbnQvYmFja2NoYW5uZWwgbG9nb3V0LCByZXZva2UgY29va2llfFJQSTJcblJQSTItLT58UmVkaXJlY3QgdG98RW5kIiwibWVybWFpZCI6eyJ0aGVtZSI6ImRlZmF1bHQifX0)](https://mermaid-js.github.io/mermaid-live-editor/#/edit/eyJjb2RlIjoiZ3JhcGggVEQ7XG4gICAgSVtHRVQgL29hdXRoMi9zZXNzaW9uL2xvZ291dF0tLT58aGFzIGlkX3Rva2VuX2hpbnQqfFJQSVtSUC1pbml0aWF0ZWQgbG9nb3V0XTtcbiAgICBJW0dFVCAvb2F1dGgyL3Nlc3Npb24vbG9nb3V0XS0tPnxkb2VzIG5vdCBoYXZlIGlkX3Rva2VuX2hpbnQqfE9QSVtPUC1pbml0aWF0ZWQgbG9nb3V0XVxuT1BJLS0-fGhhcyBzdGF0ZSp8RVtFcnJvcl1cbk9QSS0tPnxoYXMgcG9zdF9sb2dvdXRfdXJpKnxFW0Vycm9yXVxuT1BJLS0-fGhhcyB2YWxpZCBzZXNzaW9uIGNvb2tpZXxMVUlbTG9nb3V0IFVJIHdpdGggP2xvZ291dF9jaGFsbGVuZ2U9Li4uXVxuT1BJLS0-fGhhcyBubyB2YWxpZCBzZXNpb24gY29va2llfEVuZFtSZXR1cm4gdG8gcG9zdF9sb2dvdXRfdXJsKioqXVxuUlBJLS0-fGhhcyBhY3RpdmUgc2Vzc2lvbioqKip8TFVJXG5SUEktLT58bm8gYWN0aXZlIHNlc3Npb24qKioqfFJQSTJcbkxVSS0tPnx2ZXJpZnkgbG9nb3V0IHJlcXVlc3R8TFVJXG5MVUktLT58cmVkaXJlY3Qgd2l0aCBsb2dvdXRfdmVyaWZpZXIqfFJQSTJbIC9vYXV0aDIvc2Vzc2lvbnMvbG9nb3V0P2xvZ291dF92ZXJpZmllcj0uLi5dXG5SUEkyLS0-fGV4ZWN1dGUgZnJvbnQvYmFja2NoYW5uZWwgbG9nb3V0LCByZXZva2UgY29va2llfFJQSTJcblJQSTItLT58UmVkaXJlY3QgdG98RW5kIiwibWVybWFpZCI6eyJ0aGVtZSI6ImRlZmF1bHQifX0) +[![User Logout](https://mermaid.ink/img/eyJjb2RlIjoiZ3JhcGggVEQ7XG4gICAgSVtHRVQgL29hdXRoMi9zZXNzaW9uL2xvZ291dF0tLT58aGFzIGlkX3Rva2VuX2hpbnQqfFJQSVtSUC1pbml0aWF0ZWQgbG9nb3V0XTtcbiAgICBJW0dFVCAvb2F1dGgyL3Nlc3Npb24vbG9nb3V0XS0tPnxkb2VzIG5vdCBoYXZlIGlkX3Rva2VuX2hpbnQqfE9QSVtPUC1pbml0aWF0ZWQgbG9nb3V0XVxuT1BJLS0-fGhhcyBzdGF0ZSp8RVtFcnJvcl1cbk9QSS0tPnxoYXMgcG9zdF9sb2dvdXRfdXJpKnxFW0Vycm9yXVxuT1BJLS0-fGhhcyB2YWxpZCBzZXNzaW9uIGNvb2tpZSoqfExVSVtMb2dvdXQgVUkgd2l0aCA_bG9nb3V0X2NoYWxsZW5nZT0uLi5dXG5PUEktLT58bm8gc2Vzc2lvbiBjb29raWUqKnxFbmRbUmV0dXJuIHRvIHBvc3RfbG9nb3V0X3VybCoqKl1cblJQSS0tPnxoYXMgYWN0aXZlIHNlc3Npb24qKnxMVUlcblJQSS0tPnxubyBhY3RpdmUgc2Vzc2lvbioqfFJQSTJcbkxVSS0tPnx2ZXJpZnkgbG9nb3V0IHJlcXVlc3R8TFVJXG5MVUktLT58cmVkaXJlY3Qgd2l0aCBsb2dvdXRfdmVyaWZpZXIqfFJQSTJbIC9vYXV0aDIvc2Vzc2lvbnMvbG9nb3V0P2xvZ291dF92ZXJpZmllcj0uLi5dXG5SUEkyLS0-fGV4ZWN1dGUgZnJvbnQvYmFja2NoYW5uZWwgbG9nb3V0LCByZXZva2UgY29va2llfFJQSTJcblJQSTItLT58UmVkaXJlY3QgdG98RW5kIiwibWVybWFpZCI6eyJ0aGVtZSI6ImRlZmF1bHQiLCJ0aGVtZVZhcmlhYmxlcyI6eyJiYWNrZ3JvdW5kIjoid2hpdGUiLCJwcmltYXJ5Q29sb3IiOiIjRUNFQ0ZGIiwic2Vjb25kYXJ5Q29sb3IiOiIjZmZmZmRlIiwidGVydGlhcnlDb2xvciI6ImhzbCg4MCwgMTAwJSwgOTYuMjc0NTA5ODAzOSUpIiwicHJpbWFyeUJvcmRlckNvbG9yIjoiaHNsKDI0MCwgNjAlLCA4Ni4yNzQ1MDk4MDM5JSkiLCJzZWNvbmRhcnlCb3JkZXJDb2xvciI6ImhzbCg2MCwgNjAlLCA4My41Mjk0MTE3NjQ3JSkiLCJ0ZXJ0aWFyeUJvcmRlckNvbG9yIjoiaHNsKDgwLCA2MCUsIDg2LjI3NDUwOTgwMzklKSIsInByaW1hcnlUZXh0Q29sb3IiOiIjMTMxMzAwIiwic2Vjb25kYXJ5VGV4dENvbG9yIjoiIzAwMDAyMSIsInRlcnRpYXJ5VGV4dENvbG9yIjoicmdiKDkuNTAwMDAwMDAwMSwgOS41MDAwMDAwMDAxLCA5LjUwMDAwMDAwMDEpIiwibGluZUNvbG9yIjoiIzMzMzMzMyIsInRleHRDb2xvciI6IiMzMzMiLCJtYWluQmtnIjoiI0VDRUNGRiIsInNlY29uZEJrZyI6IiNmZmZmZGUiLCJib3JkZXIxIjoiIzkzNzBEQiIsImJvcmRlcjIiOiIjYWFhYTMzIiwiYXJyb3doZWFkQ29sb3IiOiIjMzMzMzMzIiwiZm9udEZhbWlseSI6IlwidHJlYnVjaGV0IG1zXCIsIHZlcmRhbmEsIGFyaWFsIiwiZm9udFNpemUiOiIxNnB4IiwibGFiZWxCYWNrZ3JvdW5kIjoiI2U4ZThlOCIsIm5vZGVCa2ciOiIjRUNFQ0ZGIiwibm9kZUJvcmRlciI6IiM5MzcwREIiLCJjbHVzdGVyQmtnIjoiI2ZmZmZkZSIsImNsdXN0ZXJCb3JkZXIiOiIjYWFhYTMzIiwiZGVmYXVsdExpbmtDb2xvciI6IiMzMzMzMzMiLCJ0aXRsZUNvbG9yIjoiIzMzMyIsImVkZ2VMYWJlbEJhY2tncm91bmQiOiIjZThlOGU4IiwiYWN0b3JCb3JkZXIiOiJoc2woMjU5LjYyNjE2ODIyNDMsIDU5Ljc3NjUzNjMxMjglLCA4Ny45MDE5NjA3ODQzJSkiLCJhY3RvckJrZyI6IiNFQ0VDRkYiLCJhY3RvclRleHRDb2xvciI6ImJsYWNrIiwiYWN0b3JMaW5lQ29sb3IiOiJncmV5Iiwic2lnbmFsQ29sb3IiOiIjMzMzIiwic2lnbmFsVGV4dENvbG9yIjoiIzMzMyIsImxhYmVsQm94QmtnQ29sb3IiOiIjRUNFQ0ZGIiwibGFiZWxCb3hCb3JkZXJDb2xvciI6ImhzbCgyNTkuNjI2MTY4MjI0MywgNTkuNzc2NTM2MzEyOCUsIDg3LjkwMTk2MDc4NDMlKSIsImxhYmVsVGV4dENvbG9yIjoiYmxhY2siLCJsb29wVGV4dENvbG9yIjoiYmxhY2siLCJub3RlQm9yZGVyQ29sb3IiOiIjYWFhYTMzIiwibm90ZUJrZ0NvbG9yIjoiI2ZmZjVhZCIsIm5vdGVUZXh0Q29sb3IiOiJibGFjayIsImFjdGl2YXRpb25Cb3JkZXJDb2xvciI6IiM2NjYiLCJhY3RpdmF0aW9uQmtnQ29sb3IiOiIjZjRmNGY0Iiwic2VxdWVuY2VOdW1iZXJDb2xvciI6IndoaXRlIiwic2VjdGlvbkJrZ0NvbG9yIjoicmdiYSgxMDIsIDEwMiwgMjU1LCAwLjQ5KSIsImFsdFNlY3Rpb25Ca2dDb2xvciI6IndoaXRlIiwic2VjdGlvbkJrZ0NvbG9yMiI6IiNmZmY0MDAiLCJ0YXNrQm9yZGVyQ29sb3IiOiIjNTM0ZmJjIiwidGFza0JrZ0NvbG9yIjoiIzhhOTBkZCIsInRhc2tUZXh0TGlnaHRDb2xvciI6IndoaXRlIiwidGFza1RleHRDb2xvciI6IndoaXRlIiwidGFza1RleHREYXJrQ29sb3IiOiJibGFjayIsInRhc2tUZXh0T3V0c2lkZUNvbG9yIjoiYmxhY2siLCJ0YXNrVGV4dENsaWNrYWJsZUNvbG9yIjoiIzAwMzE2MyIsImFjdGl2ZVRhc2tCb3JkZXJDb2xvciI6IiM1MzRmYmMiLCJhY3RpdmVUYXNrQmtnQ29sb3IiOiIjYmZjN2ZmIiwiZ3JpZENvbG9yIjoibGlnaHRncmV5IiwiZG9uZVRhc2tCa2dDb2xvciI6ImxpZ2h0Z3JleSIsImRvbmVUYXNrQm9yZGVyQ29sb3IiOiJncmV5IiwiY3JpdEJvcmRlckNvbG9yIjoiI2ZmODg4OCIsImNyaXRCa2dDb2xvciI6InJlZCIsInRvZGF5TGluZUNvbG9yIjoicmVkIiwibGFiZWxDb2xvciI6ImJsYWNrIiwiZXJyb3JCa2dDb2xvciI6IiM1NTIyMjIiLCJlcnJvclRleHRDb2xvciI6IiM1NTIyMjIiLCJjbGFzc1RleHQiOiIjMTMxMzAwIiwiZmlsbFR5cGUwIjoiI0VDRUNGRiIsImZpbGxUeXBlMSI6IiNmZmZmZGUiLCJmaWxsVHlwZTIiOiJoc2woMzA0LCAxMDAlLCA5Ni4yNzQ1MDk4MDM5JSkiLCJmaWxsVHlwZTMiOiJoc2woMTI0LCAxMDAlLCA5My41Mjk0MTE3NjQ3JSkiLCJmaWxsVHlwZTQiOiJoc2woMTc2LCAxMDAlLCA5Ni4yNzQ1MDk4MDM5JSkiLCJmaWxsVHlwZTUiOiJoc2woLTQsIDEwMCUsIDkzLjUyOTQxMTc2NDclKSIsImZpbGxUeXBlNiI6ImhzbCg4LCAxMDAlLCA5Ni4yNzQ1MDk4MDM5JSkiLCJmaWxsVHlwZTciOiJoc2woMTg4LCAxMDAlLCA5My41Mjk0MTE3NjQ3JSkifX0sInVwZGF0ZUVkaXRvciI6ZmFsc2V9)](https://mermaid-js.github.io/mermaid-live-editor/#/edit/eyJjb2RlIjoiZ3JhcGggVEQ7XG4gICAgSVtHRVQgL29hdXRoMi9zZXNzaW9uL2xvZ291dF0tLT58aGFzIGlkX3Rva2VuX2hpbnQqfFJQSVtSUC1pbml0aWF0ZWQgbG9nb3V0XTtcbiAgICBJW0dFVCAvb2F1dGgyL3Nlc3Npb24vbG9nb3V0XS0tPnxkb2VzIG5vdCBoYXZlIGlkX3Rva2VuX2hpbnQqfE9QSVtPUC1pbml0aWF0ZWQgbG9nb3V0XVxuT1BJLS0-fGhhcyBzdGF0ZSp8RVtFcnJvcl1cbk9QSS0tPnxoYXMgcG9zdF9sb2dvdXRfdXJpKnxFW0Vycm9yXVxuT1BJLS0-fGhhcyB2YWxpZCBzZXNzaW9uIGNvb2tpZSoqfExVSVtMb2dvdXQgVUkgd2l0aCA_bG9nb3V0X2NoYWxsZW5nZT0uLi5dXG5PUEktLT58bm8gc2Vzc2lvbiBjb29raWUqKnxFbmRbUmV0dXJuIHRvIHBvc3RfbG9nb3V0X3VybCoqKl1cblJQSS0tPnxoYXMgYWN0aXZlIHNlc3Npb24qKnxMVUlcblJQSS0tPnxubyBhY3RpdmUgc2Vzc2lvbioqfFJQSTJcbkxVSS0tPnx2ZXJpZnkgbG9nb3V0IHJlcXVlc3R8TFVJXG5MVUktLT58cmVkaXJlY3Qgd2l0aCBsb2dvdXRfdmVyaWZpZXIqfFJQSTJbIC9vYXV0aDIvc2Vzc2lvbnMvbG9nb3V0P2xvZ291dF92ZXJpZmllcj0uLi5dXG5SUEkyLS0-fGV4ZWN1dGUgZnJvbnQvYmFja2NoYW5uZWwgbG9nb3V0LCByZXZva2UgY29va2llfFJQSTJcblJQSTItLT58UmVkaXJlY3QgdG98RW5kIiwibWVybWFpZCI6eyJ0aGVtZSI6ImRlZmF1bHQiLCJ0aGVtZVZhcmlhYmxlcyI6eyJiYWNrZ3JvdW5kIjoid2hpdGUiLCJwcmltYXJ5Q29sb3IiOiIjRUNFQ0ZGIiwic2Vjb25kYXJ5Q29sb3IiOiIjZmZmZmRlIiwidGVydGlhcnlDb2xvciI6ImhzbCg4MCwgMTAwJSwgOTYuMjc0NTA5ODAzOSUpIiwicHJpbWFyeUJvcmRlckNvbG9yIjoiaHNsKDI0MCwgNjAlLCA4Ni4yNzQ1MDk4MDM5JSkiLCJzZWNvbmRhcnlCb3JkZXJDb2xvciI6ImhzbCg2MCwgNjAlLCA4My41Mjk0MTE3NjQ3JSkiLCJ0ZXJ0aWFyeUJvcmRlckNvbG9yIjoiaHNsKDgwLCA2MCUsIDg2LjI3NDUwOTgwMzklKSIsInByaW1hcnlUZXh0Q29sb3IiOiIjMTMxMzAwIiwic2Vjb25kYXJ5VGV4dENvbG9yIjoiIzAwMDAyMSIsInRlcnRpYXJ5VGV4dENvbG9yIjoicmdiKDkuNTAwMDAwMDAwMSwgOS41MDAwMDAwMDAxLCA5LjUwMDAwMDAwMDEpIiwibGluZUNvbG9yIjoiIzMzMzMzMyIsInRleHRDb2xvciI6IiMzMzMiLCJtYWluQmtnIjoiI0VDRUNGRiIsInNlY29uZEJrZyI6IiNmZmZmZGUiLCJib3JkZXIxIjoiIzkzNzBEQiIsImJvcmRlcjIiOiIjYWFhYTMzIiwiYXJyb3doZWFkQ29sb3IiOiIjMzMzMzMzIiwiZm9udEZhbWlseSI6IlwidHJlYnVjaGV0IG1zXCIsIHZlcmRhbmEsIGFyaWFsIiwiZm9udFNpemUiOiIxNnB4IiwibGFiZWxCYWNrZ3JvdW5kIjoiI2U4ZThlOCIsIm5vZGVCa2ciOiIjRUNFQ0ZGIiwibm9kZUJvcmRlciI6IiM5MzcwREIiLCJjbHVzdGVyQmtnIjoiI2ZmZmZkZSIsImNsdXN0ZXJCb3JkZXIiOiIjYWFhYTMzIiwiZGVmYXVsdExpbmtDb2xvciI6IiMzMzMzMzMiLCJ0aXRsZUNvbG9yIjoiIzMzMyIsImVkZ2VMYWJlbEJhY2tncm91bmQiOiIjZThlOGU4IiwiYWN0b3JCb3JkZXIiOiJoc2woMjU5LjYyNjE2ODIyNDMsIDU5Ljc3NjUzNjMxMjglLCA4Ny45MDE5NjA3ODQzJSkiLCJhY3RvckJrZyI6IiNFQ0VDRkYiLCJhY3RvclRleHRDb2xvciI6ImJsYWNrIiwiYWN0b3JMaW5lQ29sb3IiOiJncmV5Iiwic2lnbmFsQ29sb3IiOiIjMzMzIiwic2lnbmFsVGV4dENvbG9yIjoiIzMzMyIsImxhYmVsQm94QmtnQ29sb3IiOiIjRUNFQ0ZGIiwibGFiZWxCb3hCb3JkZXJDb2xvciI6ImhzbCgyNTkuNjI2MTY4MjI0MywgNTkuNzc2NTM2MzEyOCUsIDg3LjkwMTk2MDc4NDMlKSIsImxhYmVsVGV4dENvbG9yIjoiYmxhY2siLCJsb29wVGV4dENvbG9yIjoiYmxhY2siLCJub3RlQm9yZGVyQ29sb3IiOiIjYWFhYTMzIiwibm90ZUJrZ0NvbG9yIjoiI2ZmZjVhZCIsIm5vdGVUZXh0Q29sb3IiOiJibGFjayIsImFjdGl2YXRpb25Cb3JkZXJDb2xvciI6IiM2NjYiLCJhY3RpdmF0aW9uQmtnQ29sb3IiOiIjZjRmNGY0Iiwic2VxdWVuY2VOdW1iZXJDb2xvciI6IndoaXRlIiwic2VjdGlvbkJrZ0NvbG9yIjoicmdiYSgxMDIsIDEwMiwgMjU1LCAwLjQ5KSIsImFsdFNlY3Rpb25Ca2dDb2xvciI6IndoaXRlIiwic2VjdGlvbkJrZ0NvbG9yMiI6IiNmZmY0MDAiLCJ0YXNrQm9yZGVyQ29sb3IiOiIjNTM0ZmJjIiwidGFza0JrZ0NvbG9yIjoiIzhhOTBkZCIsInRhc2tUZXh0TGlnaHRDb2xvciI6IndoaXRlIiwidGFza1RleHRDb2xvciI6IndoaXRlIiwidGFza1RleHREYXJrQ29sb3IiOiJibGFjayIsInRhc2tUZXh0T3V0c2lkZUNvbG9yIjoiYmxhY2siLCJ0YXNrVGV4dENsaWNrYWJsZUNvbG9yIjoiIzAwMzE2MyIsImFjdGl2ZVRhc2tCb3JkZXJDb2xvciI6IiM1MzRmYmMiLCJhY3RpdmVUYXNrQmtnQ29sb