diff --git a/.docker_compose/config.yaml b/.docker_compose/config.yaml index 2df5698819..de024a758f 100644 --- a/.docker_compose/config.yaml +++ b/.docker_compose/config.yaml @@ -26,7 +26,7 @@ mutators: enabled: true config: headers: - X-User: '{{ print .Subject }}' + X-User: "{{ print .Subject }}" noop: enabled: true id_token: diff --git a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml index b275d25f09..6e8ce5f067 100644 --- a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml +++ b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml @@ -1,17 +1,17 @@ -description: 'Create a bug report' +description: "Create a bug report" labels: - bug -name: 'Bug Report' +name: "Bug Report" body: - attributes: value: "Thank you for taking the time to fill out this bug report!\n" type: markdown - attributes: - label: 'Preflight checklist' + label: "Preflight checklist" options: - label: - 'I could not find a solution in the existing issues, docs, nor - discussions.' + "I could not find a solution in the existing issues, docs, nor + discussions." required: true - label: "I agree to follow this project's [Code of @@ -22,18 +22,18 @@ body: Guidelines](https://github.com/ory/oathkeeper/blob/master/CONTRIBUTING.md)." required: true - label: - 'This issue affects my [Ory Cloud](https://www.ory.sh/) project.' + "This issue affects my [Ory Cloud](https://www.ory.sh/) project." - label: - 'I have joined the [Ory Community Slack](https://slack.ory.sh).' + "I have joined the [Ory Community Slack](https://slack.ory.sh)." - label: - 'I am signed up to the [Ory Security Patch - Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53).' + "I am signed up to the [Ory Security Patch + Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)." id: checklist type: checkboxes - attributes: - description: 'A clear and concise description of what the bug is.' - label: 'Describe the bug' - placeholder: 'Tell us what you see!' + description: "A clear and concise description of what the bug is." + label: "Describe the bug" + placeholder: "Tell us what you see!" id: describe-bug type: textarea validations: @@ -47,17 +47,17 @@ body: 1. Run `docker run ....` 2. Make API Request to with `curl ...` 3. Request fails with response: `{"some": "error"}` - label: 'Reproducing the bug' + label: "Reproducing the bug" id: reproduce-bug type: textarea validations: required: true - attributes: description: - 'Please copy and paste any relevant log output. This will be + "Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks. Please - redact any sensitive information' - label: 'Relevant log output' + redact any sensitive information" + label: "Relevant log output" render: shell placeholder: | log=error .... @@ -65,10 +65,10 @@ body: type: textarea - attributes: description: - 'Please copy and paste any relevant configuration. This will be + "Please copy and paste any relevant configuration. This will be automatically formatted into code, so no need for backticks. Please - redact any sensitive information!' - label: 'Relevant configuration' + redact any sensitive information!" + label: "Relevant configuration" render: yml placeholder: | server: @@ -77,14 +77,14 @@ body: id: config type: textarea - attributes: - description: 'What version of our software are you running?' + description: "What version of our software are you running?" label: Version id: version type: input validations: required: true - attributes: - label: 'On which operating system are you observing this issue?' + label: "On which operating system are you observing this issue?" options: - Ory Cloud - macOS @@ -95,19 +95,19 @@ body: id: operating-system type: dropdown - attributes: - label: 'In which environment are you deploying?' + label: "In which environment are you deploying?" options: - Ory Cloud - Docker - - 'Docker Compose' - - 'Kubernetes with Helm' + - "Docker Compose" + - "Kubernetes with Helm" - Kubernetes - Binary - Other id: deployment type: dropdown - attributes: - description: 'Add any other context about the problem here.' + description: "Add any other context about the problem here." label: Additional Context id: additional type: textarea diff --git a/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml b/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml index 08e7fb9bae..c3e2e8c4eb 100644 --- a/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml +++ b/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml @@ -1,8 +1,8 @@ description: - 'A design document is needed for non-trivial changes to the code base.' + "A design document is needed for non-trivial changes to the code base." labels: - rfc -name: 'Design Document' +name: "Design Document" body: - attributes: value: | @@ -18,11 +18,11 @@ body: after code reviews, and your pull requests will be merged faster. type: markdown - attributes: - label: 'Preflight checklist' + label: "Preflight checklist" options: - label: - 'I could not find a solution in the existing issues, docs, nor - discussions.' + "I could not find a solution in the existing issues, docs, nor + discussions." required: true - label: "I agree to follow this project's [Code of @@ -33,18 +33,18 @@ body: Guidelines](https://github.com/ory/oathkeeper/blob/master/CONTRIBUTING.md)." required: true - label: - 'This issue affects my [Ory Cloud](https://www.ory.sh/) project.' + "This issue affects my [Ory Cloud](https://www.ory.sh/) project." - label: - 'I have joined the [Ory Community Slack](https://slack.ory.sh).' + "I have joined the [Ory Community Slack](https://slack.ory.sh)." - label: - 'I am signed up to the [Ory Security Patch - Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53).' + "I am signed up to the [Ory Security Patch + Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)." id: checklist type: checkboxes - attributes: description: | This section gives the reader a very rough overview of the landscape in which the new system is being built and what is actually being built. This isn’t a requirements doc. Keep it succinct! The goal is that readers are brought up to speed but some previous knowledge can be assumed and detailed info can be linked to. This section should be entirely focused on objective background facts. - label: 'Context and scope' + label: "Context and scope" id: scope type: textarea validations: @@ -53,7 +53,7 @@ body: - attributes: description: | A short list of bullet points of what the goals of the system are, and, sometimes more importantly, what non-goals are. Note, that non-goals aren’t negated goals like “The system shouldn’t crash”, but rather things that could reasonably be goals, but are explicitly chosen not to be goals. A good example would be “ACID compliance”; when designing a database, you’d certainly want to know whether that is a goal or non-goal. And if it is a non-goal you might still select a solution that provides it, if it doesn’t introduce trade-offs that prevent achieving the goals. - label: 'Goals and non-goals' + label: "Goals and non-goals" id: goals type: textarea validations: @@ -65,7 +65,7 @@ body: The design doc is the place to write down the trade-offs you made in designing your software. Focus on those trade-offs to produce a useful document with long-term value. That is, given the context (facts), goals and non-goals (requirements), the design doc is the place to suggest solutions and show why a particular solution best satisfies those goals. The point of writing a document over a more formal medium is to provide the flexibility to express the problem set at hand in an appropriate manner. Because of this, there is no explicit guidance for how to actually describe the design. - label: 'The design' + label: "The design" id: design type: textarea validations: @@ -74,21 +74,21 @@ body: - attributes: description: | If the system under design exposes an API, then sketching out that API is usually a good idea. In most cases, however, one should withstand the temptation to copy-paste formal interface or data definitions into the doc as these are often verbose, contain unnecessary detail and quickly get out of date. Instead focus on the parts that are relevant to the design and its trade-offs. - label: 'APIs' + label: "APIs" id: apis type: textarea - attributes: description: | Systems that store data should likely discuss how and in what rough form this happens. Similar to the advice on APIs, and for the same reasons, copy-pasting complete schema definitions should be avoided. Instead focus on the parts that are relevant to the design and its trade-offs. - label: 'Data storage' + label: "Data storage" id: persistence type: textarea - attributes: description: | Design docs should rarely contain code, or pseudo-code except in situations where novel algorithms are described. As appropriate, link to prototypes that show the implementability of the design. - label: 'Code and pseudo-code' + label: "Code and pseudo-code" id: pseudocode type: textarea @@ -101,7 +101,7 @@ body: On the other end are systems where the possible solutions are very well defined, but it isn’t at all obvious how they could even be combined to achieve the goals. This may be a legacy system that is difficult to change and wasn’t designed to do what you want it to do or a library design that needs to operate within the constraints of the host programming language. In this situation you may be able to enumerate all the things you can do relatively easily, but you need to creatively put those things together to achieve the goals. There may be multiple solutions, and none of them are really great, and hence such a document should focus on selecting the best way given all identified trade-offs. - label: 'Degree of constraint' + label: "Degree of constraint" id: constrait type: textarea diff --git a/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml b/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml index eee5071e80..4535e85d5c 100644 --- a/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml +++ b/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml @@ -1,8 +1,8 @@ description: - 'Suggest an idea for this project without a plan for implementation' + "Suggest an idea for this project without a plan for implementation" labels: - feat -name: 'Feature Request' +name: "Feature Request" body: - attributes: value: | @@ -11,11 +11,11 @@ body: If you already have a plan to implement a feature or a change, please create a [design document](https://github.com/aeneasr/gh-template-test/issues/new?assignees=&labels=rfc&template=DESIGN-DOC.yml) instead if the change is non-trivial! type: markdown - attributes: - label: 'Preflight checklist' + label: "Preflight checklist" options: - label: - 'I could not find a solution in the existing issues, docs, nor - discussions.' + "I could not find a solution in the existing issues, docs, nor + discussions." required: true - label: "I agree to follow this project's [Code of @@ -26,18 +26,18 @@ body: Guidelines](https://github.com/ory/oathkeeper/blob/master/CONTRIBUTING.md)." required: true - label: - 'This issue affects my [Ory Cloud](https://www.ory.sh/) project.' + "This issue affects my [Ory Cloud](https://www.ory.sh/) project." - label: - 'I have joined the [Ory Community Slack](https://slack.ory.sh).' + "I have joined the [Ory Community Slack](https://slack.ory.sh)." - label: - 'I am signed up to the [Ory Security Patch - Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53).' + "I am signed up to the [Ory Security Patch + Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)." id: checklist type: checkboxes - attributes: description: - 'Is your feature request related to a problem? Please describe.' - label: 'Describe your problem' + "Is your feature request related to a problem? Please describe." + label: "Describe your problem" placeholder: "A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]" @@ -50,20 +50,20 @@ body: Describe the solution you'd like placeholder: | A clear and concise description of what you want to happen. - label: 'Describe your ideal solution' + label: "Describe your ideal solution" id: solution type: textarea validations: required: true - attributes: description: "Describe alternatives you've considered" - label: 'Workarounds or alternatives' + label: "Workarounds or alternatives" id: alternatives type: textarea validations: required: true - attributes: - description: 'What version of our software are you running?' + description: "What version of our software are you running?" label: Version id: version type: input @@ -71,7 +71,7 @@ body: required: true - attributes: description: - 'Add any other context or screenshots about the feature request here.' + "Add any other context or screenshots about the feature request here." label: Additional Context id: additional type: textarea diff --git a/.github/config.yml b/.github/config.yml index 0d121fe184..ea33569797 100644 --- a/.github/config.yml +++ b/.github/config.yml @@ -1,3 +1,3 @@ todo: - keyword: '@todo' + keyword: "@todo" label: todo diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index d8bcb167f0..8125a1915d 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -38,13 +38,18 @@ If you're unsure about any of them, don't hesitate to ask. We're here to help! --> - [ ] I have read the [contributing guidelines](../blob/master/CONTRIBUTING.md). -- [ ] I have referenced an issue containing the design document if my change introduces a new feature. -- [ ] I am following the [contributing code guidelines](../blob/master/CONTRIBUTING.md#contributing-code). +- [ ] I have referenced an issue containing the design document if my change + introduces a new feature. +- [ ] I am following the + [contributing code guidelines](../blob/master/CONTRIBUTING.md#contributing-code). - [ ] I have read the [security policy](../security/policy). -- [ ] I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security. - vulnerability, I confirm that I got green light (please contact [security@ory.sh](mailto:security@ory.sh)) from the - maintainers to push the changes. -- [ ] I have added tests that prove my fix is effective or that my feature works. +- [ ] I confirm that this pull request does not address a security + vulnerability. If this pull request addresses a security. vulnerability, I + confirm that I got green light (please contact + [security@ory.sh](mailto:security@ory.sh)) from the maintainers to push + the changes. +- [ ] I have added tests that prove my fix is effective or that my feature + works. - [ ] I have added or changed [the documentation](https://github.com/ory/docs). ## Further Comments diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 15ef44fa0a..51d5adea9c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,7 +4,7 @@ on: branches: - master tags: - - '*' + - "*" pull_request: # Cancel in-progress runs in current workflow. @@ -67,7 +67,7 @@ jobs: - uses: ory/ci/checkout@master - uses: actions/setup-go@v2 with: - go-version: '^1.17' + go-version: "^1.17" - run: make install - uses: actions/cache@v2 with: @@ -81,7 +81,7 @@ jobs: name: Run tests strategy: matrix: - name: ['reload', 'e2e', 'forwarded-header'] + name: ["reload", "e2e", "forwarded-header"] needs: - sdk-generate - setup-tests @@ -89,7 +89,7 @@ jobs: - uses: ory/ci/checkout@master - uses: actions/setup-go@v2 with: - go-version: '^1.17' + go-version: "^1.17" - uses: actions/cache@v2 with: path: ~/go/bin/oathkeeper @@ -173,7 +173,7 @@ jobs: mailchimp_list_id: f605a41b53 mailchmip_segment_id: 6479485 mailchimp_api_key: ${{ secrets.MAILCHIMP_API_KEY }} - draft: 'true' + draft: "true" ssh_key: ${{ secrets.ORY_BOT_SSH_KEY }} slack-approval-notification: @@ -200,5 +200,5 @@ jobs: mailchimp_list_id: f605a41b53 mailchmip_segment_id: 6479485 mailchimp_api_key: ${{ secrets.MAILCHIMP_API_KEY }} - draft: 'false' + draft: "false" ssh_key: ${{ secrets.ORY_BOT_SSH_KEY }} diff --git a/.github/workflows/closed_references.yml b/.github/workflows/closed_references.yml index ebafc8a71a..2789ac42c2 100644 --- a/.github/workflows/closed_references.yml +++ b/.github/workflows/closed_references.yml @@ -2,13 +2,13 @@ name: Closed Reference Notifier on: schedule: - - cron: '0 0 * * *' + - cron: "0 0 * * *" workflow_dispatch: inputs: issueLimit: description: Max. number of issues to create required: true - default: '5' + default: "5" jobs: find_closed_references: @@ -19,7 +19,7 @@ jobs: - uses: actions/checkout@v2 - uses: actions/setup-node@v2-beta with: - node-version: '14' + node-version: "14" - uses: ory/closed-reference-notifier@v1 with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 2079a1fcc2..a684dbe764 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -9,7 +9,7 @@ # the `language` matrix defined below to confirm you have the correct set of # supported CodeQL languages. # -name: 'CodeQL' +name: "CodeQL" on: push: @@ -18,7 +18,7 @@ on: # The branches below must be a subset of the branches above branches: [master] schedule: - - cron: '26 0 * * 2' + - cron: "26 0 * * 2" jobs: analyze: @@ -32,7 +32,7 @@ jobs: strategy: fail-fast: false matrix: - language: ['go'] + language: ["go"] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] # Learn more: # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml index 058a0eb61f..46a858758f 100644 --- a/.github/workflows/cve-scan.yaml +++ b/.github/workflows/cve-scan.yaml @@ -2,12 +2,12 @@ name: Docker Image Scanners on: push: branches: - - 'master' + - "master" tags: - - 'v*.*.*' + - "v*.*.*" pull_request: branches: - - 'master' + - "master" jobs: scanners: @@ -63,21 +63,21 @@ jobs: if: ${{ always() }} with: image-ref: oryd/oathkeeper:${{ steps.vars.outputs.sha_short }} - format: 'table' - exit-code: '42' + format: "table" + exit-code: "42" ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + vuln-type: "os,library" + severity: "CRITICAL,HIGH" - name: Trivy Scanner 2 uses: aquasecurity/trivy-action@master if: ${{ always() }} with: image-ref: oryd/oathkeeper:alpine-${{ steps.vars.outputs.sha_short }} - format: 'table' - exit-code: '42' + format: "table" + exit-code: "42" ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + vuln-type: "os,library" + severity: "CRITICAL,HIGH" - name: Dockle Linter uses: erzz/dockle-action@v1.1.1 if: ${{ always() }} diff --git a/.github/workflows/milestone.yml b/.github/workflows/milestone.yml index b4a30699f0..fb47e4a78f 100644 --- a/.github/workflows/milestone.yml +++ b/.github/workflows/milestone.yml @@ -3,7 +3,7 @@ name: Generate and Publish Milestone Document on: workflow_dispatch: schedule: - - cron: '0 0 * * *' + - cron: "0 0 * * *" jobs: milestone: @@ -23,8 +23,8 @@ jobs: - name: Commit Milestone Documentation uses: EndBug/add-and-commit@v4.4.0 with: - message: 'autogen(docs): update milestone document' + message: "autogen(docs): update milestone document" author_name: aeneasr - author_email: '3372410+aeneasr@users.noreply.github.com' + author_email: "3372410+aeneasr@users.noreply.github.com" env: GITHUB_TOKEN: ${{ secrets.TOKEN_PRIVILEGED }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 395cb69206..eb36db174b 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,8 +1,8 @@ -name: 'Close Stale Issues' +name: "Close Stale Issues" on: workflow_dispatch: schedule: - - cron: '0 0 * * *' + - cron: "0 0 * * *" jobs: stale: @@ -35,10 +35,10 @@ jobs: Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you! Thank you 🙏✌️ - stale-issue-label: 'stale' - exempt-issue-labels: 'bug,blocking,docs,backlog' + stale-issue-label: "stale" + exempt-issue-labels: "bug,blocking,docs,backlog" days-before-stale: 365 days-before-close: 30 exempt-milestones: true exempt-assignees: true - only-pr-labels: 'stale' + only-pr-labels: "stale" diff --git a/.goreleaser.yml b/.goreleaser.yml index 0a306c59db..01c3c1a6b7 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -6,19 +6,19 @@ before: hooks: - go mod download - git checkout -- go.sum go.mod - - 'curl -Lo /tmp/cosign.key - https://raw.githubusercontent.com/ory/xgoreleaser/master/cosign.key' - - 'curl -Lo /tmp/cosign.pub - https://raw.githubusercontent.com/ory/xgoreleaser/master/cosign.pub' + - "curl -Lo /tmp/cosign.key + https://raw.githubusercontent.com/ory/xgoreleaser/master/cosign.key" + - "curl -Lo /tmp/cosign.pub + https://raw.githubusercontent.com/ory/xgoreleaser/master/cosign.pub" - go install github.com/gobuffalo/packr/v2/packr2 - packr2 variables: brew_name: oathkeeper - brew_description: 'The Ory Identity and Access Proxy (Ory Oathkeeper)' - buildinfo_hash: 'github.com/ory/oathkeeper/x.Commit' - buildinfo_tag: 'github.com/ory/oathkeeper/x.Version' - buildinfo_date: 'github.com/ory/oathkeeper/x.Date' - dockerfile: './Dockerfile-alpine' + brew_description: "The Ory Identity and Access Proxy (Ory Oathkeeper)" + buildinfo_hash: "github.com/ory/oathkeeper/x.Commit" + buildinfo_tag: "github.com/ory/oathkeeper/x.Version" + buildinfo_date: "github.com/ory/oathkeeper/x.Date" + dockerfile: "./Dockerfile-alpine" project_name: oathkeeper diff --git a/.schema/config.schema.json b/.schema/config.schema.json index c22d6de9c9..554849ab9f 100644 --- a/.schema/config.schema.json +++ b/.schema/config.schema.json @@ -397,6 +397,14 @@ "description": "When set uses the given HTTP method instead of the request HTTP method.", "examples": ["GET", "POST"] }, + "forward_http_headers": { + "title": "Set Forward HTTP Headers", + "type": "array", + "description": "Set HTTP Headers allowed forwarding to upstream.", + "additionalProperties": { + "type": "string" + } + }, "additional_headers": { "title": "Set Additional HTTP Headers", "type": "object", @@ -497,6 +505,14 @@ "description": "When set uses the given HTTP method instead of the request HTTP method.", "examples": ["GET", "POST"] }, + "forward_http_headers": { + "title": "Set Forward HTTP Headers", + "type": "array", + "description": "Set HTTP Headers allowed forwarding to upstream.", + "additionalProperties": { + "type": "string" + } + }, "additional_headers": { "title": "Set Additional HTTP Headers", "type": "object", diff --git a/.schema/openapi/gen.typescript.yml b/.schema/openapi/gen.typescript.yml index 5b640545fe..8030dff4ee 100644 --- a/.schema/openapi/gen.typescript.yml +++ b/.schema/openapi/gen.typescript.yml @@ -1,4 +1,4 @@ -npmName: '@ory/kratos-client' +npmName: "@ory/kratos-client" npmVersion: 0.0.0 # typescriptThreePlus: true #npmRepository: https://github.com/ory/sdk.git diff --git a/.schema/openapi/patches/health.yaml b/.schema/openapi/patches/health.yaml index 38e94c482d..a27139f965 100644 --- a/.schema/openapi/patches/health.yaml +++ b/.schema/openapi/patches/health.yaml @@ -13,17 +13,17 @@ refer to the cluster state, only to a single instance. operationId: isAlive responses: - '200': + "200": content: application/json: schema: - '$ref': '#/components/schemas/healthStatus' - description: '{{.ProjectHumanName}} is ready to accept connections.' - '500': + "$ref": "#/components/schemas/healthStatus" + description: "{{.ProjectHumanName}} is ready to accept connections." + "500": content: application/json: schema: - '$ref': '#/components/schemas/genericError' + "$ref": "#/components/schemas/genericError" description: genericError summary: Check HTTP Server Status tags: { { .HealthPathTags | toJson } } @@ -42,7 +42,7 @@ Be aware that if you are running multiple nodes of {{.ProjectHumanName}}, the health status will never refer to the cluster state, only to a single instance. responses: - '200': + "200": content: application/json: schema: @@ -51,8 +51,8 @@ status: description: Always "ok". type: string - description: '{{.ProjectHumanName}} is ready to accept requests.' - '503': + description: "{{.ProjectHumanName}} is ready to accept requests." + "503": content: application/json: schema: @@ -67,7 +67,7 @@ type: object description: Ory Kratos is not yet ready to accept requests. summary: Check HTTP Server and Database Status - tags: '{{ .HealthPathTags | toJson }}' + tags: "{{ .HealthPathTags | toJson }}" - op: replace path: /paths/~1version value: @@ -82,7 +82,7 @@ refer to the cluster state, only to a single instance. operationId: getVersion responses: - '200': + "200": content: application/json: schema: @@ -93,4 +93,4 @@ type: string description: Returns the {{.ProjectHumanName}} version. summary: Return Running Software Version. - tags: '{{ .HealthPathTags | toJson }}' + tags: "{{ .HealthPathTags | toJson }}" diff --git a/.schema/openapi/patches/meta.yaml b/.schema/openapi/patches/meta.yaml index 0070bbb2db..fd6d1fe182 100644 --- a/.schema/openapi/patches/meta.yaml +++ b/.schema/openapi/patches/meta.yaml @@ -9,4 +9,4 @@ license: name: Apache 2.0 contact: - email: 'hi@ory.sh' + email: "hi@ory.sh" diff --git a/CHANGELOG.md b/CHANGELOG.md index 1775bd6996..81b4171a30 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -289,31 +289,37 @@ - Cache behavior with TTL ([#968](https://github.com/ory/oathkeeper/issues/968)) ([c4836f5](https://github.com/ory/oathkeeper/commit/c4836f5341b63978db49f8c6fe8d6ba2ca2bf2bc)): - This test will fail since everytime Authenticate() succeeds the token is cached, even if it was already cached. This behavior - makes it possible to keep a token in cache if it is authenticated in a period less than the TTL. + This test will fail since everytime Authenticate() succeeds the token is + cached, even if it was already cached. This behavior