diff --git a/docs/docs/reference/api.md b/docs/docs/reference/api.md
index 01635f57c72..f220370dc7d 100644
--- a/docs/docs/reference/api.md
+++ b/docs/docs/reference/api.md
@@ -1671,7 +1671,7 @@ Status Code **200**
"client_secret_expires_at": 0,
"client_uri": "string",
"contacts": ["string"],
- "created_at": "2020-04-24T15:40:42Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": ["string"],
@@ -1691,7 +1691,7 @@ Status Code **200**
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T15:40:42Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
}
]
@@ -1871,7 +1871,7 @@ and only callable by first-party components.
"client_secret_expires_at": 0,
"client_uri": "string",
"contacts": ["string"],
- "created_at": "2020-04-24T15:40:42Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": ["string"],
@@ -1891,7 +1891,7 @@ and only callable by first-party components.
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T15:40:42Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
}
```
@@ -1933,7 +1933,7 @@ and only callable by first-party components.
"client_secret_expires_at": 0,
"client_uri": "string",
"contacts": ["string"],
- "created_at": "2020-04-24T15:40:42Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": ["string"],
@@ -1953,7 +1953,7 @@ and only callable by first-party components.
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T15:40:42Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
}
```
@@ -2034,7 +2034,7 @@ const input = '{
"contacts": [
"string"
],
- "created_at": "2020-04-24T15:40:42Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": [
@@ -2064,7 +2064,7 @@ const input = '{
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T15:40:42Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
}';
const headers = {
@@ -2203,7 +2203,7 @@ and only callable by first-party components.
"client_secret_expires_at": 0,
"client_uri": "string",
"contacts": ["string"],
- "created_at": "2020-04-24T15:40:42Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": ["string"],
@@ -2223,7 +2223,7 @@ and only callable by first-party components.
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T15:40:42Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
}
```
@@ -2401,7 +2401,7 @@ and only callable by first-party components.
"client_secret_expires_at": 0,
"client_uri": "string",
"contacts": ["string"],
- "created_at": "2020-04-24T15:40:42Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": ["string"],
@@ -2421,7 +2421,7 @@ and only callable by first-party components.
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T15:40:42Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
}
```
@@ -2462,7 +2462,7 @@ and only callable by first-party components.
"client_secret_expires_at": 0,
"client_uri": "string",
"contacts": ["string"],
- "created_at": "2020-04-24T15:40:42Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": ["string"],
@@ -2482,7 +2482,7 @@ and only callable by first-party components.
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T15:40:42Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
}
```
@@ -2563,7 +2563,7 @@ const input = '{
"contacts": [
"string"
],
- "created_at": "2020-04-24T15:40:42Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": [
@@ -2593,7 +2593,7 @@ const input = '{
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T15:40:42Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
}';
const headers = {
@@ -4814,7 +4814,7 @@ the subject accepted or rejected the request.
"client_secret_expires_at": 0,
"client_uri": "string",
"contacts": ["string"],
- "created_at": "2020-04-24T15:40:42Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": ["string"],
@@ -4834,7 +4834,7 @@ the subject accepted or rejected the request.
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T15:40:42Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
},
"context": {},
@@ -5039,7 +5039,7 @@ the user-agent to.
{
"grant_access_token_audience": ["string"],
"grant_scope": ["string"],
- "handled_at": "2020-04-24T15:40:42Z",
+ "handled_at": "2020-04-25T11:08:35Z",
"remember": true,
"remember_for": 0,
"session": {
@@ -5152,7 +5152,7 @@ const input = '{
"grant_scope": [
"string"
],
- "handled_at": "2020-04-24T15:40:42Z",
+ "handled_at": "2020-04-25T11:08:35Z",
"remember": true,
"remember_for": 0,
"session": {
@@ -5539,7 +5539,7 @@ the requested authentication process.
"client_secret_expires_at": 0,
"client_uri": "string",
"contacts": ["string"],
- "created_at": "2020-04-24T15:40:42Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": ["string"],
@@ -5559,7 +5559,7 @@ the requested authentication process.
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T15:40:42Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
},
"oidc_context": {
@@ -6895,7 +6895,7 @@ Status Code **200**
"client_secret_expires_at": 0,
"client_uri": "string",
"contacts": ["string"],
- "created_at": "2020-04-24T15:40:42Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": ["string"],
@@ -6915,7 +6915,7 @@ Status Code **200**
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T15:40:42Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
},
"context": {},
@@ -6939,7 +6939,7 @@ Status Code **200**
},
"grant_access_token_audience": ["string"],
"grant_scope": ["string"],
- "handled_at": "2020-04-24T15:40:42Z",
+ "handled_at": "2020-04-25T11:08:35Z",
"remember": true,
"remember_for": 0,
"session": {
@@ -7499,7 +7499,7 @@ deleted automatically when performing the refresh flow.