3IiOiIjYmZjN2ZmIiwiZ3JpZENvbG9yIjoibGlnaHRncmV5IiwiZG9uZVRhc2tCa2dDb2xvciI6ImxpZ2h0Z3JleSIsImRvbmVUYXNrQm9yZGVyQ29sb3IiOiJncmV5IiwiY3JpdEJvcmRlckNvbG9yIjoiI2ZmODg4OCIsImNyaXRCa2dDb2xvciI6InJlZCIsInRvZGF5TGluZUNvbG9yIjoicmVkIiwibGFiZWxDb2xvciI6ImJsYWNrIiwiZXJyb3JCa2dDb2xvciI6IiM1NTIyMjIiLCJlcnJvclRleHRDb2xvciI6IiM1NTIyMjIiLCJjbGFzc1RleHQiOiIjMTMxMzAwIiwiZmlsbFR5cGUwIjoiI0VDRUNGRiIsImZpbGxUeXBlMSI6IiNmZmZmZGUiLCJmaWxsVHlwZTIiOiJoc2woMzA0LCAxMDAlLCA5Ni4yNzQ1MDk4MDM5JSkiLCJmaWxsVHlwZTMiOiJoc2woMTI0LCAxMDAlLCA5My41Mjk0MTE3NjQ3JSkiLCJmaWxsVHlwZTQiOiJoc2woMTc2LCAxMDAlLCA5Ni4yNzQ1MDk4MDM5JSkiLCJmaWxsVHlwZTUiOiJoc2woLTQsIDEwMCUsIDkzLjUyOTQxMTc2NDclKSIsImZpbGxUeXBlNiI6ImhzbCg4LCAxMDAlLCA5Ni4yNzQ1MDk4MDM5JSkiLCJmaWxsVHlwZTciOiJoc2woMTg4LCAxMDAlLCA5My41Mjk0MTE3NjQ3JSkifX0sInVwZGF0ZUVkaXRvciI6ZmFsc2V9) Legend: diff --git a/docs/versioned_docs/version-v1.7/configure-deploy.mdx b/docs/versioned_docs/version-v1.7/configure-deploy.mdx index 978847f8694..a9de55af1e2 100644 --- a/docs/versioned_docs/version-v1.7/configure-deploy.mdx +++ b/docs/versioned_docs/version-v1.7/configure-deploy.mdx @@ -78,11 +78,11 @@ $ export SECRETS_SYSTEM=$(export LC_CTYPE=C; cat /dev/urandom | tr -dc 'a-zA-Z0- $ export DSN=postgres://hydra:secret@ory-hydra-example--postgres:5432/hydra?sslmode=disable # Before starting, let's pull the latest ORY Hydra tag from docker. -$ docker pull oryd/hydra:v1.7.0 +$ docker pull oryd/hydra:v1.7.3 # This command will show you all the environment variables that you can set. Read this carefully. # It is the equivalent to `hydra help serve`. -$ docker run -it --rm --entrypoint hydra oryd/hydra:v1.7.0 help serve +$ docker run -it --rm --entrypoint hydra oryd/hydra:v1.7.3 help serve Starts all HTTP/2 APIs and connects to a database backend. [...] @@ -92,7 +92,7 @@ Starts all HTTP/2 APIs and connects to a database backend. # It is the equivalent to `hydra migrate sql --yes postgres://hydra:secret@ory-hydra-example--postgres:5432/hydra?sslmode=disable` $ docker run -it --rm \ --network hydraguide \ - oryd/hydra:v1.7.0 \ + oryd/hydra:v1.7.3 \ migrate sql --yes $DSN Applying `client` SQL migrations... @@ -110,7 +110,7 @@ $ docker run -d \ -e URLS_SELF_ISSUER=https://localhost:9000/ \ -e URLS_CONSENT=http://localhost:9020/consent \ -e URLS_LOGIN=http://localhost:9020/login \ - oryd/hydra:v1.7.0 serve all + oryd/hydra:v1.7.3 serve all # And check if it's running: $ docker logs ory-hydra-example--hydra @@ -178,7 +178,7 @@ ORY Hydra can be managed using the Hydra Command Line Interface (CLI), which is using ORY Hydra's REST APIs. To see the available commands, run: ```shell -$ docker run --rm -it --entrypoint hydra oryd/hydra:v1.7.0 help +$ docker run --rm -it --entrypoint hydra oryd/hydra:v1.7.3 help Hydra is a cloud native high throughput OAuth2 and OpenID Connect provider Usage: @@ -237,7 +237,7 @@ URLs the client may request: $ docker run --rm -it \ -e HYDRA_ADMIN_URL=https://ory-hydra-example--hydra:4445 \ --network hydraguide \ - oryd/hydra:v1.7.0 \ + oryd/hydra:v1.7.3 \ clients create --skip-tls-verify \ --id facebook-photo-backup \ --secret some-secret \ @@ -284,7 +284,7 @@ for an access token. The same thing happens with this command: $ docker run --rm -it \ --network hydraguide \ -p 9010:9010 \ - oryd/hydra:v1.7.0 \ + oryd/hydra:v1.7.3 \ token user --skip-tls-verify \ --port 9010 \ --auth-url https://localhost:9000/oauth2/auth \ diff --git a/docs/versioned_docs/version-v1.7/contributing.md b/docs/versioned_docs/version-v1.7/contributing.md new file mode 100644 index 00000000000..05704e529aa --- /dev/null +++ b/docs/versioned_docs/version-v1.7/contributing.md @@ -0,0 +1,205 @@ +--- +id: contributing +title: Contribution Guidelines +--- + + + +# Contributing to ORY {{Project}} + + + + +- [Introduction](#introduction) +- [Contributing Code](#contributing-code) +- [Disclosing vulnerabilities](#disclosing-vulnerabilities) +- [Code Style](#code-style) +- [Documentation](#documentation) +- [Pull request procedure](#pull-request-procedure) +- [Communication](#communication) +- [Conduct](#conduct) + + + +## Introduction + +Please note: We take ORY {{Project}}'s security and our users' trust very +seriously. If you believe you have found a security issue in ORY {{Project}}, +please