makes it possible to keep + a token in cache if it is authenticated in a period less than the TTL. - Update format ([#970](https://github.com/ory/oathkeeper/issues/970)) ([17c4214](https://github.com/ory/oathkeeper/commit/17c42144fe03933a3441f88320a6aefd43c22eee)) ### Features -- JWT should only respect JWT-formats ([#958](https://github.com/ory/oathkeeper/issues/958)) +- JWT should only respect JWT-formats + ([#958](https://github.com/ory/oathkeeper/issues/958)) ([6959524](https://github.com/ory/oathkeeper/commit/69595243bde399d91b03cf0176debc5053a6d65b)) # [0.38.25-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.24-beta.1...v0.38.25-beta.1) (2022-04-13) -This release provides some minor fixes around headers, see the changelog for more info. +This release provides some minor fixes around headers, see the changelog for +more info. ### Bug Fixes -- Case insensitive headers ([#951](https://github.com/ory/oathkeeper/issues/951)) - ([2d04cfc](https://github.com/ory/oathkeeper/commit/2d04cfc8f0414168eaa13d154d38e3209aa38cb6)), closes - [#950](https://github.com/ory/oathkeeper/issues/950) -- Log proxy errors with logrus ([#937](https://github.com/ory/oathkeeper/issues/937)) +- Case insensitive headers + ([#951](https://github.com/ory/oathkeeper/issues/951)) + ([2d04cfc](https://github.com/ory/oathkeeper/commit/2d04cfc8f0414168eaa13d154d38e3209aa38cb6)), + closes [#950](https://github.com/ory/oathkeeper/issues/950) +- Log proxy errors with logrus + ([#937](https://github.com/ory/oathkeeper/issues/937)) ([46bfd70](https://github.com/ory/oathkeeper/commit/46bfd707749ff1280c04267c3a2d1cd82eab14ff)) -- Overzealous url validation ([#953](https://github.com/ory/oathkeeper/issues/953)) - ([d0c8d64](https://github.com/ory/oathkeeper/commit/d0c8d646f6fc94bf92e4f91ce5cc860033110e80)), closes - [#930](https://github.com/ory/oathkeeper/issues/930) +- Overzealous url validation + ([#953](https://github.com/ory/oathkeeper/issues/953)) + ([d0c8d64](https://github.com/ory/oathkeeper/commit/d0c8d646f6fc94bf92e4f91ce5cc860033110e80)), + closes [#930](https://github.com/ory/oathkeeper/issues/930) ### Code Generation @@ -322,7 +328,8 @@ This release provides some minor fixes around headers, see the changelog for mor ### Documentation -- Fix version schema ([c5497f3](https://github.com/ory/oathkeeper/commit/c5497f3c0076e4a3b7879f90edf1a7e000ca9306)) +- Fix version schema + ([c5497f3](https://github.com/ory/oathkeeper/commit/c5497f3c0076e4a3b7879f90edf1a7e000ca9306)) # [0.38.24-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.23-beta.1...v0.38.24-beta.1) (2022-04-06) @@ -335,15 +342,17 @@ With this release we improve tracing capabilities for Ory Oathkeeper. ### Features -- Trace for upstream request ([#931](https://github.com/ory/oathkeeper/issues/931)) - ([21ff340](https://github.com/ory/oathkeeper/commit/21ff3405e45655dd37ae3cee9fe7d9e04da5d9d3)), closes - [#928](https://github.com/ory/oathkeeper/issues/928) +- Trace for upstream request + ([#931](https://github.com/ory/oathkeeper/issues/931)) + ([21ff340](https://github.com/ory/oathkeeper/commit/21ff3405e45655dd37ae3cee9fe7d9e04da5d9d3)), + closes [#928](https://github.com/ory/oathkeeper/issues/928) # [0.38.23-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.22-beta.1...v0.38.23-beta.1) (2022-02-24) -Ory Oathkeeper has a new place for documentation at [github.com/ory/docs](https://github.com/ory/docs) and -[www.ory.sh/docs/oathkeeper](https://www.ory.sh/docs/oathkeeper)! Additionally, the CI/CD infrastructure was moved to GitHub -Actions. +Ory Oathkeeper has a new place for documentation at +[github.com/ory/docs](https://github.com/ory/docs) and +[www.ory.sh/docs/oathkeeper](https://www.ory.sh/docs/oathkeeper)! Additionally, +the CI/CD infrastructure was moved to GitHub Actions. ### Code Generation @@ -352,20 +361,24 @@ Actions. ### Features -- Ddd datadog and elastic-apm tracing schema ([#927](https://github.com/ory/oathkeeper/issues/927)) +- Ddd datadog and elastic-apm tracing schema + ([#927](https://github.com/ory/oathkeeper/issues/927)) ([e78855f](https://github.com/ory/oathkeeper/commit/e78855fb0b00e584a5e0c8033bfb13cffec0e87a)) # [0.38.22-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.20-beta.1...v0.38.22-beta.1) (2022-02-23) -Ory Oathkeeper has a new place for documentation at [github.com/ory/docs](https://github.com/ory/docs) and -[www.ory.sh/docs/oathkeeper](https://www.ory.sh/docs/oathkeeper)! Additionally, the CI/CD infrastructure was moved to GitHub -Actions. +Ory Oathkeeper has a new place for documentation at +[github.com/ory/docs](https://github.com/ory/docs) and +[www.ory.sh/docs/oathkeeper](https://www.ory.sh/docs/oathkeeper)! Additionally, +the CI/CD infrastructure was moved to GitHub Actions. -Please excuse the previous Ory Oathkeeper release notification. A faulty CI configuration. +Please excuse the previous Ory Oathkeeper release notification. A faulty CI +configuration. ### Bug Fixes -- Pass token to render-version-schema ([#929](https://github.com/ory/oathkeeper/issues/929)) +- Pass token to render-version-schema + ([#929](https://github.com/ory/oathkeeper/issues/929)) ([f763ced](https://github.com/ory/oathkeeper/commit/f763cedede602144b3e136ca8d58f9c1f28ccfa1)): Fixes branch protection error. @@ -377,17 +390,19 @@ Please excuse the previous Ory Oathkeeper release notification. A faulty CI conf # [0.38.20-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.19-beta.1...v0.38.20-beta.1) (2022-02-14) -This release introduces caching capabilities for the OAuth2 Client Credentials authenticator as well as compatibility with -Traefik! +This release introduces caching capabilities for the OAuth2 Client Credentials +authenticator as well as compatibility with Traefik! ### Bug Fixes -- Add pre-steps with packr2 ([#921](https://github.com/ory/oathkeeper/issues/921)) - ([d53ef01](https://github.com/ory/oathkeeper/commit/d53ef0123830060cec73d425fc9b3f7e93ada66d)), closes - [#920](https://github.com/ory/oathkeeper/issues/920) +- Add pre-steps with packr2 + ([#921](https://github.com/ory/oathkeeper/issues/921)) + ([d53ef01](https://github.com/ory/oathkeeper/commit/d53ef0123830060cec73d425fc9b3f7e93ada66d)), + closes [#920](https://github.com/ory/oathkeeper/issues/920) - Bump goreleaser orb ([#919](https://github.com/ory/oathkeeper/issues/919)) ([f8dcda2](https://github.com/ory/oathkeeper/commit/f8dcda26cca0489248739cbcb4133b959d4991fe)) -- Use all pre-hooks ([09be55f](https://github.com/ory/oathkeeper/commit/09be55feddffc8ed483258ce3e250fc57528054f)) +- Use all pre-hooks + ([09be55f](https://github.com/ory/oathkeeper/commit/09be55feddffc8ed483258ce3e250fc57528054f)) ### Code Generation @@ -396,39 +411,52 @@ Traefik! ### Code Refactoring -- Move docs to ory/docs ([a0c6927](https://github.com/ory/oathkeeper/commit/a0c69275fb6e768cfd07e4d467155f4cf95ebbb8)) +- Move docs to ory/docs + ([a0c6927](https://github.com/ory/oathkeeper/commit/a0c69275fb6e768cfd07e4d467155f4cf95ebbb8)) ### Documentation -- Recover sidebar ([165224f](https://github.com/ory/oathkeeper/commit/165224fdf6636d55b9fb71c81da9b13426b201f6)) +- Recover sidebar + ([165224f](https://github.com/ory/oathkeeper/commit/165224fdf6636d55b9fb71c81da9b13426b201f6)) ### Features -- Add post-release step ([e7fd550](https://github.com/ory/oathkeeper/commit/e7fd55030b9408e863f497deeb3e8f1bf66a9855)) -- Introduce token caching for client credentials authentication ([#922](https://github.com/ory/oathkeeper/issues/922)) - ([9a56154](https://github.com/ory/oathkeeper/commit/9a56154161429f9080ed6204e61aaf3a1ab731a1)), closes - [#870](https://github.com/ory/oathkeeper/issues/870): - - Right now every request via Oathkeeper that uses client credentials authentication requests a new access token. This can - introduce a lot of latency in the critical path of an application in case of a slow token endpoint. - - This change introduces a cache similar to the one that is used in the introspection authentication. - -- Migrate to openapi 3.0 generation ([190d1a7](https://github.com/ory/oathkeeper/commit/190d1a7d1319f216ca3c9e9289d5282733ecc88c)) -- Traefik decision api support ([#904](https://github.com/ory/oathkeeper/issues/904)) - ([bfde9df](https://github.com/ory/oathkeeper/commit/bfde9dfc6ef71762ab25289a0afbe6793899f312)), closes - [#521](https://github.com/ory/oathkeeper/issues/521) [#441](https://github.com/ory/oathkeeper/issues/441) - [#487](https://github.com/ory/oathkeeper/issues/487) [#263](https://github.com/ory/oathkeeper/issues/263): +- Add post-release step + ([e7fd550](https://github.com/ory/oathkeeper/commit/e7fd55030b9408e863f497deeb3e8f1bf66a9855)) +- Introduce token caching for client credentials authentication + ([#922](https://github.com/ory/oathkeeper/issues/922)) + ([9a56154](https://github.com/ory/oathkeeper/commit/9a56154161429f9080ed6204e61aaf3a1ab731a1)), + closes [#870](https://github.com/ory/oathkeeper/issues/870): + + Right now every request via Oathkeeper that uses client credentials + authentication requests a new access token. This can introduce a lot of + latency in the critical path of an application in case of a slow token + endpoint. + + This change introduces a cache similar to the one that is used in the + introspection authentication. + +- Migrate to openapi 3.0 generation + ([190d1a7](https://github.com/ory/oathkeeper/commit/190d1a7d1319f216ca3c9e9289d5282733ecc88c)) +- Traefik decision api support + ([#904](https://github.com/ory/oathkeeper/issues/904)) + ([bfde9df](https://github.com/ory/oathkeeper/commit/bfde9dfc6ef71762ab25289a0afbe6793899f312)), + closes [#521](https://github.com/ory/oathkeeper/issues/521) + [#441](https://github.com/ory/oathkeeper/issues/441) + [#487](https://github.com/ory/oathkeeper/issues/487) + [#263](https://github.com/ory/oathkeeper/issues/263): Closes https://github.com/ory/oathkeeper/discussions/899 # [0.38.19-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.17-beta.1...v0.38.19-beta.1) (2022-02-04) -This release adds support for rewriting the HTTP method in certain authenticators. +This release adds support for rewriting the HTTP method in certain +authenticators. ### Bug Fixes -- Bump Ory CLI ([5c03d4f](https://github.com/ory/oathkeeper/commit/5c03d4f0b8e1868fe6b1a30396f8411093d9c797)) +- Bump Ory CLI + ([5c03d4f](https://github.com/ory/oathkeeper/commit/5c03d4f0b8e1868fe6b1a30396f8411093d9c797)) - Update cve scanners ([#905](https://github.com/ory/oathkeeper/issues/905)) ([57c38c0](https://github.com/ory/oathkeeper/commit/57c38c0d4e75658373daaf3f6a80e22efd4dc3d5)) @@ -439,7 +467,8 @@ This release adds support for rewriting the HTTP method in certain authenticator ### Documentation -- Fix "decisions" typo in Introduction ([#907](https://github.com/ory/oathkeeper/issues/907)) +- Fix "decisions" typo in Introduction + ([#907](https://github.com/ory/oathkeeper/issues/907)) ([db346d5](https://github.com/ory/oathkeeper/commit/db346d5e3cae966f609f6bae38958c5d00970abe)) ### Features @@ -447,8 +476,9 @@ This release adds support for rewriting the HTTP method in certain authenticator - Allow overriding HTTP method for upstream calls ([69c64e7](https://github.com/ory/oathkeeper/commit/69c64e79eb7eb5ad415503c8f71a424f8da90f10)): - This patch adds new configuration `force_method` to the bearer token and cookie session authenticators. It allows overriding the - HTTP method for upstream calls. + This patch adds new configuration `force_method` to the bearer token and + cookie session authenticators. It allows overriding the HTTP method for + upstream calls. # [0.38.17-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.18-beta.1...v0.38.17-beta.1) (2022-02-03) @@ -456,33 +486,44 @@ ci: bump orbs ### Continuous Integration -- Bump orbs ([66673ef](https://github.com/ory/oathkeeper/commit/66673ef760a7e812556721fd7397c69966414938)) +- Bump orbs + ([66673ef](https://github.com/ory/oathkeeper/commit/66673ef760a7e812556721fd7397c69966414938)) # [0.38.18-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.15-beta.1...v0.38.18-beta.1) (2022-02-03) -This release adds CVE scanners for Docker Images and updates several dependencies to resolve CVE issues. +This release adds CVE scanners for Docker Images and updates several +dependencies to resolve CVE issues. -Additionally, support for various tracers has been added, patches to caching and JWT audiences have been made, and more -configuration options have been added for various rules. +Additionally, support for various tracers has been added, patches to caching and +JWT audiences have been made, and more configuration options have been added for +various rules. ### Bug Fixes -- Add config schema for tracing for jaeger ([#830](https://github.com/ory/oathkeeper/issues/830)) +- Add config schema for tracing for jaeger + ([#830](https://github.com/ory/oathkeeper/issues/830)) ([59871fc](https://github.com/ory/oathkeeper/commit/59871fca6984d221051e837eb768894c4c48ee27)) -- Add hiring notice to README ([#884](https://github.com/ory/oathkeeper/issues/884)) +- Add hiring notice to README + ([#884](https://github.com/ory/oathkeeper/issues/884)) ([9dea379](https://github.com/ory/oathkeeper/commit/9dea379a12abed4ceb84067d054d28032a50c783)) -- Add ory cli ([df8a19b](https://github.com/ory/oathkeeper/commit/df8a19bd9adad664beddb017073c77a9e82b37af)) -- Allow forwarding query parameters to the session store ([#817](https://github.com/ory/oathkeeper/issues/817)) - ([9375f92](https://github.com/ory/oathkeeper/commit/9375f92b5d647c8417389158bf66e060b4ab8ad6)), closes - [#786](https://github.com/ory/oathkeeper/issues/786) [#786](https://github.com/ory/oathkeeper/issues/786) -- Building docker image for docker-compose ([#889](https://github.com/ory/oathkeeper/issues/889)) +- Add ory cli + ([df8a19b](https://github.com/ory/oathkeeper/commit/df8a19bd9adad664beddb017073c77a9e82b37af)) +- Allow forwarding query parameters to the session store + ([#817](https://github.com/ory/oathkeeper/issues/817)) + ([9375f92](https://github.com/ory/oathkeeper/commit/9375f92b5d647c8417389158bf66e060b4ab8ad6)), + closes [#786](https://github.com/ory/oathkeeper/issues/786) + [#786](https://github.com/ory/oathkeeper/issues/786) +- Building docker image for docker-compose + ([#889](https://github.com/ory/oathkeeper/issues/889)) ([adf0d1b](https://github.com/ory/oathkeeper/commit/adf0d1baaf466cafdc72cba3818867545a91e0b1)) -- Remote_json default configuration ([#880](https://github.com/ory/oathkeeper/issues/880)) - ([18788d1](https://github.com/ory/oathkeeper/commit/18788d1393c041c97d89812366f899ed359c67cf)), closes - [#797](https://github.com/ory/oathkeeper/issues/797) -- Use NYT capitalistaion for all Swagger headlines ([#859](https://github.com/ory/oathkeeper/issues/859)) - ([8c2da46](https://github.com/ory/oathkeeper/commit/8c2da466edb0e72a4bcb4c854bf80b6a98e3ac7a)), closes - [#503](https://github.com/ory/oathkeeper/issues/503): +- Remote_json default configuration + ([#880](https://github.com/ory/oathkeeper/issues/880)) + ([18788d1](https://github.com/ory/oathkeeper/commit/18788d1393c041c97d89812366f899ed359c67cf)), + closes [#797](https://github.com/ory/oathkeeper/issues/797) +- Use NYT capitalistaion for all Swagger headlines + ([#859](https://github.com/ory/oathkeeper/issues/859)) + ([8c2da46](https://github.com/ory/oathkeeper/commit/8c2da466edb0e72a4bcb4c854bf80b6a98e3ac7a)), + closes [#503](https://github.com/ory/oathkeeper/issues/503): Capitalised all the Swagger headlines for files found in /api. @@ -495,49 +536,64 @@ configuration options have been added for various rules. - Update authz.md ([#879](https://github.com/ory/oathkeeper/issues/879)) ([b6b5824](https://github.com/ory/oathkeeper/commit/b6b58249aec358d903bee18acc23836fe77b3860)) -- Use correct casing ([58b1d43](https://github.com/ory/oathkeeper/commit/58b1d43dd99ebceea22980d5debefdbcc0a4f3c7)), closes - [#900](https://github.com/ory/oathkeeper/issues/900) -- Warn that gzip is unsupported ([#835](https://github.com/ory/oathkeeper/issues/835)) +- Use correct casing + ([58b1d43](https://github.com/ory/oathkeeper/commit/58b1d43dd99ebceea22980d5debefdbcc0a4f3c7)), + closes [#900](https://github.com/ory/oathkeeper/issues/900) +- Warn that gzip is unsupported + ([#835](https://github.com/ory/oathkeeper/issues/835)) ([78e612e](https://github.com/ory/oathkeeper/commit/78e612eeeba20c3ce1f5ff32c8dde0a9b6534eb7)): - Note to users that gzip responses are as of now unsupported for Cookie and Bearer authenticators. The result is that the - `subject` and `extra` will not be filled in, and will fail silently. + Note to users that gzip responses are as of now unsupported for Cookie and + Bearer authenticators. The result is that the `subject` and `extra` will not + be filled in, and will fail silently. ### Features -- Add retry and timeout support in authorizers ([#883](https://github.com/ory/oathkeeper/issues/883)) +- Add retry and timeout support in authorizers + ([#883](https://github.com/ory/oathkeeper/issues/883)) ([ec926b0](https://github.com/ory/oathkeeper/commit/ec926b09908e51fe6f4819e281beaf639a22eb69)): Adds the ability to define HTTP timeouts for authorizers. -- Add support for X-Forwarded-Proto header ([#665](https://github.com/ory/oathkeeper/issues/665)) - ([a8c9354](https://github.com/ory/oathkeeper/commit/a8c9354acd64b097492c9dae9df092fecb1b310e)), closes - [#153](https://github.com/ory/oathkeeper/issues/153) -- Allow both string and []string in aud field ([#822](https://github.com/ory/oathkeeper/issues/822)) - ([1897f31](https://github.com/ory/oathkeeper/commit/1897f318c522ce3d5698e5cca234ab170bf10596)), closes - [#491](https://github.com/ory/oathkeeper/issues/491) [#601](https://github.com/ory/oathkeeper/issues/601) - [#792](https://github.com/ory/oathkeeper/issues/792) [#810](https://github.com/ory/oathkeeper/issues/810) +- Add support for X-Forwarded-Proto header + ([#665](https://github.com/ory/oathkeeper/issues/665)) + ([a8c9354](https://github.com/ory/oathkeeper/commit/a8c9354acd64b097492c9dae9df092fecb1b310e)), + closes [#153](https://github.com/ory/oathkeeper/issues/153) +- Allow both string and []string in aud field + ([#822](https://github.com/ory/oathkeeper/issues/822)) + ([1897f31](https://github.com/ory/oathkeeper/commit/1897f318c522ce3d5698e5cca234ab170bf10596)), + closes [#491](https://github.com/ory/oathkeeper/issues/491) + [#601](https://github.com/ory/oathkeeper/issues/601) + [#792](https://github.com/ory/oathkeeper/issues/792) + [#810](https://github.com/ory/oathkeeper/issues/810) - Introduce cve scanning ([#839](https://github.com/ory/oathkeeper/issues/839)) ([1432e2c](https://github.com/ory/oathkeeper/commit/1432e2cbbd53d86133307d23ec5b85dc032e00fd)) -- **jwt:** Replace jwt module ([#818](https://github.com/ory/oathkeeper/issues/818)) +- **jwt:** Replace jwt module + ([#818](https://github.com/ory/oathkeeper/issues/818)) ([301b673](https://github.com/ory/oathkeeper/commit/301b673483b7af59dd0f38148edd12da22c67a6c)) -- Store oauth2 introspection result as bytes in cache ([#811](https://github.com/ory/oathkeeper/issues/811)) +- Store oauth2 introspection result as bytes in cache + ([#811](https://github.com/ory/oathkeeper/issues/811)) ([5645605](https://github.com/ory/oathkeeper/commit/56456056909d19c04353347e9543e9dce73edfca)) - Support Zipkin tracer ([#832](https://github.com/ory/oathkeeper/issues/832)) ([2f2552d](https://github.com/ory/oathkeeper/commit/2f2552dc2769673c0f397dfec6022eb9395476ee)) ### Tests -- Echo output in run.sh ([871b3c6](https://github.com/ory/oathkeeper/commit/871b3c65344d5e9bcdb74fde264329a8e0bf9d7e)) -- Fix typo ([1b21d81](https://github.com/ory/oathkeeper/commit/1b21d8115c15edd5c92e914eb6ab332eb644e66a)) -- Reintroduce -s -o ([792477f](https://github.com/ory/oathkeeper/commit/792477fec81113f0ce4e07a38da80edce8a0cd2f)) -- Verbose curl ([5d86cd3](https://github.com/ory/oathkeeper/commit/5d86cd35353ffdc6e5a21e94d11f06c63979d5a6)) +- Echo output in run.sh + ([871b3c6](https://github.com/ory/oathkeeper/commit/871b3c65344d5e9bcdb74fde264329a8e0bf9d7e)) +- Fix typo + ([1b21d81](https://github.com/ory/oathkeeper/commit/1b21d8115c15edd5c92e914eb6ab332eb644e66a)) +- Reintroduce -s -o + ([792477f](https://github.com/ory/oathkeeper/commit/792477fec81113f0ce4e07a38da80edce8a0cd2f)) +- Verbose curl + ([5d86cd3](https://github.com/ory/oathkeeper/commit/5d86cd35353ffdc6e5a21e94d11f06c63979d5a6)) ### Unclassified -- docs: declare s3, gs, and azblob access rule repositories in config schema (#829) - ([e2433f6](https://github.com/ory/oathkeeper/commit/e2433f6318eb77cf4e870d26f90a0d44a8f93d2e)), closes - [#829](https://github.com/ory/oathkeeper/issues/829) +- docs: declare s3, gs, and azblob access rule repositories in config schema + (#829) + ([e2433f6](https://github.com/ory/oathkeeper/commit/e2433f6318eb77cf4e870d26f90a0d44a8f93d2e)), + closes [#829](https://github.com/ory/oathkeeper/issues/829) # [0.38.15-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.14-beta.1...v0.38.15-beta.1) (2021-08-28) @@ -545,7 +601,8 @@ This release primarily resolves issues with the SDK publishing pipeline. ### Bug Fixes -- Do not modify original headers ([1f6c430](https://github.com/ory/oathkeeper/commit/1f6c4306c3ec0e860b6606e06133c1f2a796c8e1)) +- Do not modify original headers + ([1f6c430](https://github.com/ory/oathkeeper/commit/1f6c4306c3ec0e860b6606e06133c1f2a796c8e1)) ### Code Generation @@ -554,7 +611,8 @@ This release primarily resolves issues with the SDK publishing pipeline. ### Documentation -- Naming ([57a9aa4](https://github.com/ory/oathkeeper/commit/57a9aa4e36ade51a34d00293b210bf68f78b703d)) +- Naming + ([57a9aa4](https://github.com/ory/oathkeeper/commit/57a9aa4e36ade51a34d00293b210bf68f78b703d)) ### Features @@ -565,11 +623,13 @@ This release primarily resolves issues with the SDK publishing pipeline. # [0.38.14-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.12-beta.1...v0.38.14-beta.1) (2021-07-14) -Ory Oathkeeper v0.38.14-beta.1 addresses a vunlerability in jwt-go by bumping the dependency to v3.2.4. +Ory Oathkeeper v0.38.14-beta.1 addresses a vunlerability in jwt-go by bumping +the dependency to v3.2.4. ### Bug Fixes -- Update docs deps ([3d50ab4](https://github.com/ory/oathkeeper/commit/3d50ab4cbf84757e693c6e43905c2ab43c5e1afa)) +- Update docs deps + ([3d50ab4](https://github.com/ory/oathkeeper/commit/3d50ab4cbf84757e693c6e43905c2ab43c5e1afa)) ### Code Generation @@ -578,7 +638,8 @@ Ory Oathkeeper v0.38.14-beta.1 addresses a vunlerability in jwt-go by bumping th ### Documentation -- Fix erroneous sidebar commit ([6e3e1a2](https://github.com/ory/oathkeeper/commit/6e3e1a206371a9ee8dd4712944206a05474ee5a3)) +- Fix erroneous sidebar commit + ([6e3e1a2](https://github.com/ory/oathkeeper/commit/6e3e1a206371a9ee8dd4712944206a05474ee5a3)) ### Features @@ -587,7 +648,8 @@ Ory Oathkeeper v0.38.14-beta.1 addresses a vunlerability in jwt-go by bumping th ### Reverts -- Fix goreleaser/render-version-schema step ([#789](https://github.com/ory/oathkeeper/issues/789)) +- Fix goreleaser/render-version-schema step + ([#789](https://github.com/ory/oathkeeper/issues/789)) ([#790](https://github.com/ory/oathkeeper/issues/790)) ([d33e3e1](https://github.com/ory/oathkeeper/commit/d33e3e17d2774c1018ffed3538d190fc132b262b)): @@ -595,25 +657,31 @@ Ory Oathkeeper v0.38.14-beta.1 addresses a vunlerability in jwt-go by bumping th # [0.38.12-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.11-beta.1...v0.38.12-beta.1) (2021-06-22) -This patch includes an **important patch for a security vulnerability** impacting the `oauth2_introspection` authenticator when -caching is enabled. For more information please read the +This patch includes an **important patch for a security vulnerability** +impacting the `oauth2_introspection` authenticator when caching is enabled. For +more information please read the [Security Advisory](https://github.com/ory/oathkeeper/security/advisories/GHSA-qvp4-rpmr-xwrr). We strongly recommend upgrading to this version! -Apart from this fix some improvements have been added to reduce latencies when fetching JSON Web Keys and during -`oauth2_introspection` pre-auth. Go templates can now access the incoming request headers. +Apart from this fix some improvements have been added to reduce latencies when +fetching JSON Web Keys and during `oauth2_introspection` pre-auth. Go templates +can now access the incoming request headers. ### Bug Fixes -- Add docs/node_modules target ([52f1c7b](https://github.com/ory/oathkeeper/commit/52f1c7b08fc9556a645a58a21a5109da2169129b)) -- Cache introspection pre-auth ([#723](https://github.com/ory/oathkeeper/issues/723)) - ([3a9ae1a](https://github.com/ory/oathkeeper/commit/3a9ae1a43a6f157bb7998d2e4ee5b76851c68ec1)), closes - [#712](https://github.com/ory/oathkeeper/issues/712) -- Ensure no vulnerable jwt-go deep dependency is being used ([#745](https://github.com/ory/oathkeeper/issues/745)) - ([2ccbb2f](https://github.com/ory/oathkeeper/commit/2ccbb2f2607af39301a6d129c9552a5682cf96fc)), closes - [#740](https://github.com/ory/oathkeeper/issues/740) -- Makefile and sdk issues ([598d48c](https://github.com/ory/oathkeeper/commit/598d48ce6e3c9a4710579825c7004ce1376ec3ce)) +- Add docs/node_modules target + ([52f1c7b](https://github.com/ory/oathkeeper/commit/52f1c7b08fc9556a645a58a21a5109da2169129b)) +- Cache