```json
{
- "notAfter": "2020-04-24T15:40:42Z"
+ "notAfter": "2020-04-25T11:08:35Z"
}
```
@@ -7597,7 +7597,7 @@ func main() {
```nodejs
const fetch = require('node-fetch');
const input = '{
- "notAfter": "2020-04-24T15:40:42Z"
+ "notAfter": "2020-04-25T11:08:35Z"
}';
const headers = {
'Content-Type': 'application/json', 'Accept': 'application/json'
@@ -8220,7 +8220,7 @@ _None_
```json
-"2020-04-24T15:40:42Z"
+"2020-04-25T11:08:35Z"
```
_NullTime implements sql.NullTime functionality._
@@ -8253,7 +8253,7 @@ _NullTime implements sql.NullTime functionality._
"client_secret_expires_at": 0,
"client_uri": "string",
"contacts": ["string"],
- "created_at": "2020-04-24T15:40:42Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": ["string"],
@@ -8273,7 +8273,7 @@ _NullTime implements sql.NullTime functionality._
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T15:40:42Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
},
"context": {},
@@ -8297,7 +8297,7 @@ _NullTime implements sql.NullTime functionality._
},
"grant_access_token_audience": ["string"],
"grant_scope": ["string"],
- "handled_at": "2020-04-24T15:40:42Z",
+ "handled_at": "2020-04-25T11:08:35Z",
"remember": true,
"remember_for": 0,
"session": {
@@ -8356,7 +8356,7 @@ _StringSlicePipeDelimiter de/encodes the string slice to/from a SQL string._
{
"grant_access_token_audience": ["string"],
"grant_scope": ["string"],
- "handled_at": "2020-04-24T15:40:42Z",
+ "handled_at": "2020-04-25T11:08:35Z",
"remember": true,
"remember_for": 0,
"session": {
@@ -8457,7 +8457,7 @@ request._
"client_secret_expires_at": 0,
"client_uri": "string",
"contacts": ["string"],
- "created_at": "2020-04-24T15:40:42Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": ["string"],
@@ -8477,7 +8477,7 @@ request._
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T15:40:42Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
},
"context": {},
@@ -8558,7 +8558,7 @@ _Used to pass session data to a consent request._
```json
{
- "notAfter": "2020-04-24T15:40:42Z"
+ "notAfter": "2020-04-25T11:08:35Z"
}
```
@@ -8676,7 +8676,7 @@ _Error response_
"client_secret_expires_at": 0,
"client_uri": "string",
"contacts": ["string"],
- "created_at": "2020-04-24T15:40:42Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": ["string"],
@@ -8696,7 +8696,7 @@ _Error response_
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T15:40:42Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
},
"oidc_context": {
@@ -8778,7 +8778,7 @@ _Contains information about an ongoing logout request._
"client_secret_expires_at": 0,
"client_uri": "string",
"contacts": ["string"],
- "created_at": "2020-04-24T15:40:42Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": ["string"],