responsibly disclose by contacting us at office@ory.sh. + +First: if you're unsure or afraid of anything, just ask or submit the issue or +pull request anyways. You won't be yelled at for giving it your best effort. The +worst that can happen is that you'll be politely asked to change something. We +appreciate any sort of contributions, and don't want a wall of rules to get in +the way of that. + +That said, if you want to ensure that a pull request is likely to be merged, +talk to us! You can find out our thoughts and ensure that your contribution +won't clash or be obviated by ORY {{Project}}'s normal direction. A great way to +do this is via the [ORY Community](https://community.ory.sh/) or join the +[ORY Chat](https://www.ory.sh/chat). + +## Contributing Code + +Unless you are fixing a known bug, we **strongly** recommend discussing it with +the core team via a GitHub issue or [in our chat](https://www.ory.sh/chat) +before getting started to ensure your work is consistent with ORY {{Project}}'s +roadmap and architecture. + +All contributions are made via pull request. Note that **all patches from all +contributors get reviewed**. After a pull request is made other contributors +will offer feedback, and if the patch passes review a maintainer will accept it +with a comment. When pull requests fail testing, authors are expected to update +their pull requests to address the failures until the tests pass and the pull +request merges successfully. + +At least one review from a maintainer is required for all patches (even patches +from maintainers). + +Reviewers should leave a "LGTM" comment once they are satisfied with the patch. +If the patch was submitted by a maintainer with write access, the pull request +should be merged by the submitter after review. + +## Disclosing vulnerabilities + +Please disclose vulnerabilities exclusively to +[security@ory.sh](mailto:security@ory.sh). Do not use GitHub issues. + +## Code Style + +Please follow these guidelines when formatting source code: + +- Go code should match the output of `gofmt -s` and pass `golangci-lint run`. +- NodeJS and JavaScript code should be prettified using `npm run format` where + appropriate. + +## Documentation + +Please provide documentation when changing, removing, or adding features. +Documentation resides in the project's `docs` folder. + +In cases where a project does not have a `docs` folder check the README for +instructions. + +The commands listed below work exclusively for projects with a `docs` folder + +### Develop + +To change the documentation locally, you need NodeJS installed and the project +checked out locally. Next, `cd` into `docs` and install the dependencies: + +```shell script +$ cd docs +$ npm install +``` + +#### Start + +To start a local development server with hot reloading, run: + +```shell script +$ npm start +``` + +This command opens up a browser window. Please note that changes to the sidebar +are not hot-reloaded and require a restart of the command. + +#### Build + +The `npm build` generates static content into the `build` directory and can be +served using any static contents hosting service. + +```shell script +$ npm build +``` + +## Pull request procedure + +To make a pull request, you will need a GitHub account; if you are unclear on +this process, see GitHub's documentation on +[forking](https://help.github.com/articles/fork-a-repo) and +[pull requests](https://help.github.com/articles/using-pull-requests). Pull +requests should be targeted at the `master` branch. Before creating a pull +request, go through this checklist: + +1. Create a feature branch off of `master` so that changes do not get mixed up. +1. [Rebase](http://git-scm.com/book/en/Git-Branching-Rebasing) your local + changes against the `master` branch. +1. Run the full project test suite with the `go test ./...