introspection pre-auth + ([#723](https://github.com/ory/oathkeeper/issues/723)) + ([3a9ae1a](https://github.com/ory/oathkeeper/commit/3a9ae1a43a6f157bb7998d2e4ee5b76851c68ec1)), + closes [#712](https://github.com/ory/oathkeeper/issues/712) +- Ensure no vulnerable jwt-go deep dependency is being used + ([#745](https://github.com/ory/oathkeeper/issues/745)) + ([2ccbb2f](https://github.com/ory/oathkeeper/commit/2ccbb2f2607af39301a6d129c9552a5682cf96fc)), + closes [#740](https://github.com/ory/oathkeeper/issues/740) +- Makefile and sdk issues + ([598d48c](https://github.com/ory/oathkeeper/commit/598d48ce6e3c9a4710579825c7004ce1376ec3ce)) ### Code Generation @@ -622,38 +690,46 @@ Apart from this fix some improvements have been added to reduce latencies when f ### Features -- Ability to Configure Remote Authorizers to set Headers in AuthenticationSession - ([#717](https://github.com/ory/oathkeeper/issues/717)) +- Ability to Configure Remote Authorizers to set Headers in + AuthenticationSession ([#717](https://github.com/ory/oathkeeper/issues/717)) ([b3d117b](https://github.com/ory/oathkeeper/commit/b3d117b5d7de02cc1e3ab965328cf6c7995f8a6e)): - The remote authorizers may have useful context from user's permissions. So with this changes, custom authorizers using remote - and remote_json can return some useful headers to be forward into the AuthenticationSession, meaning that these headers will be - passed to upstream services. + The remote authorizers may have useful context from user's permissions. So + with this changes, custom authorizers using remote and remote_json can return + some useful headers to be forward into the AuthenticationSession, meaning that + these headers will be passed to upstream services. - For example, an user containing scopes/branches inside an organization profile has some level of data addressed to him. In this - case, the upstream service need to know that, and "filter" the data according to his "branch_id". The permission that is given - to the user (and the remote authorizers manages) has a record of the "branch_id", for the following responses will be returned - as status code 200 (if granted) and containing a header like X-Branch-Id. + For example, an user containing scopes/branches inside an organization profile + has some level of data addressed to him. In this case, the upstream service + need to know that, and "filter" the data according to his "branch_id". The + permission that is given to the user (and the remote authorizers manages) has + a record of the "branch_id", for the following responses will be returned as + status code 200 (if granted) and containing a header like X-Branch-Id. The upstream service receives the X-Branch-Id and does your thing. - The configuration requires to configure a list of "allowed headers" returning from remote authorizer, that will be accepted in - the pipeline. + The configuration requires to configure a list of "allowed headers" returning + from remote authorizer, that will be accepted in the pipeline. -- Add request header in match context ([#719](https://github.com/ory/oathkeeper/issues/719)) - ([22b0dbe](https://github.com/ory/oathkeeper/commit/22b0dbe6495b9f57206dc8fb2335e1c81906e27d)), closes - [#512](https://github.com/ory/oathkeeper/issues/512) -- Improved JWT Authorizer JWKs fetching ([#726](https://github.com/ory/oathkeeper/issues/726)) - ([5613f65](https://github.com/ory/oathkeeper/commit/5613f650facbb136d6dd7ad7dcf3057f54cb30fc)), closes - [#203](https://github.com/ory/oathkeeper/issues/203) +- Add request header in match context + ([#719](https://github.com/ory/oathkeeper/issues/719)) + ([22b0dbe](https://github.com/ory/oathkeeper/commit/22b0dbe6495b9f57206dc8fb2335e1c81906e27d)), + closes [#512](https://github.com/ory/oathkeeper/issues/512) +- Improved JWT Authorizer JWKs fetching + ([#726](https://github.com/ory/oathkeeper/issues/726)) + ([5613f65](https://github.com/ory/oathkeeper/commit/5613f650facbb136d6dd7ad7dcf3057f54cb30fc)), + closes [#203](https://github.com/ory/oathkeeper/issues/203) ### Tests -- Add improved preauth tests ([#758](https://github.com/ory/oathkeeper/issues/758)) +- Add improved preauth tests + ([#758](https://github.com/ory/oathkeeper/issues/758)) ([83c5349](https://github.com/ory/oathkeeper/commit/83c534980c9ffd770ea75b67f77f153ca9c4313f)) -- Resolve waiting forever regression ([#755](https://github.com/ory/oathkeeper/issues/755)) +- Resolve waiting forever regression + ([#755](https://github.com/ory/oathkeeper/issues/755)) ([c444d46](https://github.com/ory/oathkeeper/commit/c444d46e67d70d2aed8da5bac54faf728f8ede67)) -- Resolve windows build failures ([#754](https://github.com/ory/oathkeeper/issues/754)) +- Resolve windows build failures + ([#754](https://github.com/ory/oathkeeper/issues/754)) ([e4e2263](https://github.com/ory/oathkeeper/commit/e4e2263c7b97e47506919e29442efb395eaba99d)) ### Unclassified @@ -661,9 +737,11 @@ Apart from this fix some improvements have been added to reduce latencies when f - Merge pull request from GHSA-qvp4-rpmr-xwrr ([1f9f625](https://github.com/ory/oathkeeper/commit/1f9f625c1a49e134ae2299ee95b8cf158feec932)): - This patch addresses a security vulnerability which would bypass token claim validation once a token is in the cache. + This patch addresses a security vulnerability which would bypass token claim + validation once a token is in the cache. - For more information please refer to https://github.com/ory/oathkeeper/security/advisories/GHSA-qvp4-rpmr-xwrr + For more information please refer to + https://github.com/ory/oathkeeper/security/advisories/GHSA-qvp4-rpmr-xwrr # [0.38.11-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.10-beta.2...v0.38.11-beta.1) (2021-05-13) @@ -671,12 +749,14 @@ This release primarily addresses issues in the SDK build pipeline. ### Bug Fixes -- Init introspect http client once ([#714](https://github.com/ory/oathkeeper/issues/714)) - ([e203ad1](https://github.com/ory/oathkeeper/commit/e203ad14ac0e78909e7d42aa214c47a708a7c136)), closes - [#712](https://github.com/ory/oathkeeper/issues/712) -- Log credentials verifier error details ([#713](https://github.com/ory/oathkeeper/issues/713)) - ([766b071](https://github.com/ory/oathkeeper/commit/766b0714dc8aaff010a99b182a6450f21d1795f5)), closes - [#467](https://github.com/ory/oathkeeper/issues/467) +- Init introspect http client once + ([#714](https://github.com/ory/oathkeeper/issues/714)) + ([e203ad1](https://github.com/ory/oathkeeper/commit/e203ad14ac0e78909e7d42aa214c47a708a7c136)), + closes [#712](https://github.com/ory/oathkeeper/issues/712) +- Log credentials verifier error details + ([#713](https://github.com/ory/oathkeeper/issues/713)) + ([766b071](https://github.com/ory/oathkeeper/commit/766b0714dc8aaff010a99b182a6450f21d1795f5)), + closes [#467](https://github.com/ory/oathkeeper/issues/467) ### Code Generation @@ -685,7 +765,8 @@ This release primarily addresses issues in the SDK build pipeline. ### Reverts -- Init introspect http client once ([#714](https://github.com/ory/oathkeeper/issues/714)) +- Init introspect http client once + ([#714](https://github.com/ory/oathkeeper/issues/714)) ([#722](https://github.com/ory/oathkeeper/issues/722)) ([c58cbd9](https://github.com/ory/oathkeeper/commit/c58cbd9341e58adfdf49fd1e9c0241528917c86c)): @@ -693,17 +774,20 @@ This release primarily addresses issues in the SDK build pipeline. # [0.38.10-beta.2](https://github.com/ory/oathkeeper/compare/v0.38.9-beta.1...v0.38.10-beta.2) (2021-05-05) -This release improves the health status manager, cache management, improves JSON Web Token debuggability, and resolves other -issues. +This release improves the health status manager, cache management, improves JSON +Web Token debuggability, and resolves other issues. ### Bug Fixes -- Register makefile tasks ([2832a77](https://github.com/ory/oathkeeper/commit/2832a773782047f39680033860c2a8e9558883c0)) -- Resolve makefile issues ([9df3b2a](https://github.com/ory/oathkeeper/commit/9df3b2a7bd4a207bc68e94fde28a720eb7a816b1)) -- Set cost 1 when caching tokens with configurable max cost ([#680](https://github.com/ory/oathkeeper/issues/680)) +- Register makefile tasks + ([2832a77](https://github.com/ory/oathkeeper/commit/2832a773782047f39680033860c2a8e9558883c0)) +- Resolve makefile issues + ([9df3b2a](https://github.com/ory/oathkeeper/commit/9df3b2a7bd4a207bc68e94fde28a720eb7a816b1)) +- Set cost 1 when caching tokens with configurable max cost + ([#680](https://github.com/ory/oathkeeper/issues/680)) ([8db0e9d](https://github.com/ory/oathkeeper/commit/8db0e9de60dbc5d1964440bd2ea14ec063b71cab)) -- Update shebangs to use bash from /usr/bin/env instead of /bin/ for better portability - ([#694](https://github.com/ory/oathkeeper/issues/694)) +- Update shebangs to use bash from /usr/bin/env instead of /bin/ for better + portability ([#694](https://github.com/ory/oathkeeper/issues/694)) ([e522062](https://github.com/ory/oathkeeper/commit/e52206214e5e6b949b785752ee638a80b4775355)) ### Code Generation @@ -713,7 +797,8 @@ issues. ### Code Refactoring -- Move api.json ([7dc37fd](https://github.com/ory/oathkeeper/commit/7dc37fd55edfa623bf30e32da1aef6c662779678)) +- Move api.json + ([7dc37fd](https://github.com/ory/oathkeeper/commit/7dc37fd55edfa623bf30e32da1aef6c662779678)) ### Documentation @@ -724,49 +809,61 @@ issues. - docs: add dotnet sdk versioned -- Change forum to discussions readme ([#690](https://github.com/ory/oathkeeper/issues/690)) +- Change forum to discussions readme + ([#690](https://github.com/ory/oathkeeper/issues/690)) ([d942c04](https://github.com/ory/oathkeeper/commit/d942c043aa2370b87e0dd822440ad39d809755f9)) -- Consistent authz headers ([#699](https://github.com/ory/oathkeeper/issues/699)) +- Consistent authz headers + ([#699](https://github.com/ory/oathkeeper/issues/699)) ([19948e1](https://github.com/ory/oathkeeper/commit/19948e11933f3607a562bcff75e2061b8cb2a527)): - Removes the "Authorizer" prefix from a few of the authorizers to make them all consistent. + Removes the "Authorizer" prefix from a few of the authorizers to make them all + consistent. - Fix typo ([#696](https://github.com/ory/oathkeeper/issues/696)) ([eda83f1](https://github.com/ory/oathkeeper/commit/eda83f12a58de80ae78aa86e90806f277e8dc1f5)) - Point to deny authz ([#701](https://github.com/ory/oathkeeper/issues/701)) - ([4f01963](https://github.com/ory/oathkeeper/commit/4f01963b33ab0484da69c9f120c69ae9b49c6fdc)), closes - [#700](https://github.com/ory/oathkeeper/issues/700) + ([4f01963](https://github.com/ory/oathkeeper/commit/4f01963b33ab0484da69c9f120c69ae9b49c6fdc)), + closes [#700](https://github.com/ory/oathkeeper/issues/700) ### Features -- Add health event manager and rules readiness probe ([#674](https://github.com/ory/oathkeeper/issues/674)) +- Add health event manager and rules readiness probe + ([#674](https://github.com/ory/oathkeeper/issues/674)) ([01d8588](https://github.com/ory/oathkeeper/commit/01d8588d300976e06ef6358e23099259814e3bf7)) -- Add http method into session.MatchContext ([#676](https://github.com/ory/oathkeeper/issues/676)) - ([e15a7a5](https://github.com/ory/oathkeeper/commit/e15a7a57846d1c28f7b7ed7b824e6fc318f9344d)), closes - [#625](https://github.com/ory/oathkeeper/issues/625) -- Add support for requesting an audience to the OAuth2 Introspection pr… ([#678](https://github.com/ory/oathkeeper/issues/678)) - ([2405810](https://github.com/ory/oathkeeper/commit/2405810a839b9d3015655ced492097d0f130a06f)), closes - [#677](https://github.com/ory/oathkeeper/issues/677) -- Additional JWT auth debug information ([#681](https://github.com/ory/oathkeeper/issues/681)) - ([d08ab50](https://github.com/ory/oathkeeper/commit/d08ab5034b80736701fb38ee1e55d12c63fd06b2)), closes - [#668](https://github.com/ory/oathkeeper/issues/668): +- Add http method into session.MatchContext + ([#676](https://github.com/ory/oathkeeper/issues/676)) + ([e15a7a5](https://github.com/ory/oathkeeper/commit/e15a7a57846d1c28f7b7ed7b824e6fc318f9344d)), + closes [#625](https://github.com/ory/oathkeeper/issues/625) +- Add support for requesting an audience to the OAuth2 Introspection pr… + ([#678](https://github.com/ory/oathkeeper/issues/678)) + ([2405810](https://github.com/ory/oathkeeper/commit/2405810a839b9d3015655ced492097d0f130a06f)), + closes [#677](https://github.com/ory/oathkeeper/issues/677) +- Additional JWT auth debug information + ([#681](https://github.com/ory/oathkeeper/issues/681)) + ([d08ab50](https://github.com/ory/oathkeeper/commit/d08ab5034b80736701fb38ee1e55d12c63fd06b2)), + closes [#668](https://github.com/ory/oathkeeper/issues/668): JWT Claims added to error details field. -- Adds audience into Extra at oAuth2 introspection ([#480](https://github.com/ory/oathkeeper/issues/480)) +- Adds audience into Extra at oAuth2 introspection + ([#480](https://github.com/ory/oathkeeper/issues/480)) ([c9faecc](https://github.com/ory/oathkeeper/commit/c9faecc5d32800537f07e8e05f9c8872e609c3f9)) -- Global docs sidebar and added cloud pages ([#705](https://github.com/ory/oathkeeper/issues/705)) +- Global docs sidebar and added cloud pages + ([#705](https://github.com/ory/oathkeeper/issues/705)) ([f67241f](https://github.com/ory/oathkeeper/commit/f67241f2ab7063fa9ce8e8ea455de25b51414f30)) # [0.38.9-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.9-beta.1.pre.3...v0.38.9-beta.1) (2021-03-17) -This release adds support for X-Forwarded-Proto, passes tracing contexts to downstream requests, bumps Go to 1.16, and resolves -issues preventing the log level from being set to trace level. Additionally included are improvements to the overall tracing set -up, a cookie authenticator bugfix, and a bugfix for glob pattern matching. +This release adds support for X-Forwarded-Proto, passes tracing contexts to +downstream requests, bumps Go to 1.16, and resolves issues preventing the log +level from being set to trace level. Additionally included are improvements to +the overall tracing set up, a cookie authenticator bugfix, and a bugfix for glob +pattern matching. ### Code Generation -- Pin v0.38.9-beta.1 release commit ([9ad41f0](https://github.com/ory/oathkeeper/commit/9ad41f02c4e6c140afa702743b5880f7fbab5df5)) +- Pin v0.38.9-beta.1 release commit + ([9ad41f0](https://github.com/ory/oathkeeper/commit/9ad41f02c4e6c140afa702743b5880f7fbab5df5)) # [0.38.9-beta.1.pre.3](https://github.com/ory/oathkeeper/compare/v0.38.9-beta.1.pre.2...v0.38.9-beta.1.pre.3) (2021-03-16) @@ -774,12 +871,13 @@ autogen: pin v0.38.9-beta.1.pre.3 release commit ### Bug Fixes -- Make glob patterns match only one path segment. ([#664](https://github.com/ory/oathkeeper/issues/664)) - ([c711aac](https://github.com/ory/oathkeeper/commit/c711aacc5fc29664e3825e087557e7baf4e47aa8)), closes - [#630](https://github.com/ory/oathkeeper/issues/630): +- Make glob patterns match only one path segment. + ([#664](https://github.com/ory/oathkeeper/issues/664)) + ([c711aac](https://github.com/ory/oathkeeper/commit/c711aacc5fc29664e3825e087557e7baf4e47aa8)), + closes [#630](https://github.com/ory/oathkeeper/issues/630): - This makes `/` also a separator as well as the presumably default value of `.`. This allows using <\*> for matching only one - path segment. + This makes `/` also a separator as well as the presumably default value of + `.`. This allows using <\*> for matching only one path segment. ### Code Generation @@ -811,9 +909,10 @@ autogen: pin v0.38.9-beta.1.pre.1 release commit ### Unclassified -- Add missing documentation for oauth2_introspection ([#648](https://github.com/ory/oathkeeper/issues/648)) - ([34cf38c](https://github.com/ory/oathkeeper/commit/34cf38c0fe431eb375fab4dbfa9cb9098961943d)), closes - [#549](https://github.com/ory/oathkeeper/issues/549) +- Add missing documentation for oauth2_introspection + ([#648](https://github.com/ory/oathkeeper/issues/648)) + ([34cf38c](https://github.com/ory/oathkeeper/commit/34cf38c0fe431eb375fab4dbfa9cb9098961943d)), + closes [#549](https://github.com/ory/oathkeeper/issues/549) # [0.38.8-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.7-beta.1...v0.38.8-beta.1) (2021-02-25) @@ -826,128 +925,164 @@ Improves tracing set up and addresses a bug in the cookie authenticator. ### Code Generation -- Pin v0.38.8-beta.1 release commit ([2943e9a](https://github.com/ory/oathkeeper/commit/2943e9af887a78191a50426ed069604615ca58e2)) +- Pin v0.38.8-beta.1 release commit + ([2943e9a](https://github.com/ory/oathkeeper/commit/2943e9af887a78191a50426ed069604615ca58e2)) ### Unclassified -- Formatting ([546691b](https://github.com/ory/oathkeeper/commit/546691b61f78361eff33b1c2a3c3435fecaf499f)) +- Formatting + ([546691b](https://github.com/ory/oathkeeper/commit/546691b61f78361eff33b1c2a3c3435fecaf499f)) - Add tracing to outbound oauth introspection requests ([daf44cb](https://github.com/ory/oathkeeper/commit/daf44cb22961817f6d9aaddd4ffce64bcee50d70)) # [0.38.7-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.6-beta.1...v0.38.7-beta.1) (2021-02-22) -This release adds support for X-Forwarded-Proto, passes context for tracing to downstream requests, bumps Go to 1.16 and resolves -issues preventing the log level from being set to trace level. +This release adds support for X-Forwarded-Proto, passes context for tracing to +downstream requests, bumps Go to 1.16 and resolves issues preventing the log +level from being set to trace level. ### Bug Fixes - Accept lower and uppercase in bearer token handler ([6e46d4a](https://github.com/ory/oathkeeper/commit/6e46d4a3831ae86beb9b8a5850faf20cb5a759e2)) -- Add support for X-Forwarded-Proto header ([#638](https://github.com/ory/oathkeeper/issues/638)) - ([6eb83fd](https://github.com/ory/oathkeeper/commit/6eb83fd03ed46c388dfe4aaeeaa7c331c9d3685d)), closes - [#153](https://github.com/ory/oathkeeper/issues/153) -- Pass context through to external requests ([#627](https://github.com/ory/oathkeeper/issues/627)) +- Add support for X-Forwarded-Proto header + ([#638](https://github.com/ory/oathkeeper/issues/638)) + ([6eb83fd](https://github.com/ory/oathkeeper/commit/6eb83fd03ed46c388dfe4aaeeaa7c331c9d3685d)), + closes [#153](https://github.com/ory/oathkeeper/issues/153) +- Pass context through to external requests + ([#627](https://github.com/ory/oathkeeper/issues/627)) ([ee25197](https://github.com/ory/oathkeeper/commit/ee251976537ade1e06399a3d5b2883620e3407eb)): Enables proper tracing through Jaeger etc -- Update goreleaser config ([9689f45](https://github.com/ory/oathkeeper/commit/9689f45db1ec0a974a109a6b28314cddaba2b2de)) -- Update log schema ([78e654d](https://github.com/ory/oathkeeper/commit/78e654df3b81d3ab3f8f946033ee5f1fe45afded)) +- Update goreleaser config + ([9689f45](https://github.com/ory/oathkeeper/commit/9689f45db1ec0a974a109a6b28314cddaba2b2de)) +- Update log schema + ([78e654d](https://github.com/ory/oathkeeper/commit/78e654df3b81d3ab3f8f946033ee5f1fe45afded)) ### Code Generation -- Pin v0.38.7-beta.1 release commit ([3b37928](https://github.com/ory/oathkeeper/commit/3b37928256363ceff294897fd05461d01829314c)) +- Pin v0.38.7-beta.1 release commit + ([3b37928](https://github.com/ory/oathkeeper/commit/3b37928256363ceff294897fd05461d01829314c)) ### Features -- Bump to go 1.16 ([e74d4a2](https://github.com/ory/oathkeeper/commit/e74d4a21efeac7aa7b6c7ae8e39daab17ef4f470)) -- Resolve go mod issues ([6a3f5d3](https://github.com/ory/oathkeeper/commit/6a3f5d39c2326a49c694624ff2d35b8e3beccc2e)) +- Bump to go 1.16 + ([e74d4a2](https://github.com/ory/oathkeeper/commit/e74d4a21efeac7aa7b6c7ae8e39daab17ef4f470)) +- Resolve go mod issues + ([6a3f5d3](https://github.com/ory/oathkeeper/commit/6a3f5d39c2326a49c694624ff2d35b8e3beccc2e)) # [0.38.6-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.5-beta.1...v0.38.6-beta.1) (2021-01-27) -We are happy to announce Dart and Rust SDKs for Ory Oathkeeper! Additionally, a new `bearer_token` authenticator has been added. +We are happy to announce Dart and Rust SDKs for Ory Oathkeeper! Additionally, a +new `bearer_token` authenticator has been added. ### Code Generation -- Pin v0.38.6-beta.1 release commit ([a0c4d7f](https://github.com/ory/oathkeeper/commit/a0c4d7fc46151000b4ae9db5a958b94611c9cd58)) +- Pin v0.38.6-beta.1 release commit + ([a0c4d7f](https://github.com/ory/oathkeeper/commit/a0c4d7fc46151000b4ae9db5a958b94611c9cd58)) ### Documentation -- Add Rust and Dart SDKs ([1524fed](https://github.com/ory/oathkeeper/commit/1524fed70b4b5c8d3ca8d23e5ab46bc32f073d53)): +- Add Rust and Dart SDKs + ([1524fed](https://github.com/ory/oathkeeper/commit/1524fed70b4b5c8d3ca8d23e5ab46bc32f073d53)): We now support for Rust and Dart SDKs! - Fix js npm links ([#634](https://github.com/ory/oathkeeper/issues/634)) ([c339fee](https://github.com/ory/oathkeeper/commit/c339fee771877dbc3e362d4656af53fe492cd58e)) -- Rename index documents ([7de0ac3](https://github.com/ory/oathkeeper/commit/7de0ac34f572d6da56cac482eda364514500a866)) +- Rename index documents + ([7de0ac3](https://github.com/ory/oathkeeper/commit/7de0ac34f572d6da56cac482eda364514500a866)) ### Features -- Add bearer_token authenticator ([#613](https://github.com/ory/oathkeeper/issues/613)) +- Add bearer_token authenticator + ([#613](https://github.com/ory/oathkeeper/issues/613)) ([b623ae7](https://github.com/ory/oathkeeper/commit/b623ae7f68aac948f8e584fb9254e43a7272adf6)): - Adds a new authenticator to work with Kratos' new API token. Works the same as the cookie_session authenticator but checks for a - bearer token in the Authorization header (unless overwritten by token_from) + Adds a new authenticator to work with Kratos' new API token. Works the same as + the cookie_session authenticator but checks for a bearer token in the + Authorization header (unless overwritten by token_from) # [0.38.5-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.4-beta.1...v0.38.5-beta.1) (2020-12-10) -The ORY Community is proud to present you the next iteration of ORY Oathkeeper. In this release, we focused on improving -production stability and resolved several pesky bugs! +The ORY Community is proud to present you the next iteration of ORY Oathkeeper. +In this release, we focused on improving production stability and resolved +several pesky bugs! ### Bug Fixes -- Check content-length header in lowercase ([#530](https://github.com/ory/oathkeeper/issues/530)) +- Check content-length header in lowercase + ([#530](https://github.com/ory/oathkeeper/issues/530)) ([a68fc8a](https://github.com/ory/oathkeeper/commit/a68fc8aa3892311960c4e818fa413caf189b9f8d)): - Issue #422 didn't fix the problem with the requests' Content-Length being copied in the responses because the check was - case-sensitive and unit tests didn't cover it. - -- Never construct id token claim templates in parallel ([#552](https://github.com/ory/oathkeeper/issues/552)) - ([4f504d9](https://github.com/ory/oathkeeper/commit/4f504d9032a5be9ea6f82c723a655a0f9028c45a)), closes - [#551](https://github.com/ory/oathkeeper/issues/551) -- Remove token_type validation from introspection handler ([#556](https://github.com/ory/oathkeeper/issues/556)) - ([b18d90a](https://github.com/ory/oathkeeper/commit/b18d90a94f2016b541164cf30654032628e4bc01)), closes - [#553](https://github.com/ory/oathkeeper/issues/553) -- Support windows file paths ([#557](https://github.com/ory/oathkeeper/issues/557)) - ([6a05682](https://github.com/ory/oathkeeper/commit/6a05682dca21181db9e052300edf14fb40815bd3)), closes - [#514](https://github.com/ory/oathkeeper/issues/514) [#332](https://github.com/ory/oathkeeper/issues/332) -- Update dd-trace to fix build ([2e571fa](https://github.com/ory/oathkeeper/commit/2e571fa98880b62a174dbcfcdde2bb1a339cc7a3)) + Issue #422 didn't fix the problem with the requests' Content-Length being + copied in the responses because the check was case-sensitive and unit tests + didn't cover it. + +- Never construct id token claim templates in parallel + ([#552](https://github.com/ory/oathkeeper/issues/552)) + ([4f504d9](https://github.com/ory/oathkeeper/commit/4f504d9032a5be9ea6f82c723a655a0f9028c45a)), + closes [#551](https://github.com/ory/oathkeeper/issues/551) +- Remove token_type validation from introspection handler + ([#556](https://github.com/ory/oathkeeper/issues/556)) + ([b18d90a](https://github.com/ory/oathkeeper/commit/b18d90a94f2016b541164cf30654032628e4bc01)), + closes [#553](https://github.com/ory/oathkeeper/issues/553) +- Support windows file paths + ([#557](https://github.com/ory/oathkeeper/issues/557)) + ([6a05682](https://github.com/ory/oathkeeper/commit/6a05682dca21181db9e052300edf14fb40815bd3)), + closes [#514](https://github.com/ory/oathkeeper/issues/514) + [#332](https://github.com/ory/oathkeeper/issues/332) +- Update dd-trace to fix build + ([2e571fa](https://github.com/ory/oathkeeper/commit/2e571fa98880b62a174dbcfcdde2bb1a339cc7a3)) ### Code Generation -- Pin v0.38.5-beta.1 release commit ([f4a04da](https://github.com/ory/oathkeeper/commit/f4a04dac17a77a0983bd8461a5db8438232aede4)) +- Pin v0.38.5-beta.1 release commit + ([f4a04da](https://github.com/ory/oathkeeper/commit/f4a04dac17a77a0983bd8461a5db8438232aede4)) ### Documentation -- Add contributing to sidebar ([#595](https://github.com/ory/oathkeeper/issues/595)) +- Add contributing to sidebar + ([#595](https://github.com/ory/oathkeeper/issues/595)) ([a3c9584](https://github.com/ory/oathkeeper/commit/a3c9584e848b3e71b33073c89299bc60c6d0b3ee)): The same change as in https://github.com/ory/hydra/pull/2209 -- Add newsletter to config ([3c02e22](https://github.com/ory/oathkeeper/commit/3c02e22c398b5a573883b6c1cceb05aff15dcbea)) +- Add newsletter to config + ([3c02e22](https://github.com/ory/oathkeeper/commit/3c02e22c398b5a573883b6c1cceb05aff15dcbea)) - Correct sidebar.json ([#524](https://github.com/ory/oathkeeper/issues/524)) ([34e2077](https://github.com/ory/oathkeeper/commit/34e2077e872dcf7b23129623434a8ff0656da9fc)) -- Fix typo ([393af92](https://github.com/ory/oathkeeper/commit/393af92e06f0d562b7e7a7f40c6ff1caeca9523b)) -- Fix typo in API access rules and improve layout ([#599](https://github.com/ory/oathkeeper/issues/599)) +- Fix typo + ([393af92](https://github.com/ory/oathkeeper/commit/393af92e06f0d562b7e7a7f40c6ff1caeca9523b)) +- Fix typo in API access rules and improve layout + ([#599](https://github.com/ory/oathkeeper/issues/599)) ([6a30ce2](https://github.com/ory/oathkeeper/commit/6a30ce2e0df0101ba7449dbadcc68528337c01fa)) -- Fix typo in pipeline/error.md ([#568](https://github.com/ory/oathkeeper/issues/568)) +- Fix typo in pipeline/error.md + ([#568](https://github.com/ory/oathkeeper/issues/568)) ([5d04c6b](https://github.com/ory/oathkeeper/commit/5d04c6b30ccc1bbb1407f1f82123aa2e82372c36)) -- Resolve list in main docs ([1c2241c](https://github.com/ory/oathkeeper/commit/1c2241c1cbf615a07b483a3bb51fc3be9a50ae40)), closes - [#602](https://github.com/ory/oathkeeper/issues/602) -- Resolve regression issues ([82008b2](https://github.com/ory/oathkeeper/commit/82008b2a6a60583856c436b1adae2f6d306bf836)) +- Resolve list in main docs + ([1c2241c](https://github.com/ory/oathkeeper/commit/1c2241c1cbf615a07b483a3bb51fc3be9a50ae40)), + closes [#602](https://github.com/ory/oathkeeper/issues/602) +- Resolve regression issues + ([82008b2](https://github.com/ory/oathkeeper/commit/82008b2a6a60583856c436b1adae2f6d306bf836)) ### Features -- Forward original authorization header when using remote (json) authorizer ([#554](https://github.com/ory/oathkeeper/issues/554)) - ([f4f781e](https://github.com/ory/oathkeeper/commit/f4f781e5ec998e3656b6cf3c46c83c0faf6527ef)), closes - [#528](https://github.com/ory/oathkeeper/issues/528) -- Use google/go-cloud to fetch rules and credentials from object storage ([#562](https://github.com/ory/oathkeeper/issues/562)) - ([666b951](https://github.com/ory/oathkeeper/commit/666b9514ec37acfe2bb90ce62d5ee845853528fd)), closes - [#518](https://github.com/ory/oathkeeper/issues/518) [#518](https://github.com/ory/oathkeeper/issues/518) +- Forward original authorization header when using remote (json) authorizer + ([#554](https://github.com/ory/oathkeeper/issues/554)) + ([f4f781e](https://github.com/ory/oathkeeper/commit/f4f781e5ec998e3656b6cf3c46c83c0faf6527ef)), + closes [#528](https://github.com/ory/oathkeeper/issues/528) +- Use google/go-cloud to fetch rules and credentials from object storage + ([#562](https://github.com/ory/oathkeeper/issues/562)) + ([666b951](https://github.com/ory/oathkeeper/commit/666b9514ec37acfe2bb90ce62d5ee845853528fd)), + closes [#518](https://github.com/ory/oathkeeper/issues/518) + [#518](https://github.com/ory/oathkeeper/issues/518) ### Unclassified -- docs. fix typo in list ([335189f](https://github.com/ory/oathkeeper/commit/335189fba1d4c3db841c0cf9c51412adc7bdae01)) +- docs. fix typo in list + ([335189f](https://github.com/ory/oathkeeper/commit/335189fba1d4c3db841c0cf9c51412adc7bdae01)) # [0.38.4-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.3-beta.1...v0.38.4-beta.1) (2020-09-28) @@ -955,118 +1090,156 @@ This release stabilizes several features and resolves a couple of bugs. ### Bug Fixes -- Add tests in error_redirect_test.go ([#522](https://github.com/ory/oathkeeper/issues/522)) +- Add tests in error_redirect_test.go + ([#522](https://github.com/ory/oathkeeper/issues/522)) ([24bdd9b](https://github.com/ory/oathkeeper/commit/24bdd9bdc56a46953a393d503ccfd2416cf11bcf)): - Increased tests coverage to cover for all the three valid scenarios - http absolute, https absolute, relative. Explicitly - checked Location path to ensure that correct uri scheme was returned + Increased tests coverage to cover for all the three valid scenarios - http + absolute, https absolute, relative. Explicitly checked Location path to ensure + that correct uri scheme was returned - Deprecated key in goreleaser config ([2a4f901](https://github.com/ory/oathkeeper/commit/2a4f90127e66917dfaa72f8089efa5149631434d)) -- Ignore x/net false positives ([bc8a32c](https://github.com/ory/oathkeeper/commit/bc8a32c9fcf8cbd9fc6b46b9c8d607745fb05a1e)) -- Misleading HTTP status code for oauth2_client_credentials authenticator ([#504](https://github.com/ory/oathkeeper/issues/504)) - ([0f65631](https://github.com/ory/oathkeeper/commit/0f65631af61e6a4098745f0149b0154d5dd7386c)), closes - [#496](https://github.com/ory/oathkeeper/issues/496) +- Ignore x/net false positives + ([bc8a32c](https://github.com/ory/oathkeeper/commit/bc8a32c9fcf8cbd9fc6b46b9c8d607745fb05a1e)) +- Misleading HTTP status code for oauth2_client_credentials authenticator + ([#504](https://github.com/ory/oathkeeper/issues/504)) + ([0f65631](https://github.com/ory/oathkeeper/commit/0f65631af61e6a4098745f0149b0154d5dd7386c)), + closes [#496](https://github.com/ory/oathkeeper/issues/496) ### Code Generation -- Pin v0.38.4-beta.1 release commit ([1c997b2](https://github.com/ory/oathkeeper/commit/1c997b281b27db9dcc010b299d2df9e0ef126c9d)) +- Pin v0.38.4-beta.1 release commit + ([1c997b2](https://github.com/ory/oathkeeper/commit/1c997b281b27db9dcc010b299d2df9e0ef126c9d)) ### Documentation -- Fix broken links ([dd3bfbe](https://github.com/ory/oathkeeper/commit/dd3bfbe01ed450ff88a492c041affeaaf17027c9)) -- Fix OAuth2 Introspect Authn Config Documentation ([#498](https://github.com/ory/oathkeeper/issues/498)) +- Fix broken links + ([dd3bfbe](https://github.com/ory/oathkeeper/commit/dd3bfbe01ed450ff88a492c041affeaaf17027c9)) +- Fix OAuth2 Introspect Authn Config Documentation + ([#498](https://github.com/ory/oathkeeper/issues/498)) ([7612e20](https://github.com/ory/oathkeeper/commit/7612e207e96841aad3dcf5806f5af2cc42024075)): - Switch the definitions for the pre-authorisation fields 'scope' and 'token endpoint' in the documentation. + Switch the definitions for the pre-authorisation fields 'scope' and 'token + endpoint' in the documentation. -- Fix sidebar ([28247fc](https://github.com/ory/oathkeeper/commit/28247fcf53ed5c47879ada62456ab39b29c5752a)) -- Guide for integrating with ORY Hydra ([#497](https://github.com/ory/oathkeeper/issues/497)) +- Fix sidebar + ([28247fc](https://github.com/ory/oathkeeper/commit/28247fcf53ed5c47879ada62456ab39b29c5752a)) +- Guide for integrating with ORY Hydra + ([#497](https://github.com/ory/oathkeeper/issues/497)) ([e1b1751](https://github.com/ory/oathkeeper/commit/e1b175183b8ce9e7d2befae3269d2c5cd959e3e0)) -- Move development section ([582a4d0](https://github.com/ory/oathkeeper/commit/582a4d0e880649cc64aa647b2c35e432b3f234e2)) -- Move to json sidebar ([b67230d](https://github.com/ory/oathkeeper/commit/b67230d038ef0b101c6362ab3e1c34a6924cfc96)) -- Remove duplicate template ([01550b4](https://github.com/ory/oathkeeper/commit/01550b4e28b45b4deb1c1a3f685a1962f7633833)) -- Update repository templates ([2aaf766](https://github.com/ory/oathkeeper/commit/2aaf766444cb9ae9b794c9638553a32931276a39)) -- Update repository templates ([#506](https://github.com/ory/oathkeeper/issues/506)) +- Move development section + ([582a4d0](https://github.com/ory/oathkeeper/commit/582a4d0e880649cc64aa647b2c35e432b3f234e2)) +- Move to json sidebar + ([b67230d](https://github.com/ory/oathkeeper/commit/b67230d038ef0b101c6362ab3e1c34a6924cfc96)) +- Remove duplicate template + ([01550b4](https://github.com/ory/oathkeeper/commit/01550b4e28b45b4deb1c1a3f685a1962f7633833)) +- Update repository templates + ([2aaf766](https://github.com/ory/oathkeeper/commit/2aaf766444cb9ae9b794c9638553a32931276a39)) +- Update repository templates + ([#506](https://github.com/ory/oathkeeper/issues/506)) ([cb53d79](https://github.com/ory/oathkeeper/commit/cb53d79f4ee36266ed7d2c5a1de6147884cbb3cf)) ### Features -- Add and automate version schema ([7ab4012](https://github.com/ory/oathkeeper/commit/7ab40128352eb4e6639fe4828da7bdd3690e327e)) -- Add url_param config option to redirect error handler. ([#520](https://github.com/ory/oathkeeper/issues/520)) - ([b5bb3bc](https://github.com/ory/oathkeeper/commit/b5bb3bc6b88ea8b26d53f03477fce1b74f113b97)), closes - [#511](https://github.com/ory/oathkeeper/issues/511): - - This change introduces a url_param config option for redirect error handler. If it contains a url paramter name, the redirect - url will have this parameter set, containing the current url (from which Oathkeeper has redirected the user). - - This can be useful in passing the return_to url to Kratos, so user can be redirected to the page they initially wanted to access - after a successfull sign in. - -- Log invalid credentials on info level instead of error/warning ([#517](https://github.com/ory/oathkeeper/issues/517)) - ([a372b5f](https://github.com/ory/oathkeeper/commit/a372b5f833305ad85451cfb99b1db9e10ae8b8dc)), closes - [#505](https://github.com/ory/oathkeeper/issues/505) -- Use uri-reference for errors redirect to allow relative urls ([#516](https://github.com/ory/oathkeeper/issues/516)) +- Add and automate version schema + ([7ab4012](https://github.com/ory/oathkeeper/commit/7ab40128352eb4e6639fe4828da7bdd3690e327e)) +- Add url_param config option to redirect error handler. + ([#520](https://github.com/ory/oathkeeper/issues/520)) + ([b5bb3bc](https://github.com/ory/oathkeeper/commit/b5bb3bc6b88ea8b26d53f03477fce1b74f113b97)), + closes [#511](https://github.com/ory/oathkeeper/issues/511): + + This change introduces a url_param config option for redirect error handler. + If it contains a url paramter name, the redirect url will have this parameter + set, containing the current url (from which Oathkeeper has redirected the + user). + + This can be useful in passing the return_to url to Kratos, so user can be + redirected to the page they initially wanted to access after a successfull + sign in. + +- Log invalid credentials on info level instead of error/warning + ([#517](https://github.com/ory/oathkeeper/issues/517)) + ([a372b5f](https://github.com/ory/oathkeeper/commit/a372b5f833305ad85451cfb99b1db9e10ae8b8dc)), + closes [#505](https://github.com/ory/oathkeeper/issues/505) +- Use uri-reference for errors redirect to allow relative urls + ([#516](https://github.com/ory/oathkeeper/issues/516)) ([0d39674](https://github.com/ory/oathkeeper/commit/0d3967409786c23de8e97f5c588cc4e9837a1550)) ### Unclassified -- Run go format ([2c25a2a](https://github.com/ory/oathkeeper/commit/2c25a2ad18bba7bf72e612b2005f1080e164d0d9)) +- Run go format + ([2c25a2a](https://github.com/ory/oathkeeper/commit/2c25a2ad18bba7bf72e612b2005f1080e164d0d9)) # [0.38.3-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.2-beta.1...v0.38.3-beta.1) (2020-07-29) -This release addresses several configuration bugs and resolves a potential panic. +This release addresses several configuration bugs and resolves a potential +panic. ### Bug Fixes -- Matcher.Match panic on nil \*url.URL ([#485](https://github.com/ory/oathkeeper/issues/485)) - ([ab27dda](https://github.com/ory/oathkeeper/commit/ab27dda253d7c3f8bb9fae45c1f50e86e24e193c)), closes - [#484](https://github.com/ory/oathkeeper/issues/484) -- Remove HTTP method restrictions ([#472](https://github.com/ory/oathkeeper/issues/472)) +- Matcher.Match panic on nil \*url.URL + ([#485](https://github.com/ory/oathkeeper/issues/485)) + ([ab27dda](https://github.com/ory/oathkeeper/commit/ab27dda253d7c3f8bb9fae45c1f50e86e24e193c)), + closes [#484](https://github.com/ory/oathkeeper/issues/484) +- Remove HTTP method restrictions + ([#472](https://github.com/ory/oathkeeper/issues/472)) ([bf8a888](https://github.com/ory/oathkeeper/commit/bf8a88884fa575c6ed397c92598c7436461028c6)) - Resolve build issues and bump herodot ([f15e38d](https://github.com/ory/oathkeeper/commit/f15e38dc533010babd21aeaa91d48dd4abbbdddc)) -- Use ory-dev instead of swagutil ([#465](https://github.com/ory/oathkeeper/issues/465)) +- Use ory-dev instead of swagutil + ([#465](https://github.com/ory/oathkeeper/issues/465)) ([3fce382](https://github.com/ory/oathkeeper/commit/3fce382e83c95049b561a97365d0b4cc2f73bc54)) ### Code Generation -- Pin v0.38.3-beta.1 release commit ([1f754a9](https://github.com/ory/oathkeeper/commit/1f754a90d50c66545ce326ff1780894f4b2cbcfe)) +- Pin v0.38.3-beta.1 release commit + ([1f754a9](https://github.com/ory/oathkeeper/commit/1f754a90d50c66545ce326ff1780894f4b2cbcfe)) ### Documentation -- Delete old redirect homepage ([a1a4610](https://github.com/ory/oathkeeper/commit/a1a4610194558f1024d2409c6f1975b72a0f856e)) -- Fix access rule example ([739f179](https://github.com/ory/oathkeeper/commit/739f179ca2ca9d8ca42ca1995b3febac322bbeb2)) -- Fix api access rule example ([#460](https://github.com/ory/oathkeeper/issues/460)) +- Delete old redirect homepage + ([a1a4610](https://github.com/ory/oathkeeper/commit/a1a4610194558f1024d2409c6f1975b72a0f856e)) +- Fix access rule example + ([739f179](https://github.com/ory/oathkeeper/commit/739f179ca2ca9d8ca42ca1995b3febac322bbeb2)) +- Fix api access rule example + ([#460](https://github.com/ory/oathkeeper/issues/460)) ([c75cd97](https://github.com/ory/oathkeeper/commit/c75cd978899b719edbd8ad80f7c7a48aded20252)) -- Update repository templates ([edffc2e](https://github.com/ory/oathkeeper/commit/edffc2ee354ae4ec26e19e728b9f3117a0ec879c)) -- Update repository templates ([7af8749](https://github.com/ory/oathkeeper/commit/7af8749e949c48f5750950def62290f2694e1b09)) +- Update repository templates + ([edffc2e](https://github.com/ory/oathkeeper/commit/edffc2ee354ae4ec26e19e728b9f3117a0ec879c)) +- Update repository templates + ([7af8749](https://github.com/ory/oathkeeper/commit/7af8749e949c48f5750950def62290f2694e1b09)) - Use central banner repo for README ([04fe00c](https://github.com/ory/oathkeeper/commit/04fe00c0cd92c717ea2dc4149450f07206306f51)) -- Use mdx for api reference ([368f073](https://github.com/ory/oathkeeper/commit/368f073a2d91b4fc9677436bcec63c6f339b0c93)) +- Use mdx for api reference + ([368f073](https://github.com/ory/oathkeeper/commit/368f073a2d91b4fc9677436bcec63c6f339b0c93)) ### Features -- Improve configurability of prometheus metrics ([#450](https://github.com/ory/oathkeeper/issues/450)) - ([ddcb226](https://github.com/ory/oathkeeper/commit/ddcb2262e6edc417c69bf2d713fa67f235481d32)), closes - [#446](https://github.com/ory/oathkeeper/issues/446) -- Pass query parameters to the hydrators ([#479](https://github.com/ory/oathkeeper/issues/479)) +- Improve configurability of prometheus metrics + ([#450](https://github.com/ory/oathkeeper/issues/450)) + ([ddcb226](https://github.com/ory/oathkeeper/commit/ddcb2262e6edc417c69bf2d713fa67f235481d32)), + closes [#446](https://github.com/ory/oathkeeper/issues/446) +- Pass query parameters to the hydrators + ([#479](https://github.com/ory/oathkeeper/issues/479)) ([48603a1](https://github.com/ory/oathkeeper/commit/48603a1ac484b6571706021f2667f770604256b6)) # [0.38.2-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.1-beta.1...v0.38.2-beta.1) (2020-05-25) -This patch makes timeouts configurable for oauth2_client_credentials and the reverse proxy and additionally allows prometheus to -be configured. +This patch makes timeouts configurable for oauth2_client_credentials and the +reverse proxy and additionally allows prometheus to be configured. ### Bug Fixes -- Move prometheus validation stanza to local schema ([#437](https://github.com/ory/oathkeeper/issues/437)) - ([dcf3e14](https://github.com/ory/oathkeeper/commit/dcf3e14f2b4e09deb40260303061f27bcb55503c)), closes - [#438](https://github.com/ory/oathkeeper/issues/438) +- Move prometheus validation stanza to local schema + ([#437](https://github.com/ory/oathkeeper/issues/437)) + ([dcf3e14](https://github.com/ory/oathkeeper/commit/dcf3e14f2b4e09deb40260303061f27bcb55503c)), + closes [#438](https://github.com/ory/oathkeeper/issues/438) ### Chores -- Pin v0.38.2-beta.1 release commit ([0de2682](https://github.com/ory/oathkeeper/commit/0de2682a1e0d556688c48db52ccc4e24f2bce336)) +- Pin v0.38.2-beta.1 release commit + ([0de2682](https://github.com/ory/oathkeeper/commit/0de2682a1e0d556688c48db52ccc4e24f2bce336)) ### Documentation @@ -1075,77 +1248,98 @@ be configured. ### Features -- Add configurable timeouts to API server ([#440](https://github.com/ory/oathkeeper/issues/440)) +- Add configurable timeouts to API server + ([#440](https://github.com/ory/oathkeeper/issues/440)) ([0dc6292](https://github.com/ory/oathkeeper/commit/0dc6292eb4784505be5100c6b20ade6235e277ac)) -- Timeout config for oauth2_client_credentials ([#443](https://github.com/ory/oathkeeper/issues/443)) - ([2462fa3](https://github.com/ory/oathkeeper/commit/2462fa3f97601009aff9b45c7c288d7a1afdec45)), closes - [#442](https://github.com/ory/oathkeeper/issues/442) +- Timeout config for oauth2_client_credentials + ([#443](https://github.com/ory/oathkeeper/issues/443)) + ([2462fa3](https://github.com/ory/oathkeeper/commit/2462fa3f97601009aff9b45c7c288d7a1afdec45)), + closes [#442](https://github.com/ory/oathkeeper/issues/442) # [0.38.1-beta.1](https://github.com/ory/oathkeeper/compare/v0.38.0-beta.2...v0.38.1-beta.1) (2020-05-08) -Caching in the hydrator mutator has been improved. Please use `cache.enable=true` if you intend using the hydrator. +Caching in the hydrator mutator has been improved. Please use +`cache.enable=true` if you intend using the hydrator. ### Bug Fixes -- Improve caching strategy and config for hydrator ([#433](https://github.com/ory/oathkeeper/issues/433)) +- Improve caching strategy and config for hydrator + ([#433](https://github.com/ory/oathkeeper/issues/433)) ([0047054](https://github.com/ory/oathkeeper/commit/00470541fb3d5d2672ef068c9e02c20deaac3d0d)): - To enable the hydrator cache you must now use the `cache.enabled` property. Also, the cache key strategy has been improved. + To enable the hydrator cache you must now use the `cache.enabled` property. + Also, the cache key strategy has been improved. ### Chores -- Pin v0.38.1-beta.1 release commit ([20f439d](https://github.com/ory/oathkeeper/commit/20f439d9df7eed3a7c8c163234b70c9260439613)) +- Pin v0.38.1-beta.1 release commit + ([20f439d](https://github.com/ory/oathkeeper/commit/20f439d9df7eed3a7c8c163234b70c9260439613)) # [0.38.0-beta.2](https://github.com/ory/oathkeeper/compare/v0.37.1-beta.1...v0.38.0-beta.2) (2020-05-07) -This release introduces Prometheus support, a new `remote` authorizer, caching, and several bugfixes! +This release introduces Prometheus support, a new `remote` authorizer, caching, +and several bugfixes! No backwards incompatible changes have been introduced. ### Bug Fixes - Add old schemas to resolve issues with old versions - ([b94c391](https://github.com/ory/oathkeeper/commit/b94c391446a694971fa54a53eb08f9d57ad5eb24)), closes - [#400](https://github.com/ory/oathkeeper/issues/400) -- Don't copy the decision endpoint request's Content-Length ([#422](https://github.com/ory/oathkeeper/issues/422)) + ([b94c391](https://github.com/ory/oathkeeper/commit/b94c391446a694971fa54a53eb08f9d57ad5eb24)), + closes [#400](https://github.com/ory/oathkeeper/issues/400) +- Don't copy the decision endpoint request's Content-Length + ([#422](https://github.com/ory/oathkeeper/issues/422)) ([0e99045](https://github.com/ory/oathkeeper/commit/0e990459104c7683764f4ed0e0a6b7162b57cd57)): - We currently copy all original request headers send to the decission endpoint back. This can include the Content-Length header - which describes the request body or response. Including the original request Content-Length causes issues for the decission - endpoint client if the response body doesn't match the exact size. + We currently copy all original request headers send to the decission endpoint + back. This can include the Content-Length header which describes the request + body or response. Including the original request Content-Length causes issues + for the decission endpoint client if the response body doesn't match the exact + size. - This change makes sure the Content-Length doesn't get included in the response body and adds a test to prevent future - regressions. + This change makes sure the Content-Length doesn't get included in the response + body and adds a test to prevent future regressions. -- Respect retry in token introspection ([#410](https://github.com/ory/oathkeeper/issues/410)) +- Respect retry in token introspection + ([#410](https://github.com/ory/oathkeeper/issues/410)) ([88f7b69](https://github.com/ory/oathkeeper/commit/88f7b69c9ff252ddc3dbe960155883ec98115fd0)) -- Update install.sh script ([#429](https://github.com/ory/oathkeeper/issues/429)) +- Update install.sh script + ([#429](https://github.com/ory/oathkeeper/issues/429)) ([2d2eded](https://github.com/ory/oathkeeper/commit/2d2eded4075c2649e449d80dbb871b0da739a9ac)) -- Use pipe to pass body remote authorizer ([#426](https://github.com/ory/oathkeeper/issues/426)) +- Use pipe to pass body remote authorizer + ([#426](https://github.com/ory/oathkeeper/issues/426)) ([1a44087](https://github.com/ory/oathkeeper/commit/1a44087f424d8a01437769c6bce177eab36c195f)): Resolves flaky tests. -- Use semver-regex replacer func ([a13cdf5](https://github.com/ory/oathkeeper/commit/a13cdf5d9a518e3095545e30d15c7c4b7859752b)) +- Use semver-regex replacer func + ([a13cdf5](https://github.com/ory/oathkeeper/commit/a13cdf5d9a518e3095545e30d15c7c4b7859752b)) ### Chores -- Pin v0.38.0-beta.2 release commit ([73d36cd](https://github.com/ory/oathkeeper/commit/73d36cd367c1c93d4b6e93be180c982789924356)) +- Pin v0.38.0-beta.2 release commit + ([73d36cd](https://github.com/ory/oathkeeper/commit/73d36cd367c1c93d4b6e93be180c982789924356)) ### Code Refactoring -- Move docs to this repository ([#396](https://github.com/ory/oathkeeper/issues/396)) +- Move docs to this repository + ([#396](https://github.com/ory/oathkeeper/issues/396)) ([11cb851](https://github.com/ory/oathkeeper/commit/11cb851a7cc42120c2d890fbeefcba55d6ff0e5a)) ### Documentation - Add `authentication_handler_no_match` to error example ([ad182f4](https://github.com/ory/oathkeeper/commit/ad182f4af9723aff79c227431045444140c24f25)) -- Add missing import ([b76ee9c](https://github.com/ory/oathkeeper/commit/b76ee9c8b6cb07adf7b9cdd421712dfdcb5f8340)) -- Regenerate and update changelog ([7121f65](https://github.com/ory/oathkeeper/commit/7121f6514a0ba0d61831792972ed833117911551)) -- Regenerate and update changelog ([6fd7d66](https://github.com/ory/oathkeeper/commit/6fd7d667e3c7738bc7a4ab82c490a6d7343e85bd)) -- Regenerate and update changelog ([531200c](https://github.com/ory/oathkeeper/commit/531200cecae0bb8853ff9d5d557cb9176137545b)) -- Regenerate and update changelog ([cf8ad0c](https://github.com/ory/oathkeeper/commit/cf8ad0c635042de54590030387220c1a16b9268c)) +- Add missing import + ([b76ee9c](https://github.com/ory/oathkeeper/commit/b76ee9c8b6cb07adf7b9cdd421712dfdcb5f8340)) +- Regenerate and update changelog + ([7121f65](https://github.com/ory/oathkeeper/commit/7121f6514a0ba0d61831792972ed833117911551)) +- Regenerate and update changelog + ([6fd7d66](https://github.com/ory/oathkeeper/commit/6fd7d667e3c7738bc7a4ab82c490a6d7343e85bd)) +- Regenerate and update changelog + ([531200c](https://github.com/ory/oathkeeper/commit/531200cecae0bb8853ff9d5d557cb9176137545b)) +- Regenerate and update changelog + ([cf8ad0c](https://github.com/ory/oathkeeper/commit/cf8ad0c635042de54590030387220c1a16b9268c)) - Update github templates ([#407](https://github.com/ory/oathkeeper/issues/407)) ([9979d77](https://github.com/ory/oathkeeper/commit/9979d77d7eda95a2438f3f5cc9b85d3d0aa2857c)) - Update github templates ([#409](https://github.com/ory/oathkeeper/issues/409)) @@ -1156,45 +1350,57 @@ No backwards incompatible changes have been introduced. ([6d7cba7](https://github.com/ory/oathkeeper/commit/6d7cba76e893d51db71687b2981837a333d71666)) - Update github templates ([#413](https://github.com/ory/oathkeeper/issues/413)) ([d692fbf](https://github.com/ory/oathkeeper/commit/d692fbfb9bcba77c32a94b530e82fbd5e2b61856)) -- Update linux install guide ([#414](https://github.com/ory/oathkeeper/issues/414)) +- Update linux install guide + ([#414](https://github.com/ory/oathkeeper/issues/414)) ([a0e2cc0](https://github.com/ory/oathkeeper/commit/a0e2cc0ea324d908a8741df75e3259e30a302dbb)) -- Updates issue and pull request templates ([#392](https://github.com/ory/oathkeeper/issues/392)) +- Updates issue and pull request templates + ([#392](https://github.com/ory/oathkeeper/issues/392)) ([3724ebc](https://github.com/ory/oathkeeper/commit/3724ebc63a85050525d86d81a70eeadccac72c1a)) -- Updates issue and pull request templates ([#393](https://github.com/ory/oathkeeper/issues/393)) +- Updates issue and pull request templates + ([#393](https://github.com/ory/oathkeeper/issues/393)) ([a4ade5c](https://github.com/ory/oathkeeper/commit/a4ade5ca29a9ce24a3ffb6c9705c4723e67f9619)) -- Updates