fix: rename index in down migration #3910

adamwalach · 2024-12-17T12:23:18Z

Related issue(s)

Checklist

I have read the contributing guidelines.
I have referenced an issue containing the design document if my change
introduces a new feature.
I am following the
contributing code guidelines.
I have read the security policy.
I confirm that this pull request does not address a security
vulnerability. If this pull request addresses a security vulnerability, I
confirm that I got the approval (please contact
[email protected]) from the maintainers to push
the changes.
I have added tests that prove my fix is effective or that my feature
works.
I have added or changed the documentation.

Further Comments

[skip ci]

)

[skip ci]

Bumps [semver](https://github.com/npm/node-semver) from 5.7.0 to 5.7.2. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.0...v5.7.2) --- updated-dependencies: - dependency-name: semver dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…nt (ory#3570) Bumps [semver](https://github.com/npm/node-semver) from 5.7.0 to 5.7.2. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.0...v5.7.2) --- updated-dependencies: - dependency-name: semver dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

[skip ci]

ory#3590)

[skip ci]

Bumps [tough-cookie](https://github.com/salesforce/tough-cookie) to 4.1.3 and updates ancestor dependencies [tough-cookie](https://github.com/salesforce/tough-cookie), [@cypress/request](https://github.com/cypress-io/request) and [wait-on](https://github.com/jeffbski/wait-on). These dependencies need to be updated together. Updates `tough-cookie` from 2.4.3 to 4.1.3 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v2.4.3...v4.1.3) Updates `@cypress/request` from 2.88.10 to 2.88.12 - [Release notes](https://github.com/cypress-io/request/releases) - [Changelog](https://github.com/cypress-io/request/blob/master/CHANGELOG.md) - [Commits](cypress-io/request@v2.88.10...v2.88.12) Updates `wait-on` from 3.2.0 to 7.0.1 - [Release notes](https://github.com/jeffbski/wait-on/releases) - [Commits](jeffbski/wait-on@v3.2.0...v7.0.1) --- updated-dependencies: - dependency-name: tough-cookie dependency-type: indirect - dependency-name: "@cypress/request" dependency-type: indirect - dependency-name: wait-on dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

This adds initial support for issuing verifiable credentials as specified in https://openid.net/specs/openid-connect-userinfo-vc-1_0.html. Because the spec is still in draft, public identifiers are suffixed with `draft_00`.

[skip ci]

This PR introduces another config option called `oauth2:mirror_top_level_claims` which may be used to disable the mirroring of custom claims into the `ext` claim of the jwt. This new config option is an opt-in. If unused the behavior remains as-is to ensure backwards compatibility. Example: ```yaml oauth2: allowed_top_level_claims: - test_claim mirror_top_level_claims: false # -> this will prevent test_claim to be mirrored within ext ``` Closes ory#3348

[skip ci]

… and bump (ory#3603)

[skip ci]

* feat: propagate logout to identity provider This commit improves the integration between Hydra and Kratos when logging out the user. This adds a new configuration key for configuring a Kratos admin URL. Additionally, Kratos can send a session ID when accepting a login request. If a session ID was specified and a Kratos admin URL was configured, Hydra will disable the corresponding Kratos session through the admin API if a frontchannel or backchannel logout was triggered. * fix: add special case for MySQL * chore: update sdk * chore: consistent naming * fix: cleanup persister

) See https://github.com/orgs/ory/discussions/118

ory#3845)

This patch adds a configuration flag which enables graceful refresh token rotation. Previously, refresh tokens could only be used once. On reuse, all tokens of that chain would be revoked. This is particularly challenging in environments, where it's difficult to make guarantees on synchronization. This could lead to refresh tokens being sent twice due to some parallel execution. To resolve this, refresh tokens can now be graceful by changing `oauth2.grant.refresh_token.grace_period=10s` (example value). During this time, a refresh token can be used multiple times to generate new refresh, ID, and access tokens. All tokens will correctly be invalidated, when the refresh token is re-used after the grace period expires, or when the delete consent endpoint is used. Closes ory#1831 ory#3770

…document (ory#3861)

For the resource owner password grant, the Kratos identity ID is now written to the sub claim, and the username is written to the ext.username claim. Further, token hooks are called for the initial token issuance as well as refresh flows for access tokens issued via the resource owner password grant, allowing users to customize the fields present in the access token (for the jwt strategy) as well as on introspection. --------- Co-authored-by: Arne Luenser <[email protected]>

…te JWKs (ory#3870) Previously each concurrent caller would need to lock a shared mutex when reading or writing a given JWK set. The read path now doesn't require locking a mutex at all and instead returns valid query results directly. The write path is now protected by a concurrency control mechanism (using x/sync/singleflight) to ensure only one JWK set is generated and persisted. Note: Duplicate JWK sets may still be improperly generated if running more than one Hydra instance in a high traffic environment.

feat: store client in challenge/verified and reduce DB load.

…icates (ory#3876) This reverts commit d5f65c5.