` (or equivalent) + command and confirm that it passes. +1. Run `gofmt -s` (if the project is written in Go). +1. Ensure that each commit has a subsystem prefix (ex: `controller:`). + +Pull requests will be treated as "review requests," and maintainers will give +feedback on the style and substance of the patch. + +Normally, all pull requests must include tests that test your change. +Occasionally, a change will be very difficult to test for. In those cases, +please include a note in your commit message explaining why. + +## How We Organize Our Work + +All repositories in the [ORY organization](https://github.com/ory) have their +issues and pull requests monitored in the +[ORY Monitoring Board](https://github.com/orgs/ory/projects/9). This allows for +a transparent backlog of unanswered issues and pull requests across the +ecosystem from those who are allowed to merge pull requests to the main branch. + +The process is as follows: + +1. _Cards_ represent open issues and pull requests and are automatically + assigned to the **Triage** column if the author is not one of the maintainers + and no maintainer has answered yet. +2. A maintainer assigns the issue or pull request to someone or adds the label + _help wanted_ which moves the card to **Requires Action**. +3. If a maintainer leaves a comment or review, the card moves to **Pending + Reply**, implying that the original author needs to do something (e.g. + implement a change, explain something in more detail, ...). +4. If a non-maintainer pushes changes to the pull request or leaves a comment, + the card moves back to **Requires Action**. +5. If a card stays inactive for 60 days or more days, we assume that public + interest in the issue or change has waned, **archiving** the card. +6. If the issue is closed or the pull request merged or closed, the card is + **archived** as well. + +We try our best to answer all issues and review all pull requests and hope that +this transparent way of keeping a backlog helps you better understand how heavy +the workload is. + +## Communication + +We use [Slack](https://www.ory.sh/chat). You are welcome to drop in and ask +questions, discuss bugs, etc. + +## Conduct + +Whether you are a regular contributor or a newcomer, we care about making this +community a safe place for you and we've got your back. + +- We are committed to providing a friendly, safe and welcoming environment for + all, regardless of gender, sexual orientation, disability, ethnicity, + religion, or similar personal characteristic. +- Please avoid using nicknames that might detract from a friendly, safe and + welcoming environment for all. +- Be kind and courteous. There is no need to be mean or rude. +- We will exclude you from interaction if you insult, demean or harass anyone. + In particular, we do not tolerate behavior that excludes people in socially + marginalized groups. +- Private harassment is also unacceptable. No matter who you are, if you feel + you have been or are being harassed or made uncomfortable by a community + member, please contact one of the channel ops or a member of the ORY + {{Project}} core team immediately. +- Likewise any spamming, trolling, flaming, baiting or other attention-stealing + behaviour is not welcome. + +We welcome discussion about creating a welcoming, safe, and productive +environment for the community. If you have any questions, feedback, or concerns +[please let us know](https://www.ory.sh/chat). diff --git a/docs/versioned_docs/version-v1.7/debug.mdx b/docs/versioned_docs/version-v1.7/debug.mdx index db983105fa4..66aea216116 100644 --- a/docs/versioned_docs/version-v1.7/debug.mdx +++ b/docs/versioned_docs/version-v1.7/debug.mdx @@ -74,13 +74,13 @@ The most likely cause is misconfiguration, summarized in the next sections. ## Refresh Token Flow fails -Refresh tokens can become invalid if abuse is detected, but coding issues may also trigger -this scenario, for example if a client makes multiple requests. +Refresh tokens can become invalid if abuse is detected, but coding issues may +also trigger this scenario, for example if a client makes multiple requests. Some common examples: -1. Replay of authorization code grant. -2. Replay of refresh token grant. +1. Replay of authorization code grant. +2. Replay of refresh token grant. ### Wrong or misconfigured OAuth 2.0 Client diff --git a/docs/versioned_docs/version-v1.7/install.md b/docs/versioned_docs/version-v1.7/install.md index d20be0c96a6..858ea845fd2 100644 --- a/docs/versioned_docs/version-v1.7/install.md +++ b/docs/versioned_docs/version-v1.7/install.md @@ -11,8 +11,8 @@ binaries, Docker