@@ -8798,7 +8798,7 @@ _Contains information about an ongoing logout request._
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T15:40:42Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
}
```
diff --git a/docs/docs/reference/configuration.md b/docs/docs/reference/configuration.md
index bbae8d5044d..972313a15b0 100644
--- a/docs/docs/reference/configuration.md
+++ b/docs/docs/reference/configuration.md
@@ -80,7 +80,7 @@ serve:
# - Windows Command Line (CMD):
# > set SERVE_PUBLIC_PORT=
#
- port: 5933
+ port: 51721
## host ##
#
@@ -152,6 +152,7 @@ serve:
#
allowed_methods:
- GET
+ - GET
## allowed_headers ##
#
@@ -166,11 +167,10 @@ serve:
# > set SERVE_PUBLIC_CORS_ALLOWED_HEADERS=
#
allowed_headers:
- - in aliquip sit ad
- - magna proident consequat
- - est ullamco pariatur
- - enim pariatur eiusmod aute Excepteur
- - laboris officia eu
+ - commodo eu et dolore ad
+ - eiusmod
+ - aliqua nulla aute sint labore
+ - eu eiusmod
## exposed_headers ##
#
@@ -185,9 +185,9 @@ serve:
# > set SERVE_PUBLIC_CORS_EXPOSED_HEADERS=
#
exposed_headers:
- - enim ipsum
- - laboris ut dolore fugiat id
- - ea Excepteur
+ - ad
+ - velit
+ - nostrud
## allow_credentials ##
#
@@ -227,7 +227,7 @@ serve:
# - Windows Command Line (CMD):
# > set SERVE_PUBLIC_CORS_MAX_AGE=
#
- max_age: 50191452
+ max_age: 86527639
## debug ##
#
@@ -260,7 +260,7 @@ serve:
# - Windows Command Line (CMD):
# > set SERVE_PUBLIC_ACCESS_LOG_DISABLE_FOR_HEALTH=
#
- disable_for_health: true
+ disable_for_health: false
## admin ##
#
@@ -275,7 +275,7 @@ serve:
# - Windows Command Line (CMD):
# > set SERVE_ADMIN_PORT=
#
- port: 15181
+ port: 55165
## host ##
#
@@ -344,11 +344,10 @@ serve:
# > set SERVE_ADMIN_CORS_ALLOWED_METHODS=
#
allowed_methods:
+ - GET
+ - OPTIONS
- DELETE
- POST
- - DELETE
- - OPTIONS
- - PATCH
## allowed_headers ##
#
@@ -363,9 +362,7 @@ serve:
# > set SERVE_ADMIN_CORS_ALLOWED_HEADERS=
#
allowed_headers:
- - cillum nulla
- - cillum dolor sunt
- - magna
+ - in ex cupidatat culpa
## exposed_headers ##
#
@@ -380,9 +377,8 @@ serve:
# > set SERVE_ADMIN_CORS_EXPOSED_HEADERS=
#
exposed_headers:
- - aliquip sit
- - id elit do
- - dolore Lorem est
+ - elit
+ - ad amet consequat incididunt
## allow_credentials ##
#
@@ -410,7 +406,7 @@ serve:
# - Windows Command Line (CMD):
# > set SERVE_ADMIN_CORS_OPTIONS_PASSTHROUGH=
#
- options_passthrough: false
+ options_passthrough: true
## max_age ##
#
@@ -422,7 +418,7 @@ serve:
# - Windows Command Line (CMD):
# > set SERVE_ADMIN_CORS_MAX_AGE=
#
- max_age: 79633755
+ max_age: 48526543
## debug ##
#
@@ -436,7 +432,7 @@ serve:
# - Windows Command Line (CMD):
# > set SERVE_ADMIN_CORS_DEBUG=
#
- debug: true
+ debug: false
## access_log ##
#
@@ -467,30 +463,30 @@ serve:
# Configures the private key (pem encoded).
#
key:
- ## base64 ##
+ ## path ##
#
# Set this value using environment variables on
# - Linux/macOS:
- # $ export SERVE_TLS_KEY_BASE64=
+ # $ export SERVE_TLS_KEY_PATH=
# - Windows Command Line (CMD):
- # > set SERVE_TLS_KEY_BASE64=
+ # > set SERVE_TLS_KEY_PATH=
#
- base64: b3J5IGh5ZHJhIGlzIGF3ZXNvbWUK
+ path: /path/to/file.pem
## cert ##
#
# Configures the private key (pem encoded).
#
cert:
- ## base64 ##
+ ## path ##
#
# Set this value using environment variables on
# - Linux/macOS:
- # $ export SERVE_TLS_CERT_BASE64=
+ # $ export SERVE_TLS_CERT_PATH=
# - Windows Command Line (CMD):
- # > set SERVE_TLS_CERT_BASE64=
+ # > set SERVE_TLS_CERT_PATH=
#
- base64: b3J5IGh5ZHJhIGlzIGF3ZXNvbWUK
+ path: /path/to/file.pem
## allow_termination_from ##
#
@@ -504,9 +500,6 @@ serve:
#
allow_termination_from:
- 127.0.0.1/32
- - 127.0.0.1/32
- - 127.0.0.1/32
- - 127.0.0.1/32
## cookies ##
#
@@ -540,7 +533,7 @@ serve:
# - Windows Command Line (CMD):
# > set SERVE_COOKIES_SAME_SITE_LEGACY_WORKAROUND=
#
- same_site_legacy_workaround: true
+ same_site_legacy_workaround: false
## dsn ##
#
@@ -552,7 +545,7 @@ serve:
# - Windows Command Line (CMD):
# > set DSN=
#
-dsn: aliquip
+dsn: reprehenderit quis
## webfinger ##
#
@@ -896,7 +889,7 @@ ttl:
# - Windows Command Line (CMD):
# > set TTL_REFRESH_TOKEN=
#
- refresh_token: -1
+ refresh_token: '-1'
## id_token ##
#
@@ -944,7 +937,7 @@ oauth2:
# - Windows Command Line (CMD):
# > set OAUTH2_EXPOSE_INTERNAL_ERRORS=
#
- expose_internal_errors: false
+ expose_internal_errors: true
## hashers ##
#
@@ -968,7 +961,7 @@ oauth2:
# - Windows Command Line (CMD):
# > set OAUTH2_HASHERS_BCRYPT_COST=
#
- cost: 41923326
+ cost: 39871948
## pkce ##
#
diff --git a/docs/versioned_docs/version-v1.4/advanced.md b/docs/versioned_docs/version-v1.4/advanced.md
index c3d5947ee56..1f1bca75d23 100644
--- a/docs/versioned_docs/version-v1.4/advanced.md
+++ b/docs/versioned_docs/version-v1.4/advanced.md
@@ -5,7 +5,34 @@ title: Advanced Topics
This guide aims to help setting up a production system with ORY Hydra.
-
+## Self-Signed SSL
+
+If you want to run ORY Hydra using self-signed TLS certificates, you can do the
+following:
+
+```
+$ openssl genrsa -out key.pem 4096
+$ openssl req -new -x509 -sha256 -key key.pem -out cert.crt -days 365
+
+$ SERVE_TLS_CERT_BASE64=$(base64 -i cert.crt)
+$ SERVE_TLS_KEY_BASE64=$(base64 -i key.pem)
+
+# or
+
+$ SERVE_TLS_KEY_PATH=/path/to/key.pem
+$ SERVE_TLS_CERT_PATH=/path/to/cert.crt
+```
+
+If you run Docker locally, you can then use
+
+```
+$ docker run ... \
+ -e SERVE_TLS_CERT_BASE64=$(SERVE_TLS_CERT_BASE64) \
+ -e SERVE_TLS_KEY_BASE64=$(SERVE_TLS_KEY_BASE64) \
+ ...
+```
+
+or mount the files using `--mount` and linking to the files.
## Mobile & Browser (SPA) Authorization
@@ -448,3 +475,11 @@ values are `Strict`, `Lax` or `None`.
If you wish to embed requests to hydra on a third party site (for example an
iframe that periodically polls to check session status) you will need to set the
mode to `None`.
+
+Some
+[browser versions](https://www.chromium.org/updates/same-site/incompatible-clients)
+reject cookies using the `Same-Site=None` attribute. Hydra implements a
+[workaround](https://web.dev/samesite-cookie-recipes/#handling-incompatible-clients)
+that can be enabled by setting `serve.cookies.same_site_legacy_workaround` to
+`true`. This workaround is disabled by default, and only takes effect when
+`serve.cookies.same_site_mode` is set to `None`.
diff --git a/docs/versioned_docs/version-v1.4/configure-deploy.mdx b/docs/versioned_docs/version-v1.4/configure-deploy.mdx
index aa03c17f9a8..62859410ac0 100644
--- a/docs/versioned_docs/version-v1.4/configure-deploy.mdx
+++ b/docs/versioned_docs/version-v1.4/configure-deploy.mdx
@@ -78,11 +78,11 @@ $ export SECRETS_SYSTEM=$(export LC_CTYPE=C; cat /dev/urandom | tr -dc 'a-zA-Z0-
$ export DSN=postgres://hydra:secret@ory-hydra-example--postgres:5432/hydra?sslmode=disable
# Before starting, let's pull the latest ORY Hydra tag from docker.
-$ docker pull oryd/hydra:v1.4.7
+$ docker pull oryd/hydra:1.4.8
# This command will show you all the environment variables that you can set. Read this carefully.
# It is the equivalent to `hydra help serve`.
-$ docker run -it --rm --entrypoint hydra oryd/hydra:v1.4.7 help serve
+$ docker run -it --rm --entrypoint hydra oryd/hydra:1.4.8 help serve
Starts all HTTP/2 APIs and connects to a database backend.
[...]
@@ -92,7 +92,7 @@ Starts all HTTP/2 APIs and connects to a database backend.