…ory#3886)

This patch adds the ability to execute down migrations using: ``` hydra migrate sql down -e --steps {num_of_steps} ``` Please read `hydra migrate sql down --help` carefully. Going forward, please use the following commands ``` hydra migrate sql up ... hydra migrate sql status ... ``` instead of the previous, now deprecated ``` hydra migrate sql ... hydra migrate status ... ``` commands. See ory-corp/cloud#7350

Resolves a deviation from the OpenID Connect spec, where the `redirect_uri` was not required when performing flows with `scope=openid`. BREAKING CHANGE: Going forward, OAuth2 Clients requesting an OpenID Connect flow **must** include the `redirect_uri` parameter or the request will be rejected.

…nt (ory#3901) Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) to 0.1.12 and updates ancestor dependency [express](https://github.com/expressjs/express). These dependencies need to be updated together. Updates `path-to-regexp` from 0.1.10 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.10...v0.1.12) Updates `express` from 4.21.0 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.21.0...4.21.2) --- updated-dependencies: - dependency-name: path-to-regexp dependency-type: indirect - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

aeneasr and others added 30 commits July 10, 2023 15:10

fix: use correct tracer in middleware (ory#3567)

807cbd2

autogen(docs): regenerate and update changelog

551c359

[skip ci]

feat: add more resolution to events and collect client metrics (ory#3568

466e66b

)

autogen(docs): regenerate and update changelog

be85c29

[skip ci]

autogen(docs): regenerate and update changelog

425c977

[skip ci]

feat: add hydra migrate status subcommand (ory#3579)

749eb8d

autogen(docs): regenerate and update changelog

0072ddf

[skip ci]

fix: restore ability to override auth and token urls for exemplary app (

dfb129a

ory#3590)

feat: allow additional SQL migrations (ory#3587)

8900cbb

autogen(docs): regenerate and update changelog

c30de7f

[skip ci]

chore: update repository templates to ory/meta@af28aff

eb89af7

feat: add support for OIDC VC (ory#3575)

219a7c0

This adds initial support for issuing verifiable credentials as specified in https://openid.net/specs/openid-connect-userinfo-vc-1_0.html. Because the spec is still in draft, public identifiers are suffixed with `draft_00`.

autogen(docs): regenerate and update changelog

339bf40

[skip ci]

chore: remove fosite branch override (ory#3599)

d5099cb

autogen(docs): regenerate and update changelog

ea40d44

[skip ci]

chore: update repository templates to ory/meta@ac80097

1a1f504

feat: bump fosite and add some more tracing

0b56f53

fix: only query access tokens by hashed signature

a21e945

fix: deflake ttl test

6741a49

autogen(docs): regenerate and update changelog

598c21d

[skip ci]

feat: allow Go migrations (ory#3602)

8eed306

autogen(docs): regenerate and update changelog

71d1853

[skip ci]

autogen(docs): regenerate and update changelog

5704640

[skip ci]

fix: reject invalid JWKS in client configuration / dependency cleanup…

1d73d83

… and bump (ory#3603)

autogen(docs): regenerate and update changelog

dc878b8

[skip ci]

nipsufn and others added 28 commits October 10, 2024 10:19

chore: adjust project automation (ory#3855)

99deae2

fix: change comment on revokeOAuth2LoginSessions (ory#3853)

6d829dd

revert: change comment on revokeOAuth2LoginSessions (ory#3853) (ory#3858

8263ef4

) See https://github.com/orgs/ory/discussions/118

feat: built-in login/consent UI for hydra perform authorization-code (

7f8bd90

ory#3845)

feat: reduce size of verifiers (ory#3857)

0cd00dc

feat: remove unused indices (ory#3859)

56fc3da

fix: advertise support for response_mode=form_post in OIDC discovery …

9cc5f28

…document (ory#3861)

test: patch oauth2 snapshot (ory#3867)

db095de

chore: update ristretto and ory/x (ory#3871)

3164970

feat: update clients from files through the CLI (ory#3874)

f777fd1

revert: reduce size of verifiers (ory#3875)

7b82361

feat: store client in challenge/verified and reduce DB load.

revert: cpu contention when reading JWKs and suppress generating dupl…

0ce9d7a

…icates (ory#3876) This reverts commit d5f65c5.

chore: update reference in config.schema.json (ory#3881)

825c24d

fix: untyped int build issues on 32bit architectures (ory#3885)

68aa167

fix: omit explicit transaction in ConfirmLoginSession and add tracing (…

a5b2d75

…ory#3886)

chore: pin GHA PM action version (ory#3888)

b0270ad

fix: pass context to database ping

fa21711

fix: limit HTTP response size

2559819

chore: bump ory/x (ory#3897)

d53b416

chore: update repository templates to ory/meta@1af2225

64474b9

chore: add more tracing context (ory#3902)

7c594a6

fix: rename index in down migration

5cda56c

adamwalach closed this Dec 17, 2024

adamwalach deleted the fix-migration branch December 17, 2024 12:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: rename index in down migration #3910

fix: rename index in down migration #3910

adamwalach commented Dec 17, 2024

fix: rename index in down migration #3910

fix: rename index in down migration #3910

Conversation

adamwalach commented Dec 17, 2024

Related issue(s)

Checklist

Further Comments