Images and support various package managers. We recommend using Docker to run ORY Hydra: ```shell -$ docker pull oryd/hydra:v1.7.0 -$ docker run --rm -it oryd/hydra:v1.7.0 help +$ docker pull oryd/hydra:v1.7.3 +$ docker run --rm -it oryd/hydra:v1.7.3 help ``` ## macOS diff --git a/docs/versioned_docs/version-v1.7/milestones.md b/docs/versioned_docs/version-v1.7/milestones.md new file mode 100644 index 00000000000..2e9dc57b4e2 --- /dev/null +++ b/docs/versioned_docs/version-v1.7/milestones.md @@ -0,0 +1,230 @@ +--- +id: milestones +title: Milestones and Roadmap +--- + +## [next](https://github.com/ory/hydra/milestone/41) + +_This milestone does not have a description._ + +### [Feat](https://github.com/ory/hydra/labels/feat) + +New feature or request. + +#### Issues + +- [ ] Reuse Detection in Refresh Token Rotation + ([hydra#2022](https://github.com/ory/hydra/issues/2022)) +- [ ] Device Authorization Grant + ([hydra#1553](https://github.com/ory/hydra/issues/1553)) + +### [Help wanted](https://github.com/ory/hydra/labels/help%20wanted) + +We are looking for help on this one. + +#### Issues + +- [ ] Reuse Detection in Refresh Token Rotation + ([hydra#2022](https://github.com/ory/hydra/issues/2022)) +- [ ] Device Authorization Grant + ([hydra#1553](https://github.com/ory/hydra/issues/1553)) + +### [Rfc](https://github.com/ory/hydra/labels/rfc) + +A request for comments to discuss and share ideas. + +#### Issues + +- [ ] Multi-region deployment support + ([hydra#2018](https://github.com/ory/hydra/issues/2018)) +- [ ] Device Authorization Grant + ([hydra#1553](https://github.com/ory/hydra/issues/1553)) + +## [v1.7.1](https://github.com/ory/hydra/milestone/40) + +_This milestone does not have a description._ + +### [Bug](https://github.com/ory/hydra/labels/bug) + +Something is not working. + +#### Issues + +- [x] Slow consent revocation request + ([hydra#1997](https://github.com/ory/hydra/issues/1997)) + +#### Pull Requests + +- [x] Deprecate client flags in introspect + ([hydra#2011](https://github.com/ory/hydra/pull/2011)) - + [@hackerman](https://github.com/aeneasr) + +### [Feat](https://github.com/ory/hydra/labels/feat) + +New feature or request. + +#### Issues + +- [ ] Publish a generated csharp SDK + ([hydra#2017](https://github.com/ory/hydra/issues/2017)) + +#### Pull Requests + +- [x] perf: add (client_id, subject) index to access and refresh tables to + improve revocation performance + ([hydra#2001](https://github.com/ory/hydra/pull/2001)) - + [@hackerman](https://github.com/aeneasr) + +### [Docs](https://github.com/ory/hydra/labels/docs) + +Affects documentation. + +#### Issues + +- [ ] Document GitLab setup with ORY Hydra as the OpenID Connect Provider + ([hydra#2007](https://github.com/ory/hydra/issues/2007)) - + [@Kim Neunert](https://github.com/k9ert) +- [x] docs: Hydra supports two concepts of authorization + ([hydra#1992](https://github.com/ory/hydra/issues/1992)) - + [@hackerman](https://github.com/aeneasr) + +#### Pull Requests + +- [x] docs: remove introspect security spec + ([hydra#2002](https://github.com/ory/hydra/pull/2002)) + +### [Blocking](https://github.com/ory/hydra/labels/blocking) + +Blocks milestones or other issues or pulls. + +#### Pull Requests + +- [x] Deprecate client flags in introspect + ([hydra#2011](https://github.com/ory/hydra/pull/2011)) - + [@hackerman](https://github.com/aeneasr) + +### [Ci](https://github.com/ory/hydra/labels/ci) + +Affects Continuous Integration (CI). + +#### Pull Requests + +- [x] ci: fix etcd CVEs ([hydra#2003](https://github.com/ory/hydra/pull/2003)) - + [@hackerman](https://github.com/aeneasr) + +## [v1.8.0](https://github.com/ory/hydra/milestone/39) + +_This milestone does not have a description._ + +### [Bug](https://github.com/ory/hydra/labels/bug) + +Something is not working. + +#### Issues + +- [ ] client_id case sensitivity is not properly enforced when using MySQL + ([hydra#1644](https://github.com/ory/hydra/issues/1644)) - + [@Patrik](https://github.com/zepatrik) +- [ ] Introspection Response: `access_token` and `refresh_token` are not valid + `token_type` ([hydra#1762](https://github.com/ory/hydra/issues/1762)) +- [ ] Make cookies with SameSite=None secure by default or using the + configuration