# It is the equivalent to `hydra migrate sql --yes postgres://hydra:secret@ory-hydra-example--postgres:5432/hydra?sslmode=disable`
$ docker run -it --rm \
--network hydraguide \
- oryd/hydra:v1.4.7 \
+ oryd/hydra:1.4.8 \
migrate sql --yes $DSN
Applying `client` SQL migrations...
@@ -110,7 +110,7 @@ $ docker run -d \
-e URLS_SELF_ISSUER=https://localhost:9000/ \
-e URLS_CONSENT=http://localhost:9020/consent \
-e URLS_LOGIN=http://localhost:9020/login \
- oryd/hydra:v1.4.7 serve all
+ oryd/hydra:1.4.8 serve all
# And check if it's running:
$ docker logs ory-hydra-example--hydra
@@ -178,7 +178,7 @@ ORY Hydra can be managed using the Hydra Command Line Interface (CLI), which is
using ORY Hydra's REST APIs. To see the available commands, run:
```shell
-$ docker run --rm -it --entrypoint hydra oryd/hydra:v1.4.7 help
+$ docker run --rm -it --entrypoint hydra oryd/hydra:1.4.8 help
Hydra is a cloud native high throughput OAuth2 and OpenID Connect provider
Usage:
@@ -237,7 +237,7 @@ URLs the client may request:
$ docker run --rm -it \
-e HYDRA_ADMIN_URL=https://ory-hydra-example--hydra:4445 \
--network hydraguide \
- oryd/hydra:v1.4.7 \
+ oryd/hydra:1.4.8 \
clients create --skip-tls-verify \
--id facebook-photo-backup \
--secret some-secret \
@@ -284,7 +284,7 @@ for an access token. The same thing happens with this command:
$ docker run --rm -it \
--network hydraguide \
-p 9010:9010 \
- oryd/hydra:v1.4.7 \
+ oryd/hydra:1.4.8 \
token user --skip-tls-verify \
--port 9010 \
--auth-url https://localhost:9000/oauth2/auth \
diff --git a/docs/versioned_docs/version-v1.4/install.md b/docs/versioned_docs/version-v1.4/install.md
index 0637410a452..986f962e0bd 100644
--- a/docs/versioned_docs/version-v1.4/install.md
+++ b/docs/versioned_docs/version-v1.4/install.md
@@ -11,8 +11,8 @@ binaries, Docker Images and support various package managers.
We recommend using Docker to run ORY Hydra:
```shell
-$ docker pull oryd/hydra:v1.4.7
-$ docker run --rm -it oryd/hydra:v1.4.7 help
+$ docker pull oryd/hydra:1.4.8
+$ docker run --rm -it oryd/hydra:1.4.8 help
```
## macOS
@@ -31,7 +31,7 @@ On linux, you can use `bash <(curl ...)` to fetch the latest stable binary
using:
```shell
-$ bash <(curl https://raw.githubusercontent.com/ory/hydra/master/install.sh) -b . v1.4.7
+$ bash <(curl https://raw.githubusercontent.com/ory/hydra/master/install.sh) -b . 1.4.8
$ ./hydra help
```
diff --git a/docs/versioned_docs/version-v1.4/reference/api.md b/docs/versioned_docs/version-v1.4/reference/api.md
index 76579db1a4b..21498167915 100644
--- a/docs/versioned_docs/version-v1.4/reference/api.md
+++ b/docs/versioned_docs/version-v1.4/reference/api.md
@@ -1661,7 +1661,7 @@ Status Code **200**
"contacts": [
"string"
],
- "created_at": "2020-04-24T09:00:46Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": [
@@ -1691,7 +1691,7 @@ Status Code **200**
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T09:00:46Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
}
]
@@ -1870,7 +1870,7 @@ OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usuall
"contacts": [
"string"
],
- "created_at": "2020-04-24T09:00:46Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": [
@@ -1900,7 +1900,7 @@ OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usuall
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T09:00:46Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
}
```
@@ -1946,7 +1946,7 @@ OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usuall
"contacts": [
"string"
],
- "created_at": "2020-04-24T09:00:46Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": [
@@ -1976,7 +1976,7 @@ OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usuall
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T09:00:46Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
}
```
@@ -2057,7 +2057,7 @@ const input = '{
"contacts": [
"string"
],
- "created_at": "2020-04-24T09:00:46Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": [
@@ -2087,7 +2087,7 @@ const input = '{
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T09:00:46Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
}';
const headers = {
@@ -2226,7 +2226,7 @@ OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usuall
"contacts": [
"string"
],
- "created_at": "2020-04-24T09:00:46Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": [
@@ -2256,7 +2256,7 @@ OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usuall
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T09:00:46Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
}
```
@@ -2434,7 +2434,7 @@ OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usuall
"contacts": [
"string"
],
- "created_at": "2020-04-24T09:00:46Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": [
@@ -2464,7 +2464,7 @@ OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usuall
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T09:00:46Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
}
```
@@ -2509,7 +2509,7 @@ OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usuall
"contacts": [
"string"
],
- "created_at": "2020-04-24T09:00:46Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": [
@@ -2539,7 +2539,7 @@ OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usuall
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T09:00:46Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
}
```
@@ -2620,7 +2620,7 @@ const input = '{
"contacts": [
"string"
],
- "created_at": "2020-04-24T09:00:46Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": [
@@ -2650,7 +2650,7 @@ const input = '{
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T09:00:46Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
}';
const headers = {
@@ -4823,7 +4823,7 @@ or rejected the request.
"contacts": [
"string"
],
- "created_at": "2020-04-24T09:00:46Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": [
@@ -4853,7 +4853,7 @@ or rejected the request.
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T09:00:46Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
},
"context": {},
@@ -5063,7 +5063,7 @@ The response contains a redirect URL which the consent provider should redirect
"grant_scope": [
"string"
],
- "handled_at": "2020-04-24T09:00:46Z",
+ "handled_at": "2020-04-25T11:08:35Z",
"remember": true,
"remember_for": 0,
"session": {
@@ -5174,7 +5174,7 @@ const input = '{
"grant_scope": [
"string"
],
- "handled_at": "2020-04-24T09:00:46Z",
+ "handled_at": "2020-04-25T11:08:35Z",
"remember": true,
"remember_for": 0,
"session": {
@@ -5552,7 +5552,7 @@ provider uses that challenge to fetch information on the OAuth2 request and then
"contacts": [
"string"
],
- "created_at": "2020-04-24T09:00:46Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": [
@@ -5582,7 +5582,7 @@ provider uses that challenge to fetch information on the OAuth2 request and then
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T09:00:46Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
},
"oidc_context": {
@@ -6903,7 +6903,7 @@ Status Code **200**
"contacts": [
"string"
],
- "created_at": "2020-04-24T09:00:46Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": [
@@ -6933,7 +6933,7 @@ Status Code **200**
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T09:00:46Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
},
"context": {},
@@ -6969,7 +6969,7 @@ Status Code **200**
"grant_scope": [
"string"
],
- "handled_at": "2020-04-24T09:00:46Z",
+ "handled_at": "2020-04-25T11:08:35Z",
"remember": true,
"remember_for": 0,
"session": {
@@ -7522,7 +7522,7 @@ automatically when performing the refresh flow.
```json
{
- "notAfter": "2020-04-24T09:00:46Z"
+ "notAfter": "2020-04-25T11:08:35Z"
}
```
@@ -7618,7 +7618,7 @@ func main() {
```nodejs
const fetch = require('node-fetch');
const input = '{
- "notAfter": "2020-04-24T09:00:46Z"
+ "notAfter": "2020-04-25T11:08:35Z"
}';
const headers = {
'Content-Type': 'application/json', 'Accept': 'application/json'
@@ -8242,7 +8242,7 @@ effectively written in the swagger spec.*
```json
-"2020-04-24T09:00:46Z"
+"2020-04-25T11:08:35Z"
```
@@ -8281,7 +8281,7 @@ effectively written in the swagger spec.*
"contacts": [
"string"
],
- "created_at": "2020-04-24T09:00:46Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": [
@@ -8311,7 +8311,7 @@ effectively written in the swagger spec.*
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T09:00:46Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
},
"context": {},
@@ -8347,7 +8347,7 @@ effectively written in the swagger spec.*
"grant_scope": [
"string"
],
- "handled_at": "2020-04-24T09:00:46Z",
+ "handled_at": "2020-04-25T11:08:35Z",
"remember": true,
"remember_for": 0,
"session": {
@@ -8412,7 +8412,7 @@ same as HandledLoginRequest, just with consent_request exposed as json*
"grant_scope": [
"string"
],
- "handled_at": "2020-04-24T09:00:46Z",
+ "handled_at": "2020-04-25T11:08:35Z",
"remember": true,
"remember_for": 0,
"session": {
@@ -8518,7 +8518,7 @@ same as HandledLoginRequest, just with consent_request exposed as json*
"contacts": [
"string"
],