flag + ([hydra#1844](https://github.com/ory/hydra/issues/1844)) +- [ ] RSA key generation is slow on ARM + ([hydra#1989](https://github.com/ory/hydra/issues/1989)) + +### [Feat](https://github.com/ory/hydra/labels/feat) + +New feature or request. + +#### Issues + +- [ ] consent: Improve remember for consent + ([hydra#1006](https://github.com/ory/hydra/issues/1006)) +- [ ] [Feature] Enhance Security Middleware + ([hydra#1029](https://github.com/ory/hydra/issues/1029)) +- [ ] Add API versioning for administrative APIs + ([hydra#1050](https://github.com/ory/hydra/issues/1050)) +- [ ] consent: Allow removing tokens without revoking consent + ([hydra#1142](https://github.com/ory/hydra/issues/1142)) - + [@hackerman](https://github.com/aeneasr) +- [ ] OAuth Client authentication creation CLI jwks client field not present + ([hydra#1404](https://github.com/ory/hydra/issues/1404)) +- [ ] Add oAuth2Client to logoutRequest similar to loginRequest. + ([hydra#1483](https://github.com/ory/hydra/issues/1483)) +- [ ] Add a way to filter/sort the list of clients + ([hydra#1485](https://github.com/ory/hydra/issues/1485)) - + [@hackerman](https://github.com/aeneasr) +- [ ] Remove "not before" claim "nbf" from JWT access token + ([hydra#1542](https://github.com/ory/hydra/issues/1542)) +- [ ] No way to handle 409 GetLoginRequestConflict. + ([hydra#1569](https://github.com/ory/hydra/issues/1569)) - + [@Patrik](https://github.com/zepatrik) +- [ ] Auth session cannot be prolonged even if the user is active + ([hydra#1690](https://github.com/ory/hydra/issues/1690)) +- [ ] Add endpoint to Admin API to revoke access tokens + ([hydra#1728](https://github.com/ory/hydra/issues/1728)) +- [ ] Migrate to gobuffalo/pop + ([hydra#1730](https://github.com/ory/hydra/issues/1730)) - + [@Patrik](https://github.com/zepatrik) +- [ ] Rename DEPRECATED_HIERARCHICAL_SCOPE_STRATEGY + ([hydra#1760](https://github.com/ory/hydra/issues/1760)) - + [@hackerman](https://github.com/aeneasr) +- [ ] CLI Migration Down + ([hydra#1763](https://github.com/ory/hydra/issues/1763)) +- [ ] Move to go-jose key generation + ([hydra#1825](https://github.com/ory/hydra/issues/1825)) +- [ ] Make cookies with SameSite=None secure by default or using the + configuration flag + ([hydra#1844](https://github.com/ory/hydra/issues/1844)) +- [ ] Split HTTPS handling for public/admin + ([hydra#1962](https://github.com/ory/hydra/issues/1962)) +- [ ] Token claims customization with Jsonnet + ([hydra#1748](https://github.com/ory/hydra/issues/1748)) - + [@hackerman](https://github.com/aeneasr) +- [ ] issueLogoutVerifier should allow POST requests as well + ([hydra#1993](https://github.com/ory/hydra/issues/1993)) +- [ ] Update clients from cli + ([hydra#2020](https://github.com/ory/hydra/issues/2020)) +- [x] cmd: Add upsert command for client CLI + ([hydra#1086](https://github.com/ory/hydra/issues/1086)) - + [@hackerman](https://github.com/aeneasr) +- [x] oauth2: Make cleaning up refresh and authz codes possible + ([hydra#1130](https://github.com/ory/hydra/issues/1130)) - + [@hackerman](https://github.com/aeneasr) + +### [Help wanted](https://github.com/ory/hydra/labels/help%20wanted) + +We are looking for help on this one. + +#### Issues + +- [ ] client_id case sensitivity is not properly enforced when using MySQL + ([hydra#1644](https://github.com/ory/hydra/issues/1644)) - + [@Patrik](https://github.com/zepatrik) +- [ ] Add endpoint to Admin API to revoke access tokens + ([hydra#1728](https://github.com/ory/hydra/issues/1728)) +- [ ] Migrate to gobuffalo/pop + ([hydra#1730](https://github.com/ory/hydra/issues/1730)) - + [@Patrik](https://github.com/zepatrik) +- [ ] CLI Migration Down + ([hydra#1763](https://github.com/ory/hydra/issues/1763)) +- [ ] Move to go-jose key generation + ([hydra#1825](https://github.com/ory/hydra/issues/1825)) +- [ ] Introspection Response: `access_token` and `refresh_token` are not valid + `token_type` ([hydra#1762](https://github.com/ory/hydra/issues/1762)) +- [ ] Split HTTPS handling for public/admin + ([hydra#1962](https://github.com/ory/hydra/issues/1962)) +- [ ] issueLogoutVerifier should allow POST requests as well + ([hydra#1993](https://github.com/ory/hydra/issues/1993)) +- [ ] Update clients from cli + ([hydra#2020](https://github.com/ory/hydra/issues/2020)) + +### [Rfc](https://github.com/ory/hydra/labels/rfc) + +A request for comments to discuss and share ideas. + +#### Issues + +- [ ] Split HTTPS handling for public/admin + ([hydra#1962](https://github.com/ory/hydra/issues/1962)) diff --git a/docs/versioned_docs/version-v1.7/reference/api.mdx b/docs/versioned_docs/version-v1.7/reference/api.mdx index f2be9d9a012..4886a136aed 100644 --- a/docs/versioned_docs/version-v1.7/reference/api.mdx +++ b/docs/versioned_docs/version-v1.7/reference/api.mdx @@ -436,7 +436,7 @@ p JSON.parse(result) -### Check readiness status +### Check Readiness Status ``` GET /health/ready HTTP/1.1 @@ -604,7 +604,7 @@ p JSON.parse(result) -### The OAuth 2.0 authorize endpoint +### The OAuth 2.0 Authorize Endpoint ``` GET /oauth2/auth HTTP/1.1 @@ -773,7 +773,7 @@ p JSON.parse(result) -### Revoke OAuth2 tokens +### Revoke OAuth2 Tokens ``` POST /oauth2/revoke HTTP/1.1 @@ -966,7 +966,7 @@ p JSON.parse(result) -### OpenID Connect Front-Backchannel enabled Logout +### OpenID Connect Front-Backchannel Enabled Logout ``` GET /oauth2/sessions/logout HTTP/1.1 @@ -1102,7 +1102,7 @@ p JSON.parse(result) -### The OAuth 2.0 token endpoint +### The OAuth 2.0 Token Endpoint ``` POST /oauth2/token HTTP/1.1 @@ -1771,7 +1771,7 @@ p JSON.parse(result) -### Create an OAuth 2.0 client +### Create an OAuth 2.0 Client ``` POST /clients HTTP/1.1 @@ -2830,7 +2830,7 @@ p JSON.parse(result) -### Check alive status +### Check Alive Status ``` GET /health/alive HTTP/1.1 @@ -3448,7 +3448,7 @@ p JSON.parse(result) -### Generate a new JSON Web Key +### Generate a New JSON Web Key ``` POST /keys/{set} HTTP/1.1 @@ -4595,7 +4595,7 @@ p JSON.parse(result) -### Get consent request information +### Get Consent Request Information ``` GET /oauth2/auth/requests/consent?consent_challenge=string HTTP/1.1 @@ -4852,7 +4852,7 @@ p JSON.parse(result) -### Accept a consent request +### Accept a Consent Request ``` PUT /oauth2/auth/requests/consent/accept?consent_challenge=string HTTP/1.1 @@ -5079,7 +5079,7 @@ p JSON.parse(result) -### Reject a consent request +### Reject a Consent Request ``` PUT /oauth2/auth/requests/consent/reject?consent_challenge=string HTTP/1.1 @@ -5289,7 +5289,7 @@ p JSON.parse(result) -### Get a login request +### Get a Login Request ``` GET /oauth2/auth/requests/login?login_challenge=string HTTP/1.1 @@ -5541,7 +5541,7 @@ p JSON.parse(result) -### Accept a login request +### Accept a Login Request ``` PUT /oauth2/auth/requests/login/accept?login_challenge=string HTTP/1.1 @@ -5752,7 +5752,7 @@ p JSON.parse(result) -### Reject a login request +### Reject a Login Request ``` PUT /oauth2/auth/requests/login/reject?login_challenge=string HTTP/1.1 @@ -5960,7 +5960,7 @@ p JSON.parse(result) -### Get a logout request +### Get a Logout Request ``` GET /oauth2/auth/requests/logout?logout_challenge=string HTTP/1.1 @@ -6135,7 +6135,7 @@ p JSON.parse(result) -### Accept a logout request +### Accept a Logout Request ``` PUT /oauth2/auth/requests/logout/accept?logout_challenge=string HTTP/1.1 @@ -6310,7 +6310,7 @@ p JSON.parse(result) -### Reject a logout request +### Reject a Logout Request ``` PUT /oauth2/auth/requests/logout/reject?logout_challenge=string HTTP/1.1 @@ -6522,7 +6522,7 @@ p JSON.parse(result) -### Lists all consent sessions of a subject +### Lists All Consent Sessions of a Subject ``` GET /oauth2/auth/sessions/consent?subject=string HTTP/1.1 @@ -6860,7 +6860,7 @@ p JSON.parse(result) -### Revokes consent sessions of a subject for a specific OAuth 2.0 Client +### Revokes Consent Sessions of a Subject for a Specific OAuth 2.0 Client ``` DELETE /oauth2/auth/sessions/consent?subject=string HTTP/1.1 @@ -7040,8 +7040,8 @@ p JSON.parse(result) -### Invalidates all login sessions of a certain user -Invalidates a subject's authentication session +### Invalidates All Login Sessions of a Certain User +Invalidates a Subject's Authentication Session ``` DELETE /oauth2/auth/sessions/login?subject=string HTTP/1.1 @@ -7413,7 +7413,7 @@ p JSON.parse(result) -### Introspect OAuth2 tokens +### Introspect OAuth2 Tokens ``` POST /oauth2/introspect HTTP/1.1 @@ -7492,9 +7492,8 @@ scopes, the result of active will be false. } ``` -