- "created_at": "2020-04-24T09:00:46Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": [
@@ -8548,7 +8548,7 @@ same as HandledLoginRequest, just with consent_request exposed as json*
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T09:00:46Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
},
"context": {},
@@ -8637,7 +8637,7 @@ same as HandledLoginRequest, just with consent_request exposed as json*
```json
{
- "notAfter": "2020-04-24T09:00:46Z"
+ "notAfter": "2020-04-25T11:08:35Z"
}
```
@@ -8761,7 +8761,7 @@ same as HandledLoginRequest, just with consent_request exposed as json*
"contacts": [
"string"
],
- "created_at": "2020-04-24T09:00:46Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": [
@@ -8791,7 +8791,7 @@ same as HandledLoginRequest, just with consent_request exposed as json*
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T09:00:46Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
},
"oidc_context": {
@@ -8887,7 +8887,7 @@ same as HandledLoginRequest, just with consent_request exposed as json*
"contacts": [
"string"
],
- "created_at": "2020-04-24T09:00:46Z",
+ "created_at": "2020-04-25T11:08:35Z",
"frontchannel_logout_session_required": true,
"frontchannel_logout_uri": "string",
"grant_types": [
@@ -8917,7 +8917,7 @@ same as HandledLoginRequest, just with consent_request exposed as json*
"subject_type": "string",
"token_endpoint_auth_method": "string",
"tos_uri": "string",
- "updated_at": "2020-04-24T09:00:46Z",
+ "updated_at": "2020-04-25T11:08:35Z",
"userinfo_signed_response_alg": "string"
}
diff --git a/docs/versioned_docs/version-v1.4/reference/configuration.md b/docs/versioned_docs/version-v1.4/reference/configuration.md
index e09d15352e6..ed7e8b8d86f 100644
--- a/docs/versioned_docs/version-v1.4/reference/configuration.md
+++ b/docs/versioned_docs/version-v1.4/reference/configuration.md
@@ -42,7 +42,7 @@ log:
# - Windows Command Line (CMD):
# > set LOG_LEVEL=
#
- level: panic
+ level: trace
## format ##
#
@@ -80,7 +80,7 @@ serve:
# - Windows Command Line (CMD):
# > set SERVE_PUBLIC_PORT=
#
- port: 2975
+ port: 51721
## host ##
#
@@ -95,7 +95,7 @@ serve:
# - Windows Command Line (CMD):
# > set SERVE_PUBLIC_HOST=
#
- host: ""
+ host: localhost
## cors ##
#
@@ -152,10 +152,8 @@ serve:
# > set SERVE_PUBLIC_CORS_ALLOWED_METHODS=
#
allowed_methods:
- - DELETE
- - POST
- - CONNECT
- - PUT
+ - GET
+ - GET
## allowed_headers ##
#
@@ -170,11 +168,10 @@ serve:
# > set SERVE_PUBLIC_CORS_ALLOWED_HEADERS=
#
allowed_headers:
- - non sit dolore
- - non ad dolore mollit in
- - in incididunt non
- - id
- - fugiat
+ - commodo eu et dolore ad
+ - eiusmod
+ - aliqua nulla aute sint labore
+ - eu eiusmod
## exposed_headers ##
#
@@ -189,7 +186,9 @@ serve:
# > set SERVE_PUBLIC_CORS_EXPOSED_HEADERS=
#
exposed_headers:
- - enim
+ - ad
+ - velit
+ - nostrud
## allow_credentials ##
#
@@ -229,7 +228,7 @@ serve:
# - Windows Command Line (CMD):
# > set SERVE_PUBLIC_CORS_MAX_AGE=
#
- max_age: 5576775
+ max_age: 86527639
## debug ##
#
@@ -243,7 +242,7 @@ serve:
# - Windows Command Line (CMD):
# > set SERVE_PUBLIC_CORS_DEBUG=
#
- debug: true
+ debug: false
## access_log ##
#
@@ -263,7 +262,7 @@ serve:
# - Windows Command Line (CMD):
# > set SERVE_PUBLIC_ACCESS_LOG_DISABLE_FOR_HEALTH=
#
- disable_for_health: true
+ disable_for_health: false
## admin ##
#
@@ -279,7 +278,7 @@ serve:
# - Windows Command Line (CMD):
# > set SERVE_ADMIN_PORT=
#
- port: 57418
+ port: 55165
## host ##
#
@@ -294,7 +293,7 @@ serve:
# - Windows Command Line (CMD):
# > set SERVE_ADMIN_HOST=
#
- host: ""
+ host: localhost
## cors ##
#
@@ -349,8 +348,10 @@ serve:
# > set SERVE_ADMIN_CORS_ALLOWED_METHODS=
#
allowed_methods:
+ - GET
+ - OPTIONS
- DELETE
- - TRACE
+ - POST
## allowed_headers ##
#
@@ -365,11 +366,7 @@ serve:
# > set SERVE_ADMIN_CORS_ALLOWED_HEADERS=
#
allowed_headers:
- - mollit cillum nulla
- - proident mollit
- - aute labore ex dolore
- - culpa aliquip in aliqua
- - deserunt nisi
+ - in ex cupidatat culpa
## exposed_headers ##
#
@@ -384,9 +381,8 @@ serve:
# > set SERVE_ADMIN_CORS_EXPOSED_HEADERS=
#
exposed_headers:
- - anim adipisicing consequat in dolor
- - pariatur reprehenderit
- - ullamco
+ - elit
+ - ad amet consequat incididunt
## allow_credentials ##
#
@@ -400,7 +396,7 @@ serve:
# - Windows Command Line (CMD):
# > set SERVE_ADMIN_CORS_ALLOW_CREDENTIALS=
#
- allow_credentials: false
+ allow_credentials: true
## options_passthrough ##
#
@@ -426,7 +422,7 @@ serve:
# - Windows Command Line (CMD):
# > set SERVE_ADMIN_CORS_MAX_AGE=
#
- max_age: 21914849
+ max_age: 48526543
## debug ##
#
@@ -440,7 +436,7 @@ serve:
# - Windows Command Line (CMD):
# > set SERVE_ADMIN_CORS_DEBUG=
#
- debug: true
+ debug: false
## access_log ##
#
@@ -460,7 +456,7 @@ serve:
# - Windows Command Line (CMD):
# > set SERVE_ADMIN_ACCESS_LOG_DISABLE_FOR_HEALTH=
#
- disable_for_health: true
+ disable_for_health: false
## tls ##
#
@@ -512,9 +508,6 @@ serve:
#
allow_termination_from:
- 127.0.0.1/32
- - 127.0.0.1/32
- - 127.0.0.1/32
- - 127.0.0.1/32
## cookies ##
#
@@ -532,7 +525,24 @@ serve:
# - Windows Command Line (CMD):
# > set SERVE_COOKIES_SAME_SITE_MODE=
#
- same_site_mode: Strict
+ same_site_mode: Lax
+
+ ## same_site_legacy_workaround ##
+ #
+ # Some older browser versions don’t work with SameSite=None. This option enables the workaround defined in https://web.dev/samesite-cookie-recipes/ which essentially stores a second cookie without SameSite as a fallback.
+ #
+ # Default value: false
+ #
+ # Examples:
+ # - true
+ #
+ # Set this value using environment variables on
+ # - Linux/macOS:
+ # $ export SERVE_COOKIES_SAME_SITE_LEGACY_WORKAROUND=
+ # - Windows Command Line (CMD):
+ # > set SERVE_COOKIES_SAME_SITE_LEGACY_WORKAROUND=
+ #
+ same_site_legacy_workaround: false
## dsn ##
#
@@ -544,7 +554,7 @@ serve:
# - Windows Command Line (CMD):
# > set DSN=
#
-dsn: deserunt non Excepteur esse labore
+dsn: reprehenderit quis
## webfinger ##
#
@@ -573,8 +583,7 @@ webfinger:
# - Windows Command Line (CMD):
# > set WEBFINGER_JWKS_BROADCAST_KEYS=
#
- broadcast_keys:
- - hydra.openid.id-token
+ broadcast_keys: hydra.jwt.access-token
## oidc_discovery ##
#
@@ -900,7 +909,7 @@ ttl:
# - Windows Command Line (CMD):
# > set TTL_REFRESH_TOKEN=
#
- refresh_token: 720h
+ refresh_token: "-1"
## id_token ##
#
@@ -975,7 +984,7 @@ oauth2:
# - Windows Command Line (CMD):
# > set OAUTH2_HASHERS_BCRYPT_COST=
#
- cost: 58081825
+ cost: 39871948
## pkce ##
#
diff --git a/docs/versions.json b/docs/versions.json
index 481f66607a9..3fd4df993ee 100644
--- a/docs/versions.json
+++ b/docs/versions.json
@@ -1,4 +1,4 @@
[
- "1.4",
- "v1.4"
+ "v1.4",
+ "1.4"
]