issue and pull request templates ([#394](https://github.com/ory/oathkeeper/issues/394)) +- Updates issue and pull request templates + ([#394](https://github.com/ory/oathkeeper/issues/394)) ([0ef037a](https://github.com/ory/oathkeeper/commit/0ef037abcec226039eb1a69dfc442df53d430ce1)) -- Updates issue and pull request templates ([#395](https://github.com/ory/oathkeeper/issues/395)) +- Updates issue and pull request templates + ([#395](https://github.com/ory/oathkeeper/issues/395)) ([ecab261](https://github.com/ory/oathkeeper/commit/ecab26119e32fa7c6947a7da17f2095292d02f2d)) -- Use correct headline for cc handler ([#420](https://github.com/ory/oathkeeper/issues/420)) +- Use correct headline for cc handler + ([#420](https://github.com/ory/oathkeeper/issues/420)) ([1401610](https://github.com/ory/oathkeeper/commit/1401610dffc7bef5823199059a4d9fc25cbde264)) ### Features - Add cache to hydrator ([#418](https://github.com/ory/oathkeeper/issues/418)) - ([1ae6e7a](https://github.com/ory/oathkeeper/commit/1ae6e7a958d602533f54cada5d231bcf1bace093)), closes - [#417](https://github.com/ory/oathkeeper/issues/417): + ([1ae6e7a](https://github.com/ory/oathkeeper/commit/1ae6e7a958d602533f54cada5d231bcf1bace093)), + closes [#417](https://github.com/ory/oathkeeper/issues/417): - This patch introduces new configuration parameters that allow the hydrator mutator to cache requests. + This patch introduces new configuration parameters that allow the hydrator + mutator to cache requests. -- Add new remote authorizer that uses request body and headers ([#416](https://github.com/ory/oathkeeper/issues/416)) +- Add new remote authorizer that uses request body and headers + ([#416](https://github.com/ory/oathkeeper/issues/416)) ([3a20637](https://github.com/ory/oathkeeper/commit/3a206376c0ec4d72d5d6ec66c2d738199a24e0c6)): - This pull request implements a new authorizer that sends the original request body as body to the remote endpoint. This allows - the remote endpoint to take the body into account in its decision. + This pull request implements a new authorizer that sends the original request + body as body to the remote endpoint. This allows the remote endpoint to take + the body into account in its decision. - The current remote_json authorizer does not have the ability to send the request body of the request to authorize. This means - this cannot be taken into account while checking permissions. + The current remote_json authorizer does not have the ability to send the + request body of the request to authorize. This means this cannot be taken into + account while checking permissions. - Providing the request body as part of the JSON payload won't always work as JSON cannot handle binary data. + Providing the request body as part of the JSON payload won't always work as + JSON cannot handle binary data. - Add prometheus docs ([#427](https://github.com/ory/oathkeeper/issues/427)) ([117ee6a](https://github.com/ory/oathkeeper/commit/117ee6a4c53035651f41a5bb4a9afe3c8b0c7438)) -- Add prometheus endpoint providing basic request metrics ([#404](https://github.com/ory/oathkeeper/issues/404)) +- Add prometheus endpoint providing basic request metrics + ([#404](https://github.com/ory/oathkeeper/issues/404)) ([fdaed46](https://github.com/ory/oathkeeper/commit/fdaed46bcffbbdf593e94bc1784df88809e63fcd)): - This patch adds basic prometheus metrics. The prometheus metrics are exposed at the default prometheus exporter port 9000 and is - configurable with: + This patch adds basic prometheus metrics. The prometheus metrics are exposed + at the default prometheus exporter port 9000 and is configurable with: ``` serve: @@ -1204,9 +1410,10 @@ No backwards incompatible changes have been introduced. metrics_path: /metrics ``` -- Oauth2_introspect cache introspection results ([#424](https://github.com/ory/oathkeeper/issues/424)) - ([d4557ae](https://github.com/ory/oathkeeper/commit/d4557aeac69e84d36dfc2a1ab97c61188c93457f)), closes - [#293](https://github.com/ory/oathkeeper/issues/293) +- Oauth2_introspect cache introspection results + ([#424](https://github.com/ory/oathkeeper/issues/424)) + ([d4557ae](https://github.com/ory/oathkeeper/commit/d4557aeac69e84d36dfc2a1ab97c61188c93457f)), + closes [#293](https://github.com/ory/oathkeeper/issues/293) # [0.37.1-beta.1](https://github.com/ory/oathkeeper/compare/v0.37.0-beta.1...v0.37.1-beta.1) (2020-04-03) @@ -1214,12 +1421,14 @@ chore: replace segment with ory fork (#391) ### Chores -- Replace segment with ory fork ([#391](https://github.com/ory/oathkeeper/issues/391)) +- Replace segment with ory fork + ([#391](https://github.com/ory/oathkeeper/issues/391)) ([77d0b48](https://github.com/ory/oathkeeper/commit/77d0b48c8de5b4681f49f90e306e5b2324ac0d5d)) ### Documentation -- Regenerate and update changelog ([4e251e9](https://github.com/ory/oathkeeper/commit/4e251e904a4028a01687b0155108cc9c315e6941)) +- Regenerate and update changelog + ([4e251e9](https://github.com/ory/oathkeeper/commit/4e251e904a4028a01687b0155108cc9c315e6941)) # [0.37.0-beta.1](https://github.com/ory/oathkeeper/compare/v0.36.0-beta.4...v0.37.0-beta.1) (2020-04-02) @@ -1227,102 +1436,151 @@ docs: document v0.36 and v0.37 ## Breaking Changes -This feature allows to use the regex capture groups from the URL matcher to be used in several places, including the ID Token -generator and elsewhere. To get this working, existing `keto_engine_acp_ory` authorizers are no longer able to use regex -substition in the form of `my:action:$1` but instead must use the new format which is -`{{ printIndex .MatchContext.RegexpCaptureGroups 0}}` (notice that the index changed by _-1_). A rule migrator exists which makes -old rules compatible with the new format, if a version string is given. More details on the rule migration can be found here: +This feature allows to use the regex capture groups from the URL matcher to be +used in several places, including the ID Token generator and elsewhere. To get +this working, existing `keto_engine_acp_ory` authorizers are no longer able to +use regex substition in the form of `my:action:$1` but instead must use the new +format which is `{{ printIndex .MatchContext.RegexpCaptureGroups 0}}` (notice +that the index changed by _-1_). A rule migrator exists which makes old rules +compatible with the new format, if a version string is given. More details on +the rule migration can be found here: https://github.com/ory/oathkeeper/pull/358/commits/fd16ceb230a1b14ebb01a147d2d70acce77f9fbd#diff-6177fb19f1b7d7bc392f5062b838df15 ### Bug Fixes -- Add rule id to malformed configuration log error ([#386](https://github.com/ory/oathkeeper/issues/386)) +- Add rule id to malformed configuration log error + ([#386](https://github.com/ory/oathkeeper/issues/386)) ([7688a8d](https://github.com/ory/oathkeeper/commit/7688a8dc4dc0ebd5bd173d77bc7cd8cacc8e50e2)) -- Disable test that fails with low cache hit rate ([#372](https://github.com/ory/oathkeeper/issues/372)) - ([5414dda](https://github.com/ory/oathkeeper/commit/5414ddadb0b210d3a90b69183449ba7d5723ba6c)), closes - [#371](https://github.com/ory/oathkeeper/issues/371) -- **docker:** Improve docker-compose example ([#325](https://github.com/ory/oathkeeper/issues/325)) - ([1247381](https://github.com/ory/oathkeeper/commit/12473815dad3fcbc57ea102dd982170960adb9f6)), closes - [#324](https://github.com/ory/oathkeeper/issues/324): - - Add a new file 'Dockerfile-dc' which will primarily be used by Docker Compose to build docker images. Unlike the existing - Dockerfile which depends on the Makefile to build the binary, this Dockerfile copies the source code and builds the binary. - - Oathkeeper has gone through a couple of changes since the initial draft of the docker compose file, considering these changes - and the newly introduced Dockerfile in the previous commit, make these changes to the docker-compose.yml: +- Disable test that fails with low cache hit rate + ([#372](https://github.com/ory/oathkeeper/issues/372)) + ([5414dda](https://github.com/ory/oathkeeper/commit/5414ddadb0b210d3a90b69183449ba7d5723ba6c)), + closes [#371](https://github.com/ory/oathkeeper/issues/371) +- **docker:** Improve docker-compose example + ([#325](https://github.com/ory/oathkeeper/issues/325)) + ([1247381](https://github.com/ory/oathkeeper/commit/12473815dad3fcbc57ea102dd982170960adb9f6)), + closes [#324](https://github.com/ory/oathkeeper/issues/324): + + Add a new file 'Dockerfile-dc' which will primarily be used by Docker Compose + to build docker images. Unlike the existing Dockerfile which depends on the + Makefile to build the binary, this Dockerfile copies the source code and + builds the binary. + + Oathkeeper has gone through a couple of changes since the initial draft of the + docker compose file, considering these changes and the newly introduced + Dockerfile in the previous commit, make these changes to the + docker-compose.yml: 1. Bump the version of the compose file to 3. - 2. Remove the need for the postgres database app, since Oathkeeper no longer needs a database. - 3. Remove the need for the migration app, since we no longer need to migrate since there is no database and the option is - deprecated. + 2. Remove the need for the postgres database app, since Oathkeeper no longer + needs a database. + 3. Remove the need for the migration app, since we no longer need to migrate + since there is no database and the option is deprecated. 4. Use the newly defined Dockerfile 'Dockerfile-dc'. - 5. We now serve both API and PROXY from the same app, so we don't need two instances of the app. - 6. Add sample config, rules and JWK files to `.docker_compose`, mount this via a volume mount. - -- Improve id_token performance with caching ([#367](https://github.com/ory/oathkeeper/issues/367)) - ([47e9fee](https://github.com/ory/oathkeeper/commit/47e9feefcea2d3508932ef3b323709b0bfa0d707)), closes - [#364](https://github.com/ory/oathkeeper/issues/364) -- Load config file only in serve command ([#365](https://github.com/ory/oathkeeper/issues/365)) + 5. We now serve both API and PROXY from the same app, so we don't need two + instances of the app. + 6. Add sample config, rules and JWK files to `.docker_compose`, mount this via + a volume mount. + +- Improve id_token performance with caching + ([#367](https://github.com/ory/oathkeeper/issues/367)) + ([47e9fee](https://github.com/ory/oathkeeper/commit/47e9feefcea2d3508932ef3b323709b0bfa0d707)), + closes [#364](https://github.com/ory/oathkeeper/issues/364) +- Load config file only in serve command + ([#365](https://github.com/ory/oathkeeper/issues/365)) ([68c8546](https://github.com/ory/oathkeeper/commit/68c85469b4523e5accf3de8e97b97b87416875d3)) -- Replace segment with our own sqa endpoint ([#385](https://github.com/ory/oathkeeper/issues/385)) +- Replace segment with our own sqa endpoint + ([#385](https://github.com/ory/oathkeeper/issues/385)) ([8f63eda](https://github.com/ory/oathkeeper/commit/8f63eda6370fb389307cd8b313437292965a2107)) -- SendOAuth2 introspection scope only when strategy is none ([#379](https://github.com/ory/oathkeeper/issues/379)) - ([5e0c8dc](https://github.com/ory/oathkeeper/commit/5e0c8dcdc4a64662f59372a488ec633bcdbc0d85)), closes - [#377](https://github.com/ory/oathkeeper/issues/377): - - This patch removes the `scope` key from the OAuth2 Introspection request body when a scope strategy other than `none` is set for - the OAuth2 Introspection handler. If the scope strategy is `none`, the `scope` key is included in the body. - -- Token expiration error in tests ([#390](https://github.com/ory/oathkeeper/issues/390)) +- SendOAuth2 introspection scope only when strategy is none + ([#379](https://github.com/ory/oathkeeper/issues/379)) + ([5e0c8dc](https://github.com/ory/oathkeeper/commit/5e0c8dcdc4a64662f59372a488ec633bcdbc0d85)), + closes [#377](https://github.com/ory/oathkeeper/issues/377): + + This patch removes the `scope` key from the OAuth2 Introspection request body + when a scope strategy other than `none` is set for the OAuth2 Introspection + handler. If the scope strategy is `none`, the `scope` key is included in the + body. + +- Token expiration error in tests + ([#390](https://github.com/ory/oathkeeper/issues/390)) ([9c07a73](https://github.com/ory/oathkeeper/commit/9c07a7349cdf560c0ba29a637aaec93021757d27)) ### Documentation -- Change link to Developer Install Guide ([#369](https://github.com/ory/oathkeeper/issues/369)) +- Change link to Developer Install Guide + ([#369](https://github.com/ory/oathkeeper/issues/369)) ([f7fe46f](https://github.com/ory/oathkeeper/commit/f7fe46f9e183c53b5af71592c05cacf6b7584a2c)): - Changing the link to the Developer Documentation - it was pointing to Keto and not to Oathkeeper. + Changing the link to the Developer Documentation - it was pointing to Keto and + not to Oathkeeper. -- Document v0.36 and v0.37 ([a176c73](https://github.com/ory/oathkeeper/commit/a176c7301baddbec572e3451830ee1f32dc55c75)) -- Fix examples for some JSON Schema config keys ([#363](https://github.com/ory/oathkeeper/issues/363)) +- Document v0.36 and v0.37 + ([a176c73](https://github.com/ory/oathkeeper/commit/a176c7301baddbec572e3451830ee1f32dc55c75)) +- Fix examples for some JSON Schema config keys + ([#363](https://github.com/ory/oathkeeper/issues/363)) ([aeeb353](https://github.com/ory/oathkeeper/commit/aeeb35399588422ea25780406f1726cad5082315)) -- Regenerate and update changelog ([9417e2c](https://github.com/ory/oathkeeper/commit/9417e2c213a5e9394d88638dc24e36dc2d9b3387)) -- Regenerate and update changelog ([b817037](https://github.com/ory/oathkeeper/commit/b817037fea1131e20fbd829927af00f2a27b951d)) -- Regenerate and update changelog ([33a5524](https://github.com/ory/oathkeeper/commit/33a55240803c6615e8550de371b60d040ae9f2fe)) -- Regenerate and update changelog ([888b7a6](https://github.com/ory/oathkeeper/commit/888b7a6f2255a2e1457fc88712ad4d80b87000ba)) -- Regenerate and update changelog ([36faa3b](https://github.com/ory/oathkeeper/commit/36faa3bbc4a0befd59a61c25664b184fa07baaeb)) -- Regenerate and update changelog ([32b6059](https://github.com/ory/oathkeeper/commit/32b605921b88e163299e47847099ab985e3cbfcd)) -- Regenerate and update changelog ([ba4de09](https://github.com/ory/oathkeeper/commit/ba4de09211f249b6a719308ec5b1ea803642aa20)) -- Regenerate and update changelog ([a76f749](https://github.com/ory/oathkeeper/commit/a76f749dfe5c6ad988da6ba0b2ac4be5a22b0f9d)) -- Regenerate and update changelog ([1789d00](https://github.com/ory/oathkeeper/commit/1789d003699c7140e29b1a1a967f6ccd3b1e6916)) -- Regenerate and update changelog ([0dfc608](https://github.com/ory/oathkeeper/commit/0dfc6081c1da853477737a3ec41a9ac8e51faebc)) -- Regenerate and update changelog ([b23c79a](https://github.com/ory/oathkeeper/commit/b23c79ac318bd394eaf3c48f8d3e6c157a234df9)) -- Regenerate and update changelog ([2117171](https://github.com/ory/oathkeeper/commit/2117171a17b345fb62f9234d3a5443728dca5315)) -- Regenerate and update changelog ([38c9e19](https://github.com/ory/oathkeeper/commit/38c9e19a4b5fe708c60fc694e6ca526d201872eb)) -- Regenerate and update changelog ([e3eda75](https://github.com/ory/oathkeeper/commit/e3eda753c3696345f030c4311b66f29296e4183c)) -- Regenerate and update changelog ([e7d70f7](https://github.com/ory/oathkeeper/commit/e7d70f71bd1d803f4b1e58149875becb8abfa9ad)) -- Regenerate and update changelog ([874b7a9](https://github.com/ory/oathkeeper/commit/874b7a9cb03d28cc40a8f7e242158414075f0961)) -- Regenerate and update changelog ([6b1d94b](https://github.com/ory/oathkeeper/commit/6b1d94b7c3eeae9c69154b85ecdcff7759fd98a9)) -- Regenerate and update changelog ([cb38415](https://github.com/ory/oathkeeper/commit/cb384152a82830f14768d2e0ec30cc8f65c8583c)) -- Regenerate and update changelog ([bec6af0](https://github.com/ory/oathkeeper/commit/bec6af0a9b78a880296fce59eb150ac21ee3d13b)) -- Update forum and chat links ([d9eed10](https://github.com/ory/oathkeeper/commit/d9eed10abd43eb41362fcc0f36e47a6f88658835)) +- Regenerate and update changelog + ([9417e2c](https://github.com/ory/oathkeeper/commit/9417e2c213a5e9394d88638dc24e36dc2d9b3387)) +- Regenerate and update changelog + ([b817037](https://github.com/ory/oathkeeper/commit/b817037fea1131e20fbd829927af00f2a27b951d)) +- Regenerate and update changelog + ([33a5524](https://github.com/ory/oathkeeper/commit/33a55240803c6615e8550de371b60d040ae9f2fe)) +- Regenerate and update changelog + ([888b7a6](https://github.com/ory/oathkeeper/commit/888b7a6f2255a2e1457fc88712ad4d80b87000ba)) +- Regenerate and update changelog + ([36faa3b](https://github.com/ory/oathkeeper/commit/36faa3bbc4a0befd59a61c25664b184fa07baaeb)) +- Regenerate and update changelog + ([32b6059](https://github.com/ory/oathkeeper/commit/32b605921b88e163299e47847099ab985e3cbfcd)) +- Regenerate and update changelog + ([ba4de09](https://github.com/ory/oathkeeper/commit/ba4de09211f249b6a719308ec5b1ea803642aa20)) +- Regenerate and update changelog + ([a76f749](https://github.com/ory/oathkeeper/commit/a76f749dfe5c6ad988da6ba0b2ac4be5a22b0f9d)) +- Regenerate and update changelog + ([1789d00](https://github.com/ory/oathkeeper/commit/1789d003699c7140e29b1a1a967f6ccd3b1e6916)) +- Regenerate and update changelog + ([0dfc608](https://github.com/ory/oathkeeper/commit/0dfc6081c1da853477737a3ec41a9ac8e51faebc)) +- Regenerate and update changelog + ([b23c79a](https://github.com/ory/oathkeeper/commit/b23c79ac318bd394eaf3c48f8d3e6c157a234df9)) +- Regenerate and update changelog + ([2117171](https://github.com/ory/oathkeeper/commit/2117171a17b345fb62f9234d3a5443728dca5315)) +- Regenerate and update changelog + ([38c9e19](https://github.com/ory/oathkeeper/commit/38c9e19a4b5fe708c60fc694e6ca526d201872eb)) +- Regenerate and update changelog + ([e3eda75](https://github.com/ory/oathkeeper/commit/e3eda753c3696345f030c4311b66f29296e4183c)) +- Regenerate and update changelog + ([e7d70f7](https://github.com/ory/oathkeeper/commit/e7d70f71bd1d803f4b1e58149875becb8abfa9ad)) +- Regenerate and update changelog + ([874b7a9](https://github.com/ory/oathkeeper/commit/874b7a9cb03d28cc40a8f7e242158414075f0961)) +- Regenerate and update changelog + ([6b1d94b](https://github.com/ory/oathkeeper/commit/6b1d94b7c3eeae9c69154b85ecdcff7759fd98a9)) +- Regenerate and update changelog + ([cb38415](https://github.com/ory/oathkeeper/commit/cb384152a82830f14768d2e0ec30cc8f65c8583c)) +- Regenerate and update changelog + ([bec6af0](https://github.com/ory/oathkeeper/commit/bec6af0a9b78a880296fce59eb150ac21ee3d13b)) +- Update forum and chat links + ([d9eed10](https://github.com/ory/oathkeeper/commit/d9eed10abd43eb41362fcc0f36e47a6f88658835)) - Update README.md ([#375](https://github.com/ory/oathkeeper/issues/375)) - ([313d2fe](https://github.com/ory/oathkeeper/commit/313d2fe99f699c441e6f8e24abb096e239a17f83)), closes - [#374](https://github.com/ory/oathkeeper/issues/374): + ([313d2fe](https://github.com/ory/oathkeeper/commit/313d2fe99f699c441e6f8e24abb096e239a17f83)), + closes [#374](https://github.com/ory/oathkeeper/issues/374): Fixed link to Envoy configuration page and added link to AWS API Gateway. -- Updates issue and pull request templates ([#382](https://github.com/ory/oathkeeper/issues/382)) +- Updates issue and pull request templates + ([#382](https://github.com/ory/oathkeeper/issues/382)) ([484c406](https://github.com/ory/oathkeeper/commit/484c406785c2633feee3cb9179a94147085cadd6)) ### Features -- Add MatchContext in the AuthenticationSession ([#358](https://github.com/ory/oathkeeper/issues/358)) +- Add MatchContext in the AuthenticationSession + ([#358](https://github.com/ory/oathkeeper/issues/358)) ([a421293](https://github.com/ory/oathkeeper/commit/a421293a05afaca2ac3695940bc72b4b9f7a1b68)) -- **authn:** Make oauth2_intsropsection configurable timeout ([#370](https://github.com/ory/oathkeeper/issues/370)) +- **authn:** Make oauth2_intsropsection configurable timeout + ([#370](https://github.com/ory/oathkeeper/issues/370)) ([0a39511](https://github.com/ory/oathkeeper/commit/0a395115123e34be0dbb47608a96dad2dca5e60c)) -- **authz:** Add remote_json authorizer ([#389](https://github.com/ory/oathkeeper/issues/389)) - ([45b9f8b](https://github.com/ory/oathkeeper/commit/45b9f8b981f0227a92ff5c4001061e86afc0701f)), closes +- **authz:** Add remote_json authorizer + ([#389](https://github.com/ory/oathkeeper/issues/389)) + ([45b9f8b](https://github.com/ory/oathkeeper/commit/45b9f8b981f0227a92ff5c4001061e86afc0701f)), + closes [/github.com/ory/docs/commit/07a229701835d75e9c2e4b939badb2d5b96ae6aa#diff-c400219db6c7e4b6abab71839d9d294eR272](https://github.com//github.com/ory/docs/commit/07a229701835d75e9c2e4b939badb2d5b96ae6aa/issues/diff-c400219db6c7e4b6abab71839d9d294eR272) [#201](https://github.com/ory/oathkeeper/issues/201) - Enable OpenTracing ([#376](https://github.com/ory/oathkeeper/issues/376)) @@ -1339,7 +1597,8 @@ docs: Regenerate and update changelog ### Documentation -- Regenerate and update changelog ([95a7c09](https://github.com/ory/oathkeeper/commit/95a7c091165b8a9acebedb197208fadc04585d4a)) +- Regenerate and update changelog + ([95a7c09](https://github.com/ory/oathkeeper/commit/95a7c091165b8a9acebedb197208fadc04585d4a)) # [0.36.0-beta.1](https://github.com/ory/oathkeeper/compare/v0.35.5-beta.2...v0.36.0-beta.1) (2020-02-05) @@ -1347,30 +1606,42 @@ docs: Regenerate and update changelog ### Documentation -- Prepare ecosystem automation ([81ea56b](https://github.com/ory/oathkeeper/commit/81ea56b46da543c02c5977b27ec3671b5bcc4abe)) -- Regenerate and update changelog ([b71e48c](https://github.com/ory/oathkeeper/commit/b71e48c473bd428286473f8d8472f74187377eb2)) -- Regenerate and update changelog ([4f22e42](https://github.com/ory/oathkeeper/commit/4f22e42e1577c92b8005887dfc1a2dc48a5d392d)) -- Regenerate and update changelog ([23e053f](https://github.com/ory/oathkeeper/commit/23e053fb289e663ae00bdbf9201c2ad1a245226b)) -- Updates issue and pull request templates ([#355](https://github.com/ory/oathkeeper/issues/355)) +- Prepare ecosystem automation + ([81ea56b](https://github.com/ory/oathkeeper/commit/81ea56b46da543c02c5977b27ec3671b5bcc4abe)) +- Regenerate and update changelog + ([b71e48c](https://github.com/ory/oathkeeper/commit/b71e48c473bd428286473f8d8472f74187377eb2)) +- Regenerate and update changelog + ([4f22e42](https://github.com/ory/oathkeeper/commit/4f22e42e1577c92b8005887dfc1a2dc48a5d392d)) +- Regenerate and update changelog + ([23e053f](https://github.com/ory/oathkeeper/commit/23e053fb289e663ae00bdbf9201c2ad1a245226b)) +- Updates issue and pull request templates + ([#355](https://github.com/ory/oathkeeper/issues/355)) ([f9251ed](https://github.com/ory/oathkeeper/commit/f9251edeb0d3e482acf278040f95c3f49db5a100)) ### Features -- **ci:** Add nancy vuln scanner ([#354](https://github.com/ory/oathkeeper/issues/354)) +- **ci:** Add nancy vuln scanner + ([#354](https://github.com/ory/oathkeeper/issues/354)) ([de36e40](https://github.com/ory/oathkeeper/commit/de36e401134f09762d5815e3fe37d9cb16dd8d81)) -- **rule:** Add glob matching strategy ([#334](https://github.com/ory/oathkeeper/issues/334)) - ([5f983ab](https://github.com/ory/oathkeeper/commit/5f983ab118ce784a49a38e6024b99b8791907d4b)), closes - [#321](https://github.com/ory/oathkeeper/issues/321): +- **rule:** Add glob matching strategy + ([#334](https://github.com/ory/oathkeeper/issues/334)) + ([5f983ab](https://github.com/ory/oathkeeper/commit/5f983ab118ce784a49a38e6024b99b8791907d4b)), + closes [#321](https://github.com/ory/oathkeeper/issues/321): - This patch adds the ability to choose a matching strategy and adds a glob-based matching strategy to the available options - (regex is still the default). + This patch adds the ability to choose a matching strategy and adds a + glob-based matching strategy to the available options (regex is still the + default). ### Unclassified -- Update CHANGELOG [ci skip] ([8278b9d](https://github.com/ory/oathkeeper/commit/8278b9db8a43c57d4169e232cb9f25ef9257dd8c)) -- Update CHANGELOG [ci skip] ([17f78b7](https://github.com/ory/oathkeeper/commit/17f78b7cdf739f66de3de66199c00e82ff974826)) -- Update CHANGELOG [ci skip] ([d6f6925](https://github.com/ory/oathkeeper/commit/d6f69257b86e249c70a2e808524d43da11315a59)) -- Update CHANGELOG [ci skip] ([0e109ce](https://github.com/ory/oathkeeper/commit/0e109cee1222e8277157807d14f8b9ae7c1120d9)) +- Update CHANGELOG [ci skip] + ([8278b9d](https://github.com/ory/oathkeeper/commit/8278b9db8a43c57d4169e232cb9f25ef9257dd8c)) +- Update CHANGELOG [ci skip] + ([17f78b7](https://github.com/ory/oathkeeper/commit/17f78b7cdf739f66de3de66199c00e82ff974826)) +- Update CHANGELOG [ci skip] + ([d6f6925](https://github.com/ory/oathkeeper/commit/d6f69257b86e249c70a2e808524d43da11315a59)) +- Update CHANGELOG [ci skip] + ([0e109ce](https://github.com/ory/oathkeeper/commit/0e109cee1222e8277157807d14f8b9ae7c1120d9)) # [0.35.5-beta.2](https://github.com/ory/oathkeeper/compare/v0.35.5-beta.1...v0.35.5-beta.2) (2020-01-31) @@ -1378,8 +1649,10 @@ Update README.md ### Unclassified -- Update README.md ([a40c613](https://github.com/ory/oathkeeper/commit/a40c613582add4742e245516f5b4fdef31be7cb0)) -- Update CHANGELOG [ci skip] ([963d60d](https://github.com/ory/oathkeeper/commit/963d60d802a56b87390bfdb10632b7e5754398aa)) +- Update README.md + ([a40c613](https://github.com/ory/oathkeeper/commit/a40c613582add4742e245516f5b4fdef31be7cb0)) +- Update CHANGELOG [ci skip] + ([963d60d](https://github.com/ory/oathkeeper/commit/963d60d802a56b87390bfdb10632b7e5754398aa)) # [0.35.5-beta.1](https://github.com/ory/oathkeeper/compare/v0.35.4-beta.1...v0.35.5-beta.1) (2020-01-27) @@ -1388,10 +1661,12 @@ Hash enabled check to further improve performance (#353) ### Unclassified - Hash enabled check to further improve performance (#353) - ([19099cb](https://github.com/ory/oathkeeper/commit/19099cb86ea236ef503c1274393dd17fd11041ae)), closes - [#353](https://github.com/ory/oathkeeper/issues/353) -- Update CHANGELOG [ci skip] ([6afdeae](https://github.com/ory/oathkeeper/commit/6afdeae82260db0905f2e14a36ff23da59bdb29f)) -- Update CHANGELOG [ci skip] ([3226ae6](https://github.com/ory/oathkeeper/commit/3226ae6d69837ae64d357e92236153c32c19e2cf)) + ([19099cb](https://github.com/ory/oathkeeper/commit/19099cb86ea236ef503c1274393dd17fd11041ae)), + closes [#353](https://github.com/ory/oathkeeper/issues/353) +- Update CHANGELOG [ci skip] + ([6afdeae](https://github.com/ory/oathkeeper/commit/6afdeae82260db0905f2e14a36ff23da59bdb29f)) +- Update CHANGELOG [ci skip] + ([3226ae6](https://github.com/ory/oathkeeper/commit/3226ae6d69837ae64d357e92236153c32c19e2cf)) # [0.35.4-beta.1](https://github.com/ory/oathkeeper/compare/v0.35.3-beta.1...v0.35.4-beta.1) (2020-01-26) @@ -1400,8 +1675,8 @@ Update release pipeline and tests (#351) ### Unclassified - Update release pipeline and tests (#351) - ([c7d81a9](https://github.com/ory/oathkeeper/commit/c7d81a99243a2adb1387ada12550303c76ae9768)), closes - [#351](https://github.com/ory/oathkeeper/issues/351) + ([c7d81a9](https://github.com/ory/oathkeeper/commit/c7d81a99243a2adb1387ada12550303c76ae9768)), + closes [#351](https://github.com/ory/oathkeeper/issues/351) # [0.35.3-beta.1](https://github.com/ory/oathkeeper/compare/v0.35.1-beta.1...v0.35.3-beta.1) (2020-01-26) @@ -1409,32 +1684,44 @@ Update CHANGELOG [ci skip] ### Documentation -- Updates issue and pull request templates ([#341](https://github.com/ory/oathkeeper/issues/341)) +- Updates issue and pull request templates + ([#341](https://github.com/ory/oathkeeper/issues/341)) ([eca2652](https://github.com/ory/oathkeeper/commit/eca26527f64cb80b8df2df96910a33f993d9af37)) ### Unclassified -- Update CHANGELOG [ci skip] ([518b765](https://github.com/ory/oathkeeper/commit/518b76578519786921ef0d209f3f83dcfd6f217b)) -- Update SDK ([5e619a0](https://github.com/ory/oathkeeper/commit/5e619a03687cbfe71b559d8945062a3fa4a5e4f3)) -- Update CHANGELOG [ci skip] ([495adcf](https://github.com/ory/oathkeeper/commit/495adcf2af7c2f161c9845cb358ef33f9afb42f3)) +- Update CHANGELOG [ci skip] + ([518b765](https://github.com/ory/oathkeeper/commit/518b76578519786921ef0d209f3f83dcfd6f217b)) +- Update SDK + ([5e619a0](https://github.com/ory/oathkeeper/commit/5e619a03687cbfe71b559d8945062a3fa4a5e4f3)) +- Update CHANGELOG [ci skip] + ([495adcf](https://github.com/ory/oathkeeper/commit/495adcf2af7c2f161c9845cb358ef33f9afb42f3)) - Use integer instead of number in config JSON schema ([280b42f](https://github.com/ory/oathkeeper/commit/280b42fdedc0305b40398a2a213848d64d52e6c0)) -- Update CHANGELOG [ci skip] ([b72965f](https://github.com/ory/oathkeeper/commit/b72965fce04941733f45277777349cfad6f41062)) -- Update SDK ([aedabd9](https://github.com/ory/oathkeeper/commit/aedabd9834bb3a316b211f82cc4d9d9f90ab3bd6)) +- Update CHANGELOG [ci skip] + ([b72965f](https://github.com/ory/oathkeeper/commit/b72965fce04941733f45277777349cfad6f41062)) +- Update SDK + ([aedabd9](https://github.com/ory/oathkeeper/commit/aedabd9834bb3a316b211f82cc4d9d9f90ab3bd6)) - Set min/max for port range in config JSON Schema (#345) - ([d7d696f](https://github.com/ory/oathkeeper/commit/d7d696f62e91cf9d0300a1af8e2fd70676164ec6)), closes - [#345](https://github.com/ory/oathkeeper/issues/345) -- Update CHANGELOG [ci skip] ([8e4d58c](https://github.com/ory/oathkeeper/commit/8e4d58ce809dd10e98a3ad3530cdd81b24a967f0)) + ([d7d696f](https://github.com/ory/oathkeeper/commit/d7d696f62e91cf9d0300a1af8e2fd70676164ec6)), + closes [#345](https://github.com/ory/oathkeeper/issues/345) +- Update CHANGELOG [ci skip] + ([8e4d58c](https://github.com/ory/oathkeeper/commit/8e4d58ce809dd10e98a3ad3530cdd81b24a967f0)) - Fix profiling env variable not being picked up (#343) - ([29b0cf1](https://github.com/ory/oathkeeper/commit/29b0cf14de575434ce94def5e6031b76e28042de)), closes - [#343](https://github.com/ory/oathkeeper/issues/343) -- Update CHANGELOG [ci skip] ([e7a5d89](https://github.com/ory/oathkeeper/commit/e7a5d8928d9ef4def4bf53063c24b27d07e08946)) -- Update CHANGELOG [ci skip] ([abc00d4](https://github.com/ory/oathkeeper/commit/abc00d46ec26debe6983f11e3a013865c969e6e6)) -- Update SDK ([a237c29](https://github.com/ory/oathkeeper/commit/a237c2975efc34fc63a2fdb302b1086d072d2146)) -- Update broken links in README ([78e498c](https://github.com/ory/oathkeeper/commit/78e498c0eb24380671364d333447abd0f25de1e8)) -- Cache pipeline config and improve request latency ([#348](https://github.com/ory/oathkeeper/issues/348)) - ([95673ed](https://github.com/ory/oathkeeper/commit/95673eddf02968250359067a3fe887adb46c2be6)), closes - [#346](https://github.com/ory/oathkeeper/issues/346) + ([29b0cf1](https://github.com/ory/oathkeeper/commit/29b0cf14de575434ce94def5e6031b76e28042de)), + closes [#343](https://github.com/ory/oathkeeper/issues/343) +- Update CHANGELOG [ci skip] + ([e7a5d89](https://github.com/ory/oathkeeper/commit/e7a5d8928d9ef4def4bf53063c24b27d07e08946)) +- Update CHANGELOG [ci skip] + ([abc00d4](https://github.com/ory/oathkeeper/commit/abc00d46ec26debe6983f11e3a013865c969e6e6)) +- Update SDK + ([a237c29](https://github.com/ory/oathkeeper/commit/a237c2975efc34fc63a2fdb302b1086d072d2146)) +- Update broken links in README + ([78e498c](https://github.com/ory/oathkeeper/commit/78e498c0eb24380671364d333447abd0f25de1e8)) +- Cache pipeline config and improve request latency + ([#348](https://github.com/ory/oathkeeper/issues/348)) + ([95673ed](https://github.com/ory/oathkeeper/commit/95673eddf02968250359067a3fe887adb46c2be6)), + closes [#346](https://github.com/ory/oathkeeper/issues/346) # [0.35.1-beta.1](https://github.com/ory/oathkeeper/compare/v0.35.0-beta.1...v0.35.1-beta.1) (2020-01-14) @@ -1442,7 +1729,8 @@ Update CHANGELOG [ci skip] ### Unclassified -- Update CHANGELOG [ci skip] ([63b0076](https://github.com/ory/oathkeeper/commit/63b0076a264537ffd22f6f787c508598306c8661)) +- Update CHANGELOG [ci skip] + ([63b0076](https://github.com/ory/oathkeeper/commit/63b0076a264537ffd22f6f787c508598306c8661)) # [0.35.0-beta.1](https://github.com/ory/oathkeeper/compare/v0.35.0-alpha.1...v0.35.0-beta.1) (2020-01-13) @@ -1461,34 +1749,44 @@ Update CHANGELOG [ci skip] ### Unclassified -- Update CHANGELOG [ci skip] ([f0e8ecf](https://github.com/ory/oathkeeper/commit/f0e8ecfc416d342985436b61a20e3d52c642e280)) -- Update SDK ([6a0a0f8](https://github.com/ory/oathkeeper/commit/6a0a0f81bcda1417f7530fe85cd01c2862956328)) -- Update upgrade guide (#337) ([99e9877](https://github.com/ory/oathkeeper/commit/99e98770dd764005e1967daf739dd23974384d19)), +- Update CHANGELOG [ci skip] + ([f0e8ecf](https://github.com/ory/oathkeeper/commit/f0e8ecfc416d342985436b61a20e3d52c642e280)) +- Update SDK + ([6a0a0f8](https://github.com/ory/oathkeeper/commit/6a0a0f81bcda1417f7530fe85cd01c2862956328)) +- Update upgrade guide (#337) + ([99e9877](https://github.com/ory/oathkeeper/commit/99e98770dd764005e1967daf739dd23974384d19)), closes [#337](https://github.com/ory/oathkeeper/issues/337) -- Update CHANGELOG [ci skip] ([2e13a05](https://github.com/ory/oathkeeper/commit/2e13a057da6fc626e9e856548746174c3ef7c2e7)) +- Update CHANGELOG [ci skip] + ([2e13a05](https://github.com/ory/oathkeeper/commit/2e13a057da6fc626e9e856548746174c3ef7c2e7)) - Remove superfluous version from workflows ([55037fa](https://github.com/ory/oathkeeper/commit/55037fa0341a35992285d53be398ccf239b2fb58)) -- Update CHANGELOG [ci skip] ([dfbc231](https://github.com/ory/oathkeeper/commit/dfbc231b8e2370089b2605a76252333b488bbc37)) -- Update SDK ([65222d5](https://github.com/ory/oathkeeper/commit/65222d55494b8b3a91e6c0cbe43a2d922f7c753b)) -- Move to new SDK pipeline (#333) ([6940dc8](https://github.com/ory/oathkeeper/commit/6940dc8de74de9c8be9f872df7cf3bc4bc079aa9)), +- Update CHANGELOG [ci skip] + ([dfbc231](https://github.com/ory/oathkeeper/commit/dfbc231b8e2370089b2605a76252333b488bbc37)) +- Update SDK + ([65222d5](https://github.com/ory/oathkeeper/commit/65222d55494b8b3a91e6c0cbe43a2d922f7c753b)) +- Move to new SDK pipeline (#333) + ([6940dc8](https://github.com/ory/oathkeeper/commit/6940dc8de74de9c8be9f872df7cf3bc4bc079aa9)), closes [#333](https://github.com/ory/oathkeeper/issues/333) - authn/cookie_session: Add subject_from modifier (#336) - ([6723fb8](https://github.com/ory/oathkeeper/commit/6723fb834c386b72e9525d2dfd661e684bd915d3)), closes - [#336](https://github.com/ory/oathkeeper/issues/336): + ([6723fb8](https://github.com/ory/oathkeeper/commit/6723fb834c386b72e9525d2dfd661e684bd915d3)), + closes [#336](https://github.com/ory/oathkeeper/issues/336): - The subject_from modifier is a GJSON path that points to the `subject` field. Useful if the upstream API does not return a - `{"subject": "..."}` format. + The subject_from modifier is a GJSON path that points to the `subject` field. + Useful if the upstream API does not return a `{"subject": "..."}` format. - authn/cookie_session: Add extra_from modifier (#335) - ([ee2b9e7](https://github.com/ory/oathkeeper/commit/ee2b9e743f4f6c56563d791947ffb592cc13394e)), closes - [#335](https://github.com/ory/oathkeeper/issues/335): - - The extra_from modifier is a GJSON path that points to the extra field. Useful if the upstream API does not return a - `{"subject": "...", "extra": "..."}` format. - -- pipeline/authn: Add tests for cookie sources in jwt and oauth2_intro (#330) (#331) - ([7516eed](https://github.com/ory/oathkeeper/commit/7516eedc1ea97242a18225365898e0cbeafcffbf)), closes - [#330](https://github.com/ory/oathkeeper/issues/330) [#331](https://github.com/ory/oathkeeper/issues/331) + ([ee2b9e7](https://github.com/ory/oathkeeper/commit/ee2b9e743f4f6c56563d791947ffb592cc13394e)), + closes [#335](https://github.com/ory/oathkeeper/issues/335): + + The extra_from modifier is a GJSON path that points to the extra field. Useful + if the upstream API does not return a `{"subject": "...", "extra": "..."}` + format. + +- pipeline/authn: Add tests for cookie sources in jwt and oauth2_intro (#330) + (#331) + ([7516eed](https://github.com/ory/oathkeeper/commit/7516eedc1ea97242a18225365898e0cbeafcffbf)), + closes [#330](https://github.com/ory/oathkeeper/issues/330) + [#331](https://github.com/ory/oathkeeper/issues/331) [#330](https://github.com/ory/oathkeeper/issues/330): Also updates the schemas to add missing cookie config element. @@ -1511,24 +1809,30 @@ Prepare v0.34.0-beta.1+oryOS.14 release - Prepare v0.34.0-beta.1+oryOS.14 release ([96f77b2](https://github.com/ory/oathkeeper/commit/96f77b24d8adb160d5c2c3db2f2432e206b99c77)) - pipe/err: Improve IP and MIME matching (#323) - ([7e6f636](https://github.com/ory/oathkeeper/commit/7e6f6369f4acc33211d78f2acb1036c610286c2c)), closes - [#323](https://github.com/ory/oathkeeper/issues/323): + ([7e6f636](https://github.com/ory/oathkeeper/commit/7e6f6369f4acc33211d78f2acb1036c610286c2c)), + closes [#323](https://github.com/ory/oathkeeper/issues/323): - Previously, MIME matching respected the request's wildcards which lead to multiple handlers feeling responsible for a particular - request. Now, wildcards coming from the HTTP Request itself are interpreted literally. + Previously, MIME matching respected the request's wildcards which lead to + multiple handlers feeling responsible for a particular request. Now, wildcards + coming from the HTTP Request itself are interpreted literally. - Additionally, ORY Oathkeeper respected the X-Forwarded-For HTTP Header for matching remote IP addresses. This behavior is now - turned off by default because clients were able to fake this header otherwise. It can explicitly be turned on by setting + Additionally, ORY Oathkeeper respected the X-Forwarded-For HTTP Header for + matching remote IP addresses. This behavior is now turned off by default + because clients were able to fake this header otherwise. It can explicitly be + turned on by setting `config.when.#.request.remote_ip.RespectForwardedForHeader: true`. - Add customizable error handlers (#322) - ([4033321](https://github.com/ory/oathkeeper/commit/4033321b13671de8d0d5a42846a4e19d6065db62)), closes - [#322](https://github.com/ory/oathkeeper/issues/322) [#204](https://github.com/ory/oathkeeper/issues/204) - [#252](https://github.com/ory/oathkeeper/issues/252) [#119](https://github.com/ory/oathkeeper/issues/119): + ([4033321](https://github.com/ory/oathkeeper/commit/4033321b13671de8d0d5a42846a4e19d6065db62)), + closes [#322](https://github.com/ory/oathkeeper/issues/322) + [#204](https://github.com/ory/oathkeeper/issues/204) + [#252](https://github.com/ory/oathkeeper/issues/252) + [#119](https://github.com/ory/oathkeeper/issues/119): - This patch adds a new feature called error handlers. It allows to define the error handling logic globally and per rule. It is - now possible, for example, to return a JSON response for `Accept: application/json` requests and a HTTP Redirect response for - requests that are coming from a user. + This patch adds a new feature called error handlers. It allows to define the + error handling logic globally and per rule. It is now possible, for example, + to return a JSON response for `Accept: application/json` requests and a HTTP + Redirect response for requests that are coming from a user. This also resolves several issues, as noted below: @@ -1552,43 +1856,53 @@ docs: Incorporates changes from version v0.33.0-beta.1-12-g0dd3fe3 [ci skip] ### Unclassified - Properly merge env vars into pipeline configs (#320) - ([3e7936a](https://github.com/ory/oathkeeper/commit/3e7936a41150f367003c81c208910fdb77f556d9)), closes - [#320](https://github.com/ory/oathkeeper/issues/320) [#305](https://github.com/ory/oathkeeper/issues/305) + ([3e7936a](https://github.com/ory/oathkeeper/commit/3e7936a41150f367003c81c208910fdb77f556d9)), + closes [#320](https://github.com/ory/oathkeeper/issues/320) + [#305](https://github.com/ory/oathkeeper/issues/305) [#317](https://github.com/ory/oathkeeper/issues/317): - Previously, some keys did not respect the values set in the environment variables. + Previously, some keys did not respect the values set in the environment + variables. - Add alpine-based Docker image (#318) - ([815951b](https://github.com/ory/oathkeeper/commit/815951bb039937acc7be3f8b1b2bb06fe9ecac90)), closes - [#318](https://github.com/ory/oathkeeper/issues/318) [#312](https://github.com/ory/oathkeeper/issues/312) + ([815951b](https://github.com/ory/oathkeeper/commit/815951bb039937acc7be3f8b1b2bb06fe9ecac90)), + closes [#318](https://github.com/ory/oathkeeper/issues/318) + [#312](https://github.com/ory/oathkeeper/issues/312) - Add more details to decision logging (#316) - ([f60f525](https://github.com/ory/oathkeeper/commit/f60f52538ff6e66ea98afc89c6c6557ab8c5f93f)), closes - [#316](https://github.com/ory/oathkeeper/issues/316) [#244](https://github.com/ory/oathkeeper/issues/244) + ([f60f525](https://github.com/ory/oathkeeper/commit/f60f52538ff6e66ea98afc89c6c6557ab8c5f93f)), + closes [#316](https://github.com/ory/oathkeeper/issues/316) + [#244](https://github.com/ory/oathkeeper/issues/244) [#242](https://github.com/ory/oathkeeper/issues/242): - Adds details such as the HTTP Method, User Agent, Subject, and other information to the logging output of both the reverse proxy - and the decision API. + Adds details such as the HTTP Method, User Agent, Subject, and other + information to the logging output of both the reverse proxy and the decision + API. -- Add health check commands ([#319](https://github.com/ory/oathkeeper/issues/319)) +- Add health check commands + ([#319](https://github.com/ory/oathkeeper/issues/319)) ([0dd3fe3](https://github.com/ory/oathkeeper/commit/0dd3fe32a4c76b3b2c14a17108521eb51e5e4ff0)) -- Health endpoints now emit TRACE logs ([#314](https://github.com/ory/oathkeeper/issues/314)) - ([9036f8e](https://github.com/ory/oathkeeper/commit/9036f8eec3f264f7bcae46b44286367b8521802a)), closes - [#283](https://github.com/ory/oathkeeper/issues/283): - - Remove health endpoints from the logs to make monitoring easier. Setting `log_level` to `trace` will show these calls. - -- Improve session endpoint debugability ([#315](https://github.com/ory/oathkeeper/issues/315)) - ([2718639](https://github.com/ory/oathkeeper/commit/27186396ccff4ee3a7f8f0a4c703263fcc55afae)), closes - [#300](https://github.com/ory/oathkeeper/issues/300) +- Health endpoints now emit TRACE logs + ([#314](https://github.com/ory/oathkeeper/issues/314)) + ([9036f8e](https://github.com/ory/oathkeeper/commit/9036f8eec3f264f7bcae46b44286367b8521802a)), + closes [#283](https://github.com/ory/oathkeeper/issues/283): + + Remove health endpoints from the logs to make monitoring easier. Setting + `log_level` to `trace` will show these calls. + +- Improve session endpoint debugability + ([#315](https://github.com/ory/oathkeeper/issues/315)) + ([2718639](https://github.com/ory/oathkeeper/commit/27186396ccff4ee3a7f8f0a4c703263fcc55afae)), + closes [#300](https://github.com/ory/oathkeeper/issues/300) - Resolve matcher cache ([#313](https://github.com/ory/oathkeeper/issues/313)) - ([1519632](https://github.com/ory/oathkeeper/commit/15196326d2436c2d849d955bf5050766ae6dff0c)), closes - [#291](https://github.com/ory/oathkeeper/issues/291): + ([1519632](https://github.com/ory/oathkeeper/commit/15196326d2436c2d849d955bf5050766ae6dff0c)), + closes [#291](https://github.com/ory/oathkeeper/issues/291): A bug caused the rule matcher to not cache the regular expression result. -- Use bearer splitting when header is set to Authorization ([#311](https://github.com/ory/oathkeeper/issues/311)) - ([464fa31](https://github.com/ory/oathkeeper/commit/464fa319e84953835b71e16360bab3016b8bfc64)), closes - [#308](https://github.com/ory/oathkeeper/issues/308) +- Use bearer splitting when header is set to Authorization + ([#311](https://github.com/ory/oathkeeper/issues/311)) + ([464fa31](https://github.com/ory/oathkeeper/commit/464fa319e84953835b71e16360bab3016b8bfc64)), + closes [#308](https://github.com/ory/oathkeeper/issues/308) # [0.33.0-beta.1](https://github.com/ory/oathkeeper/compare/v0.32.1-beta.1...v0.33.0-beta.1) (2019-12-16) @@ -1604,19 +1918,21 @@ pipeline/mutator: Refactor hydrator retry config (#287) ### Unclassified - pipeline/mutator: Refactor hydrator retry config (#287) - ([2a97e05](https://github.com/ory/oathkeeper/commit/2a97e051a98da588aa8125bc0c6681e2d39c48ef)), closes - [#287](https://github.com/ory/oathkeeper/issues/287) -- Update README banner (#307) ([f028719](https://github.com/ory/oathkeeper/commit/f028719f054e314045f9830c016bfbde5bf04110)), + ([2a97e05](https://github.com/ory/oathkeeper/commit/2a97e051a98da588aa8125bc0c6681e2d39c48ef)), + closes [#287](https://github.com/ory/oathkeeper/issues/287) +- Update README banner (#307) + ([f028719](https://github.com/ory/oathkeeper/commit/f028719f054e314045f9830c016bfbde5bf04110)), closes [#307](https://github.com/ory/oathkeeper/issues/307) - Add cookie as an option for oauth2_introspection authenticator (#301) - ([e3fa55a](https://github.com/ory/oathkeeper/commit/e3fa55a77f020fcdb55a8b363b2196570f080d16)), closes - [#301](https://github.com/ory/oathkeeper/issues/301) -- Add preserve_path option for cookie session to not override the path in the request (#297) - ([7e86b78](https://github.com/ory/oathkeeper/commit/7e86b78355447cfbbfd83d04dcc2bf7c942dfc67)), closes - [#297](https://github.com/ory/oathkeeper/issues/297) + ([e3fa55a](https://github.com/ory/oathkeeper/commit/e3fa55a77f020fcdb55a8b363b2196570f080d16)), + closes [#301](https://github.com/ory/oathkeeper/issues/301) +- Add preserve_path option for cookie session to not override the path in the + request (#297) + ([7e86b78](https://github.com/ory/oathkeeper/commit/7e86b78355447cfbbfd83d04dcc2bf7c942dfc67)), + closes [#297](https://github.com/ory/oathkeeper/issues/297) - Allow specifying additional headers for the oauth introspection request (#302) - ([b1e5cea](https://github.com/ory/oathkeeper/commit/b1e5cea5245c07142b6b34f2660ed41e6239b79f)), closes - [#302](https://github.com/ory/oathkeeper/issues/302) + ([b1e5cea](https://github.com/ory/oathkeeper/commit/b1e5cea5245c07142b6b34f2660ed41e6239b79f)), + closes [#302](https://github.com/ory/oathkeeper/issues/302) # [0.32.1-beta.1](https://github.com/ory/oathkeeper/compare/v0.32.0-beta.1...v0.32.1-beta.1) (2019-10-30) @@ -1624,7 +1940,8 @@ docs: Incorporates changes from version v0.32.0-beta.1-13-g1910bbe [ci skip] ### Documentation -- Add notes for 0.32.0 ([40e3b89](https://github.com/ory/oathkeeper/commit/40e3b891b99a41bee4b7be1a2cf7463bfb64f8db)) +- Add notes for 0.32.0 + ([40e3b89](https://github.com/ory/oathkeeper/commit/40e3b891b99a41bee4b7be1a2cf7463bfb64f8db)) - Incorporates changes from version v0.32.0-beta.1 [ci skip] ([f3a0e53](https://github.com/ory/oathkeeper/commit/f3a0e53762d31a1f7155ef75f08d7853aa6ec524)) - Incorporates changes from version v0.32.0-beta.1-11-g7892d2f [ci skip] @@ -1639,27 +1956,35 @@ docs: Incorporates changes from version v0.32.0-beta.1-13-g1910bbe [ci skip] ### Unclassified - pipeline/authz: Add Content-Type header in the call to Keto (#290) - ([1910bbe](https://github.com/ory/oathkeeper/commit/1910bbedc215c2b18c018cf9a5d5f86b6b3411c3)), closes - [#290](https://github.com/ory/oathkeeper/issues/290) -- Revert incorrect license changes ([7892d2f](https://github.com/ory/oathkeeper/commit/7892d2f4024525c5e3f20e6237b18d0fbe36200d)) + ([1910bbe](https://github.com/ory/oathkeeper/commit/1910bbedc215c2b18c018cf9a5d5f86b6b3411c3)), + closes [#290](https://github.com/ory/oathkeeper/issues/290) +- Revert incorrect license changes + ([7892d2f](https://github.com/ory/oathkeeper/commit/7892d2f4024525c5e3f20e6237b18d0fbe36200d)) - Revert readme changes to last working version ([08d42da](https://github.com/ory/oathkeeper/commit/08d42dac81a8d71f3b7ab926a8b09abe7b305b5e)) - Remove obsolete section from README ([aa8deef](https://github.com/ory/oathkeeper/commit/aa8deefc02848a4c90bf06365b7a37d71eb9c72f)) -- Fix broken readme headlines ([2e8109a](https://github.com/ory/oathkeeper/commit/2e8109a4fa1b53e83e86897de6890c910d4b77ff)) +- Fix broken readme headlines + ([2e8109a](https://github.com/ory/oathkeeper/commit/2e8109a4fa1b53e83e86897de6890c910d4b77ff)) - Auto-kill test runner after 10 retries (#286) - ([eaad598](https://github.com/ory/oathkeeper/commit/eaad59866349bebdeaed72e068a9ce6752b25cef)), closes - [#286](https://github.com/ory/oathkeeper/issues/286) + ([eaad598](https://github.com/ory/oathkeeper/commit/eaad59866349bebdeaed72e068a9ce6752b25cef)), + closes [#286](https://github.com/ory/oathkeeper/issues/286) - Dereference config schema and resolve issues (#282) - ([8cf6868](https://github.com/ory/oathkeeper/commit/8cf6868b3e925e686769d43c912d5e52c6589a9b)), closes - [#282](https://github.com/ory/oathkeeper/issues/282) [ory/docs#217](https://github.com/ory/docs/issues/217) - [#234](https://github.com/ory/oathkeeper/issues/234) [#281](https://github.com/ory/oathkeeper/issues/281) -- Update ory/x/viperx dependency ([#285](https://github.com/ory/oathkeeper/issues/285)) - ([0ef3bce](https://github.com/ory/oathkeeper/commit/0ef3bce92a3c17a6cffc794f2b08859f0852ee5d)), closes - [#276](https://github.com/ory/oathkeeper/issues/276) [#270](https://github.com/ory/oathkeeper/issues/270) - [#279](https://github.com/ory/oathkeeper/issues/279) [#280](https://github.com/ory/oathkeeper/issues/280): - - This patch automatically binds environment variables to configuration keys. This patch resolves several issues: + ([8cf6868](https://github.com/ory/oathkeeper/commit/8cf6868b3e925e686769d43c912d5e52c6589a9b)), + closes [#282](https://github.com/ory/oathkeeper/issues/282) + [ory/docs#217](https://github.com/ory/docs/issues/217) + [#234](https://github.com/ory/oathkeeper/issues/234) + [#281](https://github.com/ory/oathkeeper/issues/281) +- Update ory/x/viperx dependency + ([#285](https://github.com/ory/oathkeeper/issues/285)) + ([0ef3bce](https://github.com/ory/oathkeeper/commit/0ef3bce92a3c17a6cffc794f2b08859f0852ee5d)), + closes [#276](https://github.com/ory/oathkeeper/issues/276) + [#270](https://github.com/ory/oathkeeper/issues/270) + [#279](https://github.com/ory/oathkeeper/issues/279) + [#280](https://github.com/ory/oathkeeper/issues/280): + + This patch automatically binds environment variables to configuration keys. + This patch resolves several issues: # [0.32.0-beta.1](https://github.com/ory/oathkeeper/compare/v0.31.0-beta.1...v0.32.0-beta.1) (2019-10-20) @@ -1686,27 +2011,34 @@ docs: Incorporates changes from version v0.30.0-beta.1 [ci skip] ### Unclassified - pipeline/authn: Add token_from config to introspection and jwt (#271) - ([fc85ac8](https://github.com/ory/oathkeeper/commit/fc85ac854c3fb4cdd96bbae650f7355400431eac)), closes - [#271](https://github.com/ory/oathkeeper/issues/271) [#257](https://github.com/ory/oathkeeper/issues/257): - - Add additional optional configuration to jwt and oauth2_introspection authenticators allowing to set from where (which header or - query parameter) the token should be received. The configuration is a token_from field in per-rule-configuration, as described - in a linked issue. - -- Update UPGRADE.md ([4e4bd93](https://github.com/ory/oathkeeper/commit/4e4bd93695a14b453a895fd2c20eca416307dcee)) -- Update upgrade instructions ([7483d1c](https://github.com/ory/oathkeeper/commit/7483d1cf9344058ddc12efabdb00f5b5b8b41f48)) -- Add migration capabilities ([#268](https://github.com/ory/oathkeeper/issues/268)) - ([bc74e72](https://github.com/ory/oathkeeper/commit/bc74e726712c77955d2013979770c2724af17f20)), closes - [#266](https://github.com/ory/oathkeeper/issues/266): + ([fc85ac8](https://github.com/ory/oathkeeper/commit/fc85ac854c3fb4cdd96bbae650f7355400431eac)), + closes [#271](https://github.com/ory/oathkeeper/issues/271) + [#257](https://github.com/ory/oathkeeper/issues/257): + + Add additional optional configuration to jwt and oauth2_introspection + authenticators allowing to set from where (which header or query parameter) + the token should be received. The configuration is a token_from field in + per-rule-configuration, as described in a linked issue. + +- Update UPGRADE.md + ([4e4bd93](https://github.com/ory/oathkeeper/commit/4e4bd93695a14b453a895fd2c20eca416307dcee)) +- Update upgrade instructions + ([7483d1c](https://github.com/ory/oathkeeper/commit/7483d1cf9344058ddc12efabdb00f5b5b8b41f48)) +- Add migration capabilities + ([#268](https://github.com/ory/oathkeeper/issues/268)) + ([bc74e72](https://github.com/ory/oathkeeper/commit/bc74e726712c77955d2013979770c2724af17f20)), + closes [#266](https://github.com/ory/oathkeeper/issues/266): Adds the ability to modify rules with backwards compatibility. -- Change error code from 403 to 401 ([#259](https://github.com/ory/oathkeeper/issues/259)) - ([c17e564](https://github.com/ory/oathkeeper/commit/c17e564cc2427a0ab1f7d2eb2d2b7cb95e34f88b)), closes - [#256](https://github.com/ory/oathkeeper/issues/256) -- Force auth style in oauth2 client credentials authn ([#267](https://github.com/ory/oathkeeper/issues/267)) - ([97d7890](https://github.com/ory/oathkeeper/commit/97d789097b47b50117421f8f4ebd32182de4195c)), closes - [#260](https://github.com/ory/oathkeeper/issues/260) +- Change error code from 403 to 401 + ([#259](https://github.com/ory/oathkeeper/issues/259)) + ([c17e564](https://github.com/ory/oathkeeper/commit/c17e564cc2427a0ab1f7d2eb2d2b7cb95e34f88b)), + closes [#256](https://github.com/ory/oathkeeper/issues/256) +- Force auth style in oauth2 client credentials authn + ([#267](https://github.com/ory/oathkeeper/issues/267)) + ([97d7890](https://github.com/ory/oathkeeper/commit/97d789097b47b50117421f8f4ebd32182de4195c)), + closes [#260](https://github.com/ory/oathkeeper/issues/260) # [0.19.0-beta.1](https://github.com/ory/oathkeeper/compare/v0.18.0-beta.1...v0.19.0-beta.1) (2019-09-23) @@ -1714,15 +2046,18 @@ Fix id_token schema reference URL ### Unclassified -- Fix id_token schema reference URL ([72a2333](https://github.com/ory/oathkeeper/commit/72a23333d67f01d2474603f6ba9e5b1e97605a95)) -- Resolve broken tests (#262) ([bc67cc1](https://github.com/ory/oathkeeper/commit/bc67cc18b4e32331f86bc8b10f1947a812be6b7e)), +- Fix id_token schema reference URL + ([72a2333](https://github.com/ory/oathkeeper/commit/72a23333d67f01d2474603f6ba9e5b1e97605a95)) +- Resolve broken tests (#262) + ([bc67cc1](https://github.com/ory/oathkeeper/commit/bc67cc18b4e32331f86bc8b10f1947a812be6b7e)), closes [#262](https://github.com/ory/oathkeeper/issues/262) - Homogenize configuration management (#258) - ([89709aa](https://github.com/ory/oathkeeper/commit/89709aabfe002fc5ae2e76016fc45a13d74f3d8b)), closes - [#258](https://github.com/ory/oathkeeper/issues/258) + ([89709aa](https://github.com/ory/oathkeeper/commit/89709aabfe002fc5ae2e76016fc45a13d74f3d8b)), + closes [#258](https://github.com/ory/oathkeeper/issues/258) - Fix #250: Ignore query parameters to build payload for Keto engine (#251) - ([d0fc7f4](https://github.com/ory/oathkeeper/commit/d0fc7f4c6a9377ff3f2466d5860c12247202e646)), closes - [#250](https://github.com/ory/oathkeeper/issues/250) [#251](https://github.com/ory/oathkeeper/issues/251) + ([d0fc7f4](https://github.com/ory/oathkeeper/commit/d0fc7f4c6a9377ff3f2466d5860c12247202e646)), + closes [#250](https://github.com/ory/oathkeeper/issues/250) + [#251](https://github.com/ory/oathkeeper/issues/251) # [0.18.0-beta.1](https://github.com/ory/oathkeeper/compare/v0.17.4-beta.1...v0.18.0-beta.1) (2019-08-22) @@ -1734,27 +2069,33 @@ mutator/id_token: Add claim templating (#246) ([370eb37](https://github.com/ory/oathkeeper/commit/370eb3745630631e96ff6c0de61ab86b2832a3f5)) - Incorporates changes from version v0.17.5-beta.1 ([f7beddc](https://github.com/ory/oathkeeper/commit/f7beddccfcc0bfb52805382278758e347cc1dc2c)) -- Updates issue and pull request templates ([#237](https://github.com/ory/oathkeeper/issues/237)) +- Updates issue and pull request templates + ([#237](https://github.com/ory/oathkeeper/issues/237)) ([6181ee5](https://github.com/ory/oathkeeper/commit/6181ee5c14fbcc1b3b844d9f301a5df90dcf6a8b)) -- Updates issue and pull request templates ([#238](https://github.com/ory/oathkeeper/issues/238)) +- Updates issue and pull request templates + ([#238](https://github.com/ory/oathkeeper/issues/238)) ([6f83cda](https://github.com/ory/oathkeeper/commit/6f83cda6ce855ed09ec3f553eaaf644e0d853634)) -- Updates issue and pull request templates ([#239](https://github.com/ory/oathkeeper/issues/239)) +- Updates issue and pull request templates + ([#239](https://github.com/ory/oathkeeper/issues/239)) ([2e0b3ef](https://github.com/ory/oathkeeper/commit/2e0b3ef28bf3b2e8c6225d5e407a3f9b1487ccea)) -- Updates issue and pull request templates ([#245](https://github.com/ory/oathkeeper/issues/245)) +- Updates issue and pull request templates + ([#245](https://github.com/ory/oathkeeper/issues/245)) ([f140837](https://github.com/ory/oathkeeper/commit/f140837a7181f3e2c0a209e6dd47a534be08c1f8)) ### Unclassified - mutator/id_token: Add claim templating (#246) - ([591f524](https://github.com/ory/oathkeeper/commit/591f5249f3d8ba314cf7e914926bfbd0300e7589)), closes - [#246](https://github.com/ory/oathkeeper/issues/246) + ([591f524](https://github.com/ory/oathkeeper/commit/591f5249f3d8ba314cf7e914926bfbd0300e7589)), + closes [#246](https://github.com/ory/oathkeeper/issues/246) - Add mutator for modifying authenticationSession with external API (#240) - ([b38b0f4](https://github.com/ory/oathkeeper/commit/b38b0f4d4cd5148ebe0858558f410b4f0c367be1)), closes - [#240](https://github.com/ory/oathkeeper/issues/240) + ([b38b0f4](https://github.com/ory/oathkeeper/commit/b38b0f4d4cd5148ebe0858558f410b4f0c367be1)), + closes [#240](https://github.com/ory/oathkeeper/issues/240) - Support multiple mutators per access rule (#233) - ([d21179d](https://github.com/ory/oathkeeper/commit/d21179dd25543662075be402f6e24e1ee20d2754)), closes - [#233](https://github.com/ory/oathkeeper/issues/233) [#233](https://github.com/ory/oathkeeper/issues/233) -- Add adopters placeholder ([#236](https://github.com/ory/oathkeeper/issues/236)) + ([d21179d](https://github.com/ory/oathkeeper/commit/d21179dd25543662075be402f6e24e1ee20d2754)), + closes [#233](https://github.com/ory/oathkeeper/issues/233) + [#233](https://github.com/ory/oathkeeper/issues/233) +- Add adopters placeholder + ([#236](https://github.com/ory/oathkeeper/issues/236)) ([302c7b8](https://github.com/ory/oathkeeper/commit/302c7b8cec0479db2735440ef336c11ca92675ff)) # [0.17.4-beta.1](https://github.com/ory/oathkeeper/compare/v0.17.3-beta.1...v0.17.4-beta.1) (2019-08-09) @@ -1765,14 +2106,15 @@ Add sprig template library (#235) - Incorporates changes from version v0.17.3-beta.1 ([b271ff2](https://github.com/ory/oathkeeper/commit/b271ff21644f9e3fd0605cc50978d0c5e2e883e3)) -- Updates issue and pull request templates ([#232](https://github.com/ory/oathkeeper/issues/232)) +- Updates issue and pull request templates + ([#232](https://github.com/ory/oathkeeper/issues/232)) ([00c08ba](https://github.com/ory/oathkeeper/commit/00c08ba9c4d2ce6b910b151d79eaccbf6d9c0710)) ### Unclassified - Add sprig template library (#235) - ([c85c540](https://github.com/ory/oathkeeper/commit/c85c5400000f1c534b99db292273f71c427d368e)), closes - [#235](https://github.com/ory/oathkeeper/issues/235) + ([c85c540](https://github.com/ory/oathkeeper/commit/c85c5400000f1c534b99db292273f71c427d368e)), + closes [#235](https://github.com/ory/oathkeeper/issues/235) # [0.17.3-beta.1](https://github.com/ory/oathkeeper/compare/v0.17.2-beta.1...v0.17.3-beta.1) (2019-08-03) @@ -1785,8 +2127,10 @@ rule: Resolve k8s configmap reload issue (#231) ### Unclassified -- Move back to scratch Docker image ([3fa8a50](https://github.com/ory/oathkeeper/commit/3fa8a5078759869c3a3a0521f17b80f246fdd7f4)) -- Resolve k8s configmap reload issue ([#231](https://github.com/ory/oathkeeper/issues/231)) +- Move back to scratch Docker image + ([3fa8a50](https://github.com/ory/oathkeeper/commit/3fa8a5078759869c3a3a0521f17b80f246fdd7f4)) +- Resolve k8s configmap reload issue + ([#231](https://github.com/ory/oathkeeper/issues/231)) ([c04547e](https://github.com/ory/oathkeeper/commit/c04547e7bda2396c997252dd7ca3e588897b7779)) # [0.17.2-beta.1](https://github.com/ory/oathkeeper/compare/v0.17.1-beta.1...v0.17.2-beta.1) (2019-08-02) @@ -1797,12 +2141,14 @@ rules: Support kubernetes configmap reloading (#230) - Incorporates changes from version v0.17.1-beta.1 ([64d180f](https://github.com/ory/oathkeeper/commit/64d180fd7f41febd4f15a35bd8ee625adc854256)) -- Updates issue and pull request templates ([#226](https://github.com/ory/oathkeeper/issues/226)) +- Updates issue and pull request templates + ([#226](https://github.com/ory/oathkeeper/issues/226)) ([007d491](https://github.com/ory/oathkeeper/commit/007d491dfd204b4dcf175906319db667b10fff1e)) ### Unclassified -- Support kubernetes configmap reloading ([#230](https://github.com/ory/oathkeeper/issues/230)) +- Support kubernetes configmap reloading + ([#230](https://github.com/ory/oathkeeper/issues/230)) ([92b769b](https://github.com/ory/oathkeeper/commit/92b769bfdf4d5fd7902e1b5ae1dc63d11de4e0f1)) # [0.17.1-beta.1](https://github.com/ory/oathkeeper/compare/v0.17.0-beta.1...v0.17.1-beta.1) (2019-07-23) @@ -1818,9 +2164,10 @@ Closes #224 ### Unclassified -- Fix panic on send on closed channel ([#225](https://github.com/ory/oathkeeper/issues/225)) - ([2112ab6](https://github.com/ory/oathkeeper/commit/2112ab6b325aef71963de9d448dbf15ce09bd5fe)), closes - [#224](https://github.com/ory/oathkeeper/issues/224) +- Fix panic on send on closed channel + ([#225](https://github.com/ory/oathkeeper/issues/225)) + ([2112ab6](https://github.com/ory/oathkeeper/commit/2112ab6b325aef71963de9d448dbf15ce09bd5fe)), + closes [#224](https://github.com/ory/oathkeeper/issues/224) # [0.17.0-beta.1](https://github.com/ory/oathkeeper/compare/v0.16.0-beta.5...v0.17.0-beta.1) (2019-07-18) @@ -1835,33 +2182,40 @@ ci: Automate schema confiugration sync - Incorporates changes from version v0.16.0-beta.5 ([a8afc3b](https://github.com/ory/oathkeeper/commit/a8afc3b559905d8807519e3ed04fd39a654fa73d)) -- Update upgrade guide ([a8ccb05](https://github.com/ory/oathkeeper/commit/a8ccb0541f9f0e8b707b418bb6698ed18bdadf0b)) -- Update upgrade guide ([f727efe](https://github.com/ory/oathkeeper/commit/f727efe438bafbfb8f404ae1dd98b062d1ad804b)) +- Update upgrade guide + ([a8ccb05](https://github.com/ory/oathkeeper/commit/a8ccb0541f9f0e8b707b418bb6698ed18bdadf0b)) +- Update upgrade guide + ([f727efe](https://github.com/ory/oathkeeper/commit/f727efe438bafbfb8f404ae1dd98b062d1ad804b)) ### Unclassified -- Fix broken reload tests ([d6059b7](https://github.com/ory/oathkeeper/commit/d6059b711aa921fd012ce71eb11e370f174596f6)) +- Fix broken reload tests + ([d6059b7](https://github.com/ory/oathkeeper/commit/d6059b711aa921fd012ce71eb11e370f174596f6)) - Validate configuration with JSON Schema ([997427d](https://github.com/ory/oathkeeper/commit/997427dc03c7efee476f145677b73a42bbc63c89)) - Watch configuration and access rule changes (#217) - ([a078e89](https://github.com/ory/oathkeeper/commit/a078e891e2fe97bdb6ce8a2264f629a179c9116e)), closes - [#217](https://github.com/ory/oathkeeper/issues/217): + ([a078e89](https://github.com/ory/oathkeeper/commit/a078e891e2fe97bdb6ce8a2264f629a179c9116e)), + closes [#217](https://github.com/ory/oathkeeper/issues/217): - This patch allows oathkeeper to re-load any changes made to the configuraiton file and/or the access rules to be reloaded - without a restart. + This patch allows oathkeeper to re-load any changes made to the configuraiton + file and/or the access rules to be reloaded without a restart. - Some configuration keys like serve._, log._, profiling however require a restart. + Some configuration keys like serve._, log._, profiling however require a + restart. -- Create FUNDING.yml ([d7da8e2](https://github.com/ory/oathkeeper/commit/d7da8e296205e183140c18ba3cc6269334476a2b)) +- Create FUNDING.yml + ([d7da8e2](https://github.com/ory/oathkeeper/commit/d7da8e296205e183140c18ba3cc6269334476a2b)) - Add support for rules in YAML format (#213) - ([67face6](https://github.com/ory/oathkeeper/commit/67face611b9f19ed9b6606931c9b7a82df769154)), closes - [#213](https://github.com/ory/oathkeeper/issues/213): + ([67face6](https://github.com/ory/oathkeeper/commit/67face611b9f19ed9b6606931c9b7a82df769154)), + closes [#213](https://github.com/ory/oathkeeper/issues/213): - This commit adds support for defining access rules in YAML format, in addition to existing JSON format. + This commit adds support for defining access rules in YAML format, in addition + to existing JSON format. - Do not fatal when immutable value is changed ([717d7f7](https://github.com/ory/oathkeeper/commit/717d7f748abe61014653f3c6519c4aef019d1969)) -- Remove useless function ([3521a3d](https://github.com/ory/oathkeeper/commit/3521a3d9a606b92c7bf9c74828185934b2cba9c5)) +- Remove useless function + ([3521a3d](https://github.com/ory/oathkeeper/commit/3521a3d9a606b92c7bf9c74828185934b2cba9c5)) # [0.16.0-beta.5](https://github.com/ory/oathkeeper/compare/v0.16.0-beta.4...v0.16.0-beta.5) (2019-06-28) @@ -1875,27 +2229,33 @@ authenticator: Add cookie session authenticator (#211) ### Unclassified - Add description into the name of subtest (#212) - ([230c332](https://github.com/ory/oathkeeper/commit/230c332f5972e2bbf5a81a31c4ceafdfbf541d75)), closes - [#212](https://github.com/ory/oathkeeper/issues/212) -- Remove binary license (#208) ([3460d65](https://github.com/ory/oathkeeper/commit/3460d65249783ea1eb6558fbe75cec4c72105f5c)), + ([230c332](https://github.com/ory/oathkeeper/commit/230c332f5972e2bbf5a81a31c4ceafdfbf541d75)), + closes [#212](https://github.com/ory/oathkeeper/issues/212) +- Remove binary license (#208) + ([3460d65](https://github.com/ory/oathkeeper/commit/3460d65249783ea1eb6558fbe75cec4c72105f5c)), closes [#208](https://github.com/ory/oathkeeper/issues/208) -- Update config.yaml (#204) ([effe9c0](https://github.com/ory/oathkeeper/commit/effe9c025c3a25edf88bc3791ec27cb01e128a1a)), closes - [#204](https://github.com/ory/oathkeeper/issues/204): +- Update config.yaml (#204) + ([effe9c0](https://github.com/ory/oathkeeper/commit/effe9c025c3a25edf88bc3791ec27cb01e128a1a)), + closes [#204](https://github.com/ory/oathkeeper/issues/204): There's no DSN in oathkeeper -- Add cookie session authenticator ([#211](https://github.com/ory/oathkeeper/issues/211)) +- Add cookie session authenticator + ([#211](https://github.com/ory/oathkeeper/issues/211)) ([f8a66b7](https://github.com/ory/oathkeeper/commit/f8a66b77f99420fa4ac6693967af1906ae962489)) -- Use non-root user in image ([#209](https://github.com/ory/oathkeeper/issues/209)) +- Use non-root user in image + ([#209](https://github.com/ory/oathkeeper/issues/209)) ([2215126](https://github.com/ory/oathkeeper/commit/221512635125eb61943f6dfd93b69defa61d9ce3)) # [0.16.0-beta.4](https://github.com/ory/oathkeeper/compare/v0.16.0-beta.3...v0.16.0-beta.4) (2019-05-28) server: Properly declare negroni middleware (#200) -Previously, negroni.With was mistakenly used to add middleware onto the stack. The proper method however is negroni.Use. +Previously, negroni.With was mistakenly used to add middleware onto the stack. +The proper method however is negroni.Use. -This patch fixes the use of negroni.With and resolves issues around logging and the decisions endpoint. +This patch fixes the use of negroni.With and resolves issues around logging and +the decisions endpoint. Closes #199 @@ -1903,22 +2263,28 @@ Closes #199 - Incorporates changes from version v0.16.0-beta.3 ([d777ecf](https://github.com/ory/oathkeeper/commit/d777ecf59192d14a432a024d5a3451b47f6cff4e)) -- Updates issue and pull request templates ([#196](https://github.com/ory/oathkeeper/issues/196)) +- Updates issue and pull request templates + ([#196](https://github.com/ory/oathkeeper/issues/196)) ([74fa27b](https://github.com/ory/oathkeeper/commit/74fa27ba9b110d8b4bd8afe09d77c5c602187a5c)) -- Updates issue and pull request templates ([#197](https://github.com/ory/oathkeeper/issues/197)) +- Updates issue and pull request templates + ([#197](https://github.com/ory/oathkeeper/issues/197)) ([31d057c](https://github.com/ory/oathkeeper/commit/31d057cf37816fb20436f464f96ee2c5fd32d7e7)) -- Updates issue and pull request templates ([#198](https://github.com/ory/oathkeeper/issues/198)) +- Updates issue and pull request templates + ([#198](https://github.com/ory/oathkeeper/issues/198)) ([244810a](https://github.com/ory/oathkeeper/commit/244810aabfc2259e756963791855cde1006fe16f)) ### Unclassified -- Properly declare negroni middleware ([#200](https://github.com/ory/oathkeeper/issues/200)) - ([9d3dc54](https://github.com/ory/oathkeeper/commit/9d3dc54e1350fa74fb126cc4761462e83d86548f)), closes - [#199](https://github.com/ory/oathkeeper/issues/199): +- Properly declare negroni middleware + ([#200](https://github.com/ory/oathkeeper/issues/200)) + ([9d3dc54](https://github.com/ory/oathkeeper/commit/9d3dc54e1350fa74fb126cc4761462e83d86548f)), + closes [#199](https://github.com/ory/oathkeeper/issues/199): - Previously, negroni.With was mistakenly used to add middleware onto the stack. The proper method however is negroni.Use. + Previously, negroni.With was mistakenly used to add middleware onto the stack. + The proper method however is negroni.Use. - This patch fixes the use of negroni.With and resolves issues around logging and the decisions endpoint. + This patch fixes the use of negroni.With and resolves issues around logging + and the decisions endpoint. # [0.16.0-beta.3](https://github.com/ory/oathkeeper/compare/v0.15.2...v0.16.0-beta.3) (2019-05-19) @@ -1926,28 +2292,36 @@ ci: Use golang for docs task ### Continuous Integration -- Use golang for docs task ([b120c72](https://github.com/ory/oathkeeper/commit/b120c7214d7f11441b0cec7a34517b4403226f5f)) +- Use golang for docs task + ([b120c72](https://github.com/ory/oathkeeper/commit/b120c7214d7f11441b0cec7a34517b4403226f5f)) ### Documentation - Incorporates changes from version v0.15.2 ([7ceabe9](https://github.com/ory/oathkeeper/commit/7ceabe98498e1dd9f8c3c452f5d0f9ab366a3c07)) -- Rename config.yml -> config.yaml ([4faecbe](https://github.com/ory/oathkeeper/commit/4faecbea5683e18522697f5c2b1ccc76fbf4c762)) -- Updates issue and pull request templates ([#189](https://github.com/ory/oathkeeper/issues/189)) +- Rename config.yml -> config.yaml + ([4faecbe](https://github.com/ory/oathkeeper/commit/4faecbea5683e18522697f5c2b1ccc76fbf4c762)) +- Updates issue and pull request templates + ([#189](https://github.com/ory/oathkeeper/issues/189)) ([367a48d](https://github.com/ory/oathkeeper/commit/367a48dba6693db44a17179dcf0f0e7c624be7a7)) ### Unclassified - Reduce deployment complexity and refactor internals (#185) - ([6b509ad](https://github.com/ory/oathkeeper/commit/6b509ad5e3ce109521de80540bd0c762b7ecd8d2)), closes - [#185](https://github.com/ory/oathkeeper/issues/185) [#178](https://github.com/ory/oathkeeper/issues/178) - [#177](https://github.com/ory/oathkeeper/issues/177) [#174](https://github.com/ory/oathkeeper/issues/174) - [#168](https://github.com/ory/oathkeeper/issues/168) [#164](https://github.com/ory/oathkeeper/issues/164) - [#141](https://github.com/ory/oathkeeper/issues/141) [#140](https://github.com/ory/oathkeeper/issues/140) - [#136](https://github.com/ory/oathkeeper/issues/136) [#122](https://github.com/ory/oathkeeper/issues/122) + ([6b509ad](https://github.com/ory/oathkeeper/commit/6b509ad5e3ce109521de80540bd0c762b7ecd8d2)), + closes [#185](https://github.com/ory/oathkeeper/issues/185) + [#178](https://github.com/ory/oathkeeper/issues/178) + [#177](https://github.com/ory/oathkeeper/issues/177) + [#174](https://github.com/ory/oathkeeper/issues/174) + [#168](https://github.com/ory/oathkeeper/issues/168) + [#164](https://github.com/ory/oathkeeper/issues/164) + [#141](https://github.com/ory/oathkeeper/issues/141) + [#140](https://github.com/ory/oathkeeper/issues/140) + [#136](https://github.com/ory/oathkeeper/issues/136) + [#122](https://github.com/ory/oathkeeper/issues/122) - Resolve issue with install.sh script (#187) - ([d31d5be](https://github.com/ory/oathkeeper/commit/d31d5bea5085355960cc051c4bb6b6232a77ac75)), closes - [#187](https://github.com/ory/oathkeeper/issues/187) + ([d31d5be](https://github.com/ory/oathkeeper/commit/d31d5bea5085355960cc051c4bb6b6232a77ac75)), + closes [#187](https://github.com/ory/oathkeeper/issues/187) # [0.15.2](https://github.com/ory/oathkeeper/compare/v0.15.1...v0.15.2) (2019-05-04) @@ -1965,8 +2339,9 @@ Signed-off-by: Stanislav Zapolsky ### Unclassified - cmd/client: Use json rawmessage for arbtrary payloads (#184) - ([a55e4d1](https://github.com/ory/oathkeeper/commit/a55e4d1267dcb2975a5e4b4ab4248bdf7adc00b0)), closes - [#184](https://github.com/ory/oathkeeper/issues/184) [#182](https://github.com/ory/oathkeeper/issues/182) + ([a55e4d1](https://github.com/ory/oathkeeper/commit/a55e4d1267dcb2975a5e4b4ab4248bdf7adc00b0)), + closes [#184](https://github.com/ory/oathkeeper/issues/184) + [#182](https://github.com/ory/oathkeeper/issues/182) # [0.15.1](https://github.com/ory/oathkeeper/compare/v0.15.0...v0.15.1) (2019-04-29) @@ -1991,47 +2366,61 @@ Signed-off-by: aeneasr ([44649b6](https://github.com/ory/oathkeeper/commit/44649b6302057cb64c9585b862043fe4568d4432)) - Incorporates changes from version v0.14.2+oryOS.10 ([2d9899a](https://github.com/ory/oathkeeper/commit/2d9899a38b927ff367931c024a10bfdc3230e9a3)) -- Update patrons ([f423666](https://github.com/ory/oathkeeper/commit/f423666df6e067ed563a853c3187afb1859dc36c)) -- Update README building-from-source part with the gomodule way ([#152](https://github.com/ory/oathkeeper/issues/152)) - ([9d653f5](https://github.com/ory/oathkeeper/commit/9d653f5364cfabdd03a6a39b0883d70b9783fb01)), closes - [#149](https://github.com/ory/oathkeeper/issues/149) +- Update patrons + ([f423666](https://github.com/ory/oathkeeper/commit/f423666df6e067ed563a853c3187afb1859dc36c)) +- Update README building-from-source part with the gomodule way + ([#152](https://github.com/ory/oathkeeper/issues/152)) + ([9d653f5](https://github.com/ory/oathkeeper/commit/9d653f5364cfabdd03a6a39b0883d70b9783fb01)), + closes [#149](https://github.com/ory/oathkeeper/issues/149) ### Unclassified -- Update CHANGELOG.md ([cbccbe2](https://github.com/ory/oathkeeper/commit/cbccbe2f4786f90208dfa93a8b8b47027ca11548)) -- Ensure rule matcher is locked before updating ([#159](https://github.com/ory/oathkeeper/issues/159)) +- Update CHANGELOG.md + ([cbccbe2](https://github.com/ory/oathkeeper/commit/cbccbe2f4786f90208dfa93a8b8b47027ca11548)) +- Ensure rule matcher is locked before updating + ([#159](https://github.com/ory/oathkeeper/issues/159)) ([6fb7151](https://github.com/ory/oathkeeper/commit/6fb715161370382b384ab2e0cb7ec64ca425f16a)): - Lock CachedMatcher before rules are updated when HTTPMatcher refreshes to avoid concurrent map iteration and map write errors. + Lock CachedMatcher before rules are updated when HTTPMatcher refreshes to + avoid concurrent map iteration and map write errors. -- Improve debugability of JWT authenticator ([#156](https://github.com/ory/oathkeeper/issues/156)) +- Improve debugability of JWT authenticator + ([#156](https://github.com/ory/oathkeeper/issues/156)) ([8441bd5](https://github.com/ory/oathkeeper/commit/8441bd52dc567de04b8b4eb9b4655aaf45b90f03)) -- Move to go-swagger SDK code generation ([#170](https://github.com/ory/oathkeeper/issues/170)) - ([38c52a3](https://github.com/ory/oathkeeper/commit/38c52a3cc3a24b1d77d7f07d012be561d018b5ec)), closes - [#165](https://github.com/ory/oathkeeper/issues/165) -- Remove full tag from build pipeline ([#179](https://github.com/ory/oathkeeper/issues/179)) +- Move to go-swagger SDK code generation + ([#170](https://github.com/ory/oathkeeper/issues/170)) + ([38c52a3](https://github.com/ory/oathkeeper/commit/38c52a3cc3a24b1d77d7f07d012be561d018b5ec)), + closes [#165](https://github.com/ory/oathkeeper/issues/165) +- Remove full tag from build pipeline + ([#179](https://github.com/ory/oathkeeper/issues/179)) ([e2edbf8](https://github.com/ory/oathkeeper/commit/e2edbf8628fd7592730dbb320760e514982e049d)) -- Remove sdk dependencies to keto/hydra ([#173](https://github.com/ory/oathkeeper/issues/173)) +- Remove sdk dependencies to keto/hydra + ([#173](https://github.com/ory/oathkeeper/issues/173)) ([b538e3c](https://github.com/ory/oathkeeper/commit/b538e3c8fdd52be1e61ed88502fce1de7737d4a9)): - This patch replaces code-generated SDKs with raw http.Client calls which reduces dependencies and makes future changes to the - keto/hydra SDK easier to adopt to. + This patch replaces code-generated SDKs with raw http.Client calls which + reduces dependencies and makes future changes to the keto/hydra SDK easier to + adopt to. - Remove vendored dependencies after sdk generation ([7c33ca8](https://github.com/ory/oathkeeper/commit/7c33ca89781a225ab43b4d663b30c154a24a7e0a)) -- Set request headers for credential issuers ([#169](https://github.com/ory/oathkeeper/issues/169)) - ([4fc579c](https://github.com/ory/oathkeeper/commit/4fc579cd677b71f6083fd3edaad741a7979e629a)), closes - [#120](https://github.com/ory/oathkeeper/issues/120) [#133](https://github.com/ory/oathkeeper/issues/133) +- Set request headers for credential issuers + ([#169](https://github.com/ory/oathkeeper/issues/169)) + ([4fc579c](https://github.com/ory/oathkeeper/commit/4fc579cd677b71f6083fd3edaad741a7979e629a)), + closes [#120](https://github.com/ory/oathkeeper/issues/120) + [#133](https://github.com/ory/oathkeeper/issues/133) - Update Dockerfile build instructions ([ec40cc4](https://github.com/ory/oathkeeper/commit/ec40cc4cfa1716adff9cb4cd8c604aa6f4aa9e91)) - Upgrade dependencies ([#163](https://github.com/ory/oathkeeper/issues/163)) ([f9fdefb](https://github.com/ory/oathkeeper/commit/f9fdefb5dfe9dbff38f0ae96f82e42fea24d1c93)) -- Use scp,scope,scopes in jwt authenticator ([#162](https://github.com/ory/oathkeeper/issues/162)) - ([eebc2f4](https://github.com/ory/oathkeeper/commit/eebc2f44e3e42b7af653f91d9345111e0a280401)), closes - [#138](https://github.com/ory/oathkeeper/issues/138): +- Use scp,scope,scopes in jwt authenticator + ([#162](https://github.com/ory/oathkeeper/issues/162)) + ([eebc2f4](https://github.com/ory/oathkeeper/commit/eebc2f44e3e42b7af653f91d9345111e0a280401)), + closes [#138](https://github.com/ory/oathkeeper/issues/138): - Previously, the JWT authenticator only used the "scope" claim to retrieve scope values from a JWT. Now, "scp", "scope", "scopes" - are supported as string arrays and strings separated by spaces. + Previously, the JWT authenticator only used the "scope" claim to retrieve + scope values from a JWT. Now, "scp", "scope", "scopes" are supported as string + arrays and strings separated by spaces. # [0.14.2+oryOS.10](https://github.com/ory/oathkeeper/compare/v0.14.1+oryOS.10...v0.14.2+oryOS.10) (2018-12-13) @@ -2052,7 +2441,8 @@ Signed-off-by: aeneasr ### Continuous Integration -- Fix docker release task ([893385b](https://github.com/ory/oathkeeper/commit/893385b10f26ffd9933f4d66c4187ca59d2f3f47)) +- Fix docker release task + ([893385b](https://github.com/ory/oathkeeper/commit/893385b10f26ffd9933f4d66c4187ca59d2f3f47)) # [0.14.0+oryOS.10](https://github.com/ory/oathkeeper/compare/v0.11.12...v0.14.0+oryOS.10) (2018-12-13) @@ -2062,27 +2452,36 @@ Signed-off-by: aeneasr ### Continuous Integration -- Fix circle misconfiguration ([a00ce64](https://github.com/ory/oathkeeper/commit/a00ce64e0bf5890192808f0edb1879caaa811742)) +- Fix circle misconfiguration + ([a00ce64](https://github.com/ory/oathkeeper/commit/a00ce64e0bf5890192808f0edb1879caaa811742)) ### Documentation -- Adds gh templates & code of conduct ([#78](https://github.com/ory/oathkeeper/issues/78)) +- Adds gh templates & code of conduct + ([#78](https://github.com/ory/oathkeeper/issues/78)) ([02361aa](https://github.com/ory/oathkeeper/commit/02361aa7a3499c78b480ca43cf29636a17391215)) -- Adds link to examples repository ([#79](https://github.com/ory/oathkeeper/issues/79)) +- Adds link to examples repository + ([#79](https://github.com/ory/oathkeeper/issues/79)) ([bfe96e9](https://github.com/ory/oathkeeper/commit/bfe96e9a47b1c49be631f5286ed05d4377fba684)) -- Align changelog, upgrade with new versions ([#143](https://github.com/ory/oathkeeper/issues/143)) +- Align changelog, upgrade with new versions + ([#143](https://github.com/ory/oathkeeper/issues/143)) ([751dfa3](https://github.com/ory/oathkeeper/commit/751dfa3abacb122f0b5599800025366dec7d9b5c)) -- Clarify beyondcorp ([3647958](https://github.com/ory/oathkeeper/commit/3647958a415bd4c1abb106d0a765f2186e54ad60)) -- Clarify breaking change policy ([6e6bb7e](https://github.com/ory/oathkeeper/commit/6e6bb7e42ad8e84eb4cf5b8dfd3b27845748cbc0)) +- Clarify beyondcorp + ([3647958](https://github.com/ory/oathkeeper/commit/3647958a415bd4c1abb106d0a765f2186e54ad60)) +- Clarify breaking change policy + ([6e6bb7e](https://github.com/ory/oathkeeper/commit/6e6bb7e42ad8e84eb4cf5b8dfd3b27845748cbc0)) - Fix broken link ([#87](https://github.com/ory/oathkeeper/issues/87)) ([828b33e](https://github.com/ory/oathkeeper/commit/828b33e94d2fadb0b371d5ae326a6dac855047a6)) -- Fix proxy help command description ([#142](https://github.com/ory/oathkeeper/issues/142)) +- Fix proxy help command description + ([#142](https://github.com/ory/oathkeeper/issues/142)) ([c836cb0](https://github.com/ory/oathkeeper/commit/c836cb0e1785bc4da602b1c820a6d6a54e7043e0)) - Fix typo in README. ([#118](https://github.com/ory/oathkeeper/issues/118)) ([3d33fcc](https://github.com/ory/oathkeeper/commit/3d33fcc85b248a7f0f9f7d1295459b5541927d81)) -- Grammatical fix in stability sentence ([#86](https://github.com/ory/oathkeeper/issues/86)) +- Grammatical fix in stability sentence + ([#86](https://github.com/ory/oathkeeper/issues/86)) ([ff0604d](https://github.com/ory/oathkeeper/commit/ff0604df82361b2f6dee6f2945a03b2b6b117056)) -- Improve some docs and update SDK ([#135](https://github.com/ory/oathkeeper/issues/135)) +- Improve some docs and update SDK + ([#135](https://github.com/ory/oathkeeper/issues/135)) ([9a6901d](https://github.com/ory/oathkeeper/commit/9a6901dc52b3ae9a1aabf692903b1d4922869308)) - Incorporates changes from version v0.11.12-1-gace7f34 ([3a6450c](https://github.com/ory/oathkeeper/commit/3a6450c89b335465cf5bd3aa87e64a0e11eeefc3)) @@ -2136,60 +2535,79 @@ Signed-off-by: aeneasr ([92c09fb](https://github.com/ory/oathkeeper/commit/92c09fb28552949cd034ed5555c87dfda91407a3)) - Incorporates changes from version v1.0.0-beta.9 ([b9127f6](https://github.com/ory/oathkeeper/commit/b9127f60de1d96e95310731b88b77b7b443f0d2e)) -- Update documentation links ([#144](https://github.com/ory/oathkeeper/issues/144)) +- Update documentation links + ([#144](https://github.com/ory/oathkeeper/issues/144)) ([84131d2](https://github.com/ory/oathkeeper/commit/84131d2201192c92eebcf1f03dd89f417402c985)) -- Update link to security console ([26fdda1](https://github.com/ory/oathkeeper/commit/26fdda126a9b322e5310a2a3a3ed83949f640d2c)) -- Update migration guide ([b2e6d67](https://github.com/ory/oathkeeper/commit/b2e6d6783aa869dad52e30203fa7d2510ae556ef)) -- Updates copyright notice ([e58535d](https://github.com/ory/oathkeeper/commit/e58535d7bdc5f4b6dd8e293741e53cdd8767c61c)) -- Updates issue and pull request templates ([#126](https://github.com/ory/oathkeeper/issues/126)) +- Update link to security console + ([26fdda1](https://github.com/ory/oathkeeper/commit/26fdda126a9b322e5310a2a3a3ed83949f640d2c)) +- Update migration guide + ([b2e6d67](https://github.com/ory/oathkeeper/commit/b2e6d6783aa869dad52e30203fa7d2510ae556ef)) +- Updates copyright notice + ([e58535d](https://github.com/ory/oathkeeper/commit/e58535d7bdc5f4b6dd8e293741e53cdd8767c61c)) +- Updates issue and pull request templates + ([#126](https://github.com/ory/oathkeeper/issues/126)) ([5991a92](https://github.com/ory/oathkeeper/commit/5991a922a3fd39bb5704b16116325487b73f2868)) -- Updates issue and pull request templates ([#127](https://github.com/ory/oathkeeper/issues/127)) +- Updates issue and pull request templates + ([#127](https://github.com/ory/oathkeeper/issues/127)) ([e4d0e26](https://github.com/ory/oathkeeper/commit/e4d0e2691618c104c5fe749267a02538bcb35465)) -- Updates link to open collective ([25e0dee](https://github.com/ory/oathkeeper/commit/25e0dee9b0f5ad1d45adc47d0b4e923e045d023f)) -- Updates links to docs ([9dca7c0](https://github.com/ory/oathkeeper/commit/9dca7c0829fc6ac669c621295423e9054989e14f)) -- Updates links to docs ([57ac174](https://github.com/ory/oathkeeper/commit/57ac17475350d713711256e772ffd875772e59b2)) -- Updates newsletter link in README ([97f1dea](https://github.com/ory/oathkeeper/commit/97f1dea021559a43302ffe32e16cd8ee585a0656)) -- Updates readme TOC ([3c0c862](https://github.com/ory/oathkeeper/commit/3c0c8626889f39b223a558e40baf21acc7819f8c)) -- Updates README.md ([1387f9f](https://github.com/ory/oathkeeper/commit/1387f9f2fb57de5c7d23d857575fd54b9bbd824f)) -- Updates TOC ([9b6c0df](https://github.com/ory/oathkeeper/commit/9b6c0dfd8d3548aef356c0d6d700d9805866d22b)) -- Updates upgrade.me ([0118f9f](https://github.com/ory/oathkeeper/commit/0118f9ffbb171876dad21a894f1c99a9c51c6d26)) +- Updates link to open collective + ([25e0dee](https://github.com/ory/oathkeeper/commit/25e0dee9b0f5ad1d45adc47d0b4e923e045d023f)) +- Updates links to docs + ([9dca7c0](https://github.com/ory/oathkeeper/commit/9dca7c0829fc6ac669c621295423e9054989e14f)) +- Updates links to docs + ([57ac174](https://github.com/ory/oathkeeper/commit/57ac17475350d713711256e772ffd875772e59b2)) +- Updates newsletter link in README + ([97f1dea](https://github.com/ory/oathkeeper/commit/97f1dea021559a43302ffe32e16cd8ee585a0656)) +- Updates readme TOC + ([3c0c862](https://github.com/ory/oathkeeper/commit/3c0c8626889f39b223a558e40baf21acc7819f8c)) +- Updates README.md + ([1387f9f](https://github.com/ory/oathkeeper/commit/1387f9f2fb57de5c7d23d857575fd54b9bbd824f)) +- Updates TOC + ([9b6c0df](https://github.com/ory/oathkeeper/commit/9b6c0dfd8d3548aef356c0d6d700d9805866d22b)) +- Updates upgrade.me + ([0118f9f](https://github.com/ory/oathkeeper/commit/0118f9ffbb171876dad21a894f1c99a9c51c6d26)) ### Unclassified - Support "scope" claim as a string in jwt authenticator (#137) - ([ab5240e](https://github.com/ory/oathkeeper/commit/ab5240e9a462cfaf2f632d6b535a3177d2c80c4e)), closes - [#137](https://github.com/ory/oathkeeper/issues/137) + ([ab5240e](https://github.com/ory/oathkeeper/commit/ab5240e9a462cfaf2f632d6b535a3177d2c80c4e)), + closes [#137](https://github.com/ory/oathkeeper/issues/137) - Adds docker-compose example with postgres ([84f1313](https://github.com/ory/oathkeeper/commit/84f131387845a1f0246d40b074d446ec58b014c0)) - Reduces setup complexity by making strategies configurable - ([6626f8f](https://github.com/ory/oathkeeper/commit/6626f8f2aa98f8ee05e5b1f63c1b698083f9ae78)), closes - [#71](https://github.com/ory/oathkeeper/issues/71): + ([6626f8f](https://github.com/ory/oathkeeper/commit/6626f8f2aa98f8ee05e5b1f63c1b698083f9ae78)), + closes [#71](https://github.com/ory/oathkeeper/issues/71): - This patch adds another ID Token signing algorithm (HS256) which is easier to set up as it does not rely on ORY Hydra but - instead on a shared secret. + This patch adds another ID Token signing algorithm (HS256) which is easier to + set up as it does not rely on ORY Hydra but instead on a shared secret. - Additionally the ability to specify which ID Token singing algorithm to use has been added. Environmental variables to configure - the behvaiour have been added as well. + Additionally the ability to specify which ID Token singing algorithm to use + has been added. Environmental variables to configure the behvaiour have been + added as well. - Further, the ORY Keto Warden Authorizer strategy is now optional and disabled when the environment variable - `AUTHORIZER_KETO_WARDEN_KETO_URL` is empty. + Further, the ORY Keto Warden Authorizer strategy is now optional and disabled + when the environment variable `AUTHORIZER_KETO_WARDEN_KETO_URL` is empty. - Tells linguist to ignore SDK files ([ace7f34](https://github.com/ory/oathkeeper/commit/ace7f3411f882c6e89bef7800fb2b700e51cd5f6)) - Add ability to configure scope strategy ([519a536](https://github.com/ory/oathkeeper/commit/519a53628696576891196f0ce733353d639e6aec)) -- Add cookies ci to handler factory ([#103](https://github.com/ory/oathkeeper/issues/103)) +- Add cookies ci to handler factory + ([#103](https://github.com/ory/oathkeeper/issues/103)) ([59aabfa](https://github.com/ory/oathkeeper/commit/59aabfa4b2554f03f65d618a7d7bf1c98a634da3)) -- Add cookies credentials issuer ([032d88e](https://github.com/ory/oathkeeper/commit/032d88ea8dee24506d277d22b7f4aaef2a502fa7)) +- Add cookies credentials issuer + ([032d88e](https://github.com/ory/oathkeeper/commit/032d88ea8dee24506d277d22b7f4aaef2a502fa7)) - Add endpoint for answering access requests directly - ([d211641](https://github.com/ory/oathkeeper/commit/d2116410edf1f5089427858727f155bc0aa4313c)), closes - [#42](https://github.com/ory/oathkeeper/issues/42): + ([d211641](https://github.com/ory/oathkeeper/commit/d2116410edf1f5089427858727f155bc0aa4313c)), + closes [#42](https://github.com/ory/oathkeeper/issues/42): - This patch adds endpoint `/judge` to `oathkeeper serve api`. The `/judge` endpoint mimics the behavior of - `oathkeeper serve proxy` but instead of forwarding the request to the upstream server, the endpoint answers directly with a HTTP - response. + This patch adds endpoint `/judge` to `oathkeeper serve api`. The `/judge` + endpoint mimics the behavior of `oathkeeper serve proxy` but instead of + forwarding the request to the upstream server, the endpoint answers directly + with a HTTP response. - The HTTP response returns status code 200 if the request should be allowed and any other status code (e.g. 401, 403) if not. + The HTTP response returns status code 200 if the request should be allowed and + any other status code (e.g. 401, 403) if not. Assuming you are making the following request: @@ -2203,8 +2621,9 @@ Signed-off-by: aeneasr Content-Length: 0 ``` - And you have a rule which allows token `some-bearer` to access `PUT /my-service/whatever` and you have a credentials issuer - which does not modify the Authorization header, the response will be: + And you have a rule which allows token `some-bearer` to access + `PUT /my-service/whatever` and you have a credentials issuer which does not + modify the Authorization header, the response will be: ``` HTTP/1.1 200 OK @@ -2221,16 +2640,20 @@ Signed-off-by: aeneasr Connection: Closed ``` -- Add headers credentials issuer ([b084c32](https://github.com/ory/oathkeeper/commit/b084c3271ab8ca71c9fe766de030572c69057671)) -- Add http proxy timeout config ([#132](https://github.com/ory/oathkeeper/issues/132)) +- Add headers credentials issuer + ([b084c32](https://github.com/ory/oathkeeper/commit/b084c3271ab8ca71c9fe766de030572c69057671)) +- Add http proxy timeout config + ([#132](https://github.com/ory/oathkeeper/issues/132)) ([b3718ce](https://github.com/ory/oathkeeper/commit/b3718ce56d4bcfe4610806ae6b15382226adab75)): - Add environment parameters (and description) to configure timeout settings of a server handled proxy requests. + Add environment parameters (and description) to configure timeout settings of + a server handled proxy requests. - It will help prevent a case of unexpected closing a client connection if an upstream request is executing more than default - timeout. + It will help prevent a case of unexpected closing a client connection if an + upstream request is executing more than default timeout. -- Add JWT authenticator ([61625bc](https://github.com/ory/oathkeeper/commit/61625bccebe0b478b980c66a29894dc1ffe48b0a)) +- Add JWT authenticator + ([61625bc](https://github.com/ory/oathkeeper/commit/61625bccebe0b478b980c66a29894dc1ffe48b0a)) - Add NodeJS SDK ([#94](https://github.com/ory/oathkeeper/issues/94)) ([7505b71](https://github.com/ory/oathkeeper/commit/7505b717f28aaec38e07999ffe1f417484e110f7)) - Adds ability to specify db url via env var in migrate @@ -2242,118 +2665,154 @@ Signed-off-by: aeneasr - Adds validator for rules ([#77](https://github.com/ory/oathkeeper/issues/77)) ([f450697](https://github.com/ory/oathkeeper/commit/f45069711b2aa5ed3ace6361a1bc8e9115a76406)): - This patch adds an input validator for rules which should prevent accidental typos or similar issues when creating a rule. - Additionally, no invalid/unconfigured handlers (authorizers, credential issuers, authenticators) can be used. + This patch adds an input validator for rules which should prevent accidental + typos or similar issues when creating a rule. Additionally, no + invalid/unconfigured handlers (authorizers, credential issuers, + authenticators) can be used. -- Align TLS options with hydra ([#114](https://github.com/ory/oathkeeper/issues/114)) +- Align TLS options with hydra + ([#114](https://github.com/ory/oathkeeper/issues/114)) ([c763152](https://github.com/ory/oathkeeper/commit/c7631528afc1e60ffed61a5b5e101079224e751b)) -- Allow empty upstream in rules ([e46065a](https://github.com/ory/oathkeeper/commit/e46065afa1d6ad14fa62dad9c6b145e46623c7f0)) -- Allow regex in match scheme ([c6d17c5](https://github.com/ory/oathkeeper/commit/c6d17c54c0a23c519a150971faf8486a957b2e82)), +- Allow empty upstream in rules + ([e46065a](https://github.com/ory/oathkeeper/commit/e46065afa1d6ad14fa62dad9c6b145e46623c7f0)) +- Allow regex in match scheme + ([c6d17c5](https://github.com/ory/oathkeeper/commit/c6d17c54c0a23c519a150971faf8486a957b2e82)), closes [#92](https://github.com/ory/oathkeeper/issues/92) -- Allows connectivity to MySQL ([fa5388c](https://github.com/ory/oathkeeper/commit/fa5388cfc2cd31f0ecee379a6f515bf4cd48961f)), +- Allows connectivity to MySQL + ([fa5388c](https://github.com/ory/oathkeeper/commit/fa5388cfc2cd31f0ecee379a6f515bf4cd48961f)), closes [#82](https://github.com/ory/oathkeeper/issues/82) - Authenticator noop should not bypass - ([6f8ab4f](https://github.com/ory/oathkeeper/commit/6f8ab4f7d676fbcf06d1eeb4ab1452b15f090185)), closes - [#97](https://github.com/ory/oathkeeper/issues/97) + ([6f8ab4f](https://github.com/ory/oathkeeper/commit/6f8ab4f7d676fbcf06d1eeb4ab1452b15f090185)), + closes [#97](https://github.com/ory/oathkeeper/issues/97) - Convert AuthenticationSession to local struct type for better handling ([b00b2a2](https://github.com/ory/oathkeeper/commit/b00b2a2498b44df5717b757bffbf13b00184bf68)) -- Disable cors per default ([#107](https://github.com/ory/oathkeeper/issues/107)) +- Disable cors per default + ([#107](https://github.com/ory/oathkeeper/issues/107)) ([c5ab0c3](https://github.com/ory/oathkeeper/commit/c5ab0c3175b336bb8bea3b919cae57c838262ab4)): This patch introduces CORS_ENABLED which defaults to "false". -- Doesn't fatal if no ORY Hydra is unresponsive. ([#66](https://github.com/ory/oathkeeper/issues/66)) - ([181e9ac](https://github.com/ory/oathkeeper/commit/181e9acf9bdc9adc05e6718df53b7fa1ff539c41)), closes - [#65](https://github.com/ory/oathkeeper/issues/65) -- Enables TLS option on serve api ([#116](https://github.com/ory/oathkeeper/issues/116)) +- Doesn't fatal if no ORY Hydra is unresponsive. + ([#66](https://github.com/ory/oathkeeper/issues/66)) + ([181e9ac](https://github.com/ory/oathkeeper/commit/181e9acf9bdc9adc05e6718df53b7fa1ff539c41)), + closes [#65](https://github.com/ory/oathkeeper/issues/65) +- Enables TLS option on serve api + ([#116](https://github.com/ory/oathkeeper/issues/116)) ([83f1f84](https://github.com/ory/oathkeeper/commit/83f1f84a42510f2c9a6d72d33f94ff8117b56a7f)) - Expose all ORY Hydra ports in tests ([691a72d](https://github.com/ory/oathkeeper/commit/691a72d3372d3a949acadf95130ed7d1432dafac)) - Expose all ORY Hydra ports in tests ([add70c6](https://github.com/ory/oathkeeper/commit/add70c66f0c30848d845e80e94c9065865d65809)) -- Fix checkResponse message typo ([#106](https://github.com/ory/oathkeeper/issues/106)) +- Fix checkResponse message typo + ([#106](https://github.com/ory/oathkeeper/issues/106)) ([0d0e653](https://github.com/ory/oathkeeper/commit/0d0e653e11a7b7415ef76334ebe9c1c0b50e47c8)) -- Ignore query parameters when matching url in rules. ([#139](https://github.com/ory/oathkeeper/issues/139)) +- Ignore query parameters when matching url in rules. + ([#139](https://github.com/ory/oathkeeper/issues/139)) ([07eb99b](https://github.com/ory/oathkeeper/commit/07eb99bdb669121bcd27559d9f11d0633f5a8877)) -- Improve compatibility with ORY Hydra 1.0.0-beta.8 ([#108](https://github.com/ory/oathkeeper/issues/108)) - ([296e012](https://github.com/ory/oathkeeper/commit/296e01254b50b645fae67e51aa668d39652b0778)), closes - [#101](https://github.com/ory/oathkeeper/issues/101): - - This patch improves compatibility with ORY Hydra 1.0.0-beta.8 and updates vendored dependencies. - -- Improve hydra integration tests ([e8b7a58](https://github.com/ory/oathkeeper/commit/e8b7a586c5fcb86efddf57d4f2f97a0ff915b869)) -- Improve refresh subroutines ([cc33538](https://github.com/ory/oathkeeper/commit/cc33538f11d9292465bc2fdf0275233b1ff7df9e)) -- Improves cors parsing ([d00dfed](https://github.com/ory/oathkeeper/commit/d00dfed2724cd449744fe189a6f957bdab8f508b)) -- Improves test set up ([6b6bb88](https://github.com/ory/oathkeeper/commit/6b6bb8846385e59436469ba201d94791d3588566)) +- Improve compatibility with ORY Hydra 1.0.0-beta.8 + ([#108](https://github.com/ory/oathkeeper/issues/108)) + ([296e012](https://github.com/ory/oathkeeper/commit/296e01254b50b645fae67e51aa668d39652b0778)), + closes [#101](https://github.com/ory/oathkeeper/issues/101): + + This patch improves compatibility with ORY Hydra 1.0.0-beta.8 and updates + vendored dependencies. + +- Improve hydra integration tests + ([e8b7a58](https://github.com/ory/oathkeeper/commit/e8b7a586c5fcb86efddf57d4f2f97a0ff915b869)) +- Improve refresh subroutines + ([cc33538](https://github.com/ory/oathkeeper/commit/cc33538f11d9292465bc2fdf0275233b1ff7df9e)) +- Improves cors parsing + ([d00dfed](https://github.com/ory/oathkeeper/commit/d00dfed2724cd449744fe189a6f957bdab8f508b)) +- Improves test set up + ([6b6bb88](https://github.com/ory/oathkeeper/commit/6b6bb8846385e59436469ba201d94791d3588566)) - Include headers credential issuer in handler factory ([0e1ef1b](https://github.com/ory/oathkeeper/commit/0e1ef1bf31a4cd48fa72d42f91323d860ac886ef)) - Introduce health and version endpoint ([029c7ff](https://github.com/ory/oathkeeper/commit/029c7ffab1b68df902d31812a7fde635cc2d880b)) -- Make subject configurable using go template ([#129](https://github.com/ory/oathkeeper/issues/129)) +- Make subject configurable using go template + ([#129](https://github.com/ory/oathkeeper/issues/129)) ([ee9dcdd](https://github.com/ory/oathkeeper/commit/ee9dcdd275b6b7f21c4a8b438ebed711acfda5e2)) - More CredentialsIssuerHeaders tests ([079171f](https://github.com/ory/oathkeeper/commit/079171fc159a62ec4742b73d71f9116d9831bf16)) - Move headers into new config field ([51eb9fb](https://github.com/ory/oathkeeper/commit/51eb9fb021beff28111a491daa5b9a5d17040bc7)) -- Properly document JWT refresh ([#117](https://github.com/ory/oathkeeper/issues/117)) +- Properly document JWT refresh + ([#117](https://github.com/ory/oathkeeper/issues/117)) ([2e024f9](https://github.com/ory/oathkeeper/commit/2e024f91640bf4182d1b1a6fb143d77c523f4596)) - Properly handle conflicts on PUT and POST - ([83b591d](https://github.com/ory/oathkeeper/commit/83b591d8cf3d180ad9d48a72bd92ffdb3a8192ac)), closes - [#38](https://github.com/ory/oathkeeper/issues/38): + ([83b591d](https://github.com/ory/oathkeeper/commit/83b591d8cf3d180ad9d48a72bd92ffdb3a8192ac)), + closes [#38](https://github.com/ory/oathkeeper/issues/38): - Previously, PUT and POST did not result in errors (409) when non-existing resources were modified, or existing resources were - created. This patch resolves that. + Previously, PUT and POST did not result in errors (409) when non-existing + resources were modified, or existing resources were created. This patch + resolves that. -- Refactors Oathkeeper into new ecosystem ([#60](https://github.com/ory/oathkeeper/issues/60)) +- Refactors Oathkeeper into new ecosystem + ([#60](https://github.com/ory/oathkeeper/issues/60)) ([7acfbca](https://github.com/ory/oathkeeper/commit/7acfbcaca36645a984baded2dc3cbb689154ef8c)) -- Refresh rules in api mode ([08204e8](https://github.com/ory/oathkeeper/commit/08204e8eb60745d8449b2da9780e460f504710c9)) +- Refresh rules in api mode + ([08204e8](https://github.com/ory/oathkeeper/commit/08204e8eb60745d8449b2da9780e460f504710c9)) - Remove config flag ([#111](https://github.com/ory/oathkeeper/issues/111)) - ([8385cbc](https://github.com/ory/oathkeeper/commit/8385cbcb05be5e1d5df8d5b3f00130b163d651f6)), closes - [#110](https://github.com/ory/oathkeeper/issues/110) + ([8385cbc](https://github.com/ory/oathkeeper/commit/8385cbcb05be5e1d5df8d5b3f00130b163d651f6)), + closes [#110](https://github.com/ory/oathkeeper/issues/110) - Remove config flag ([#111](https://github.com/ory/oathkeeper/issues/111)) - ([7de77b8](https://github.com/ory/oathkeeper/commit/7de77b81495c53dd3c3fac3f3524daa10b19fc5d)), closes - [#110](https://github.com/ory/oathkeeper/issues/110) + ([7de77b8](https://github.com/ory/oathkeeper/commit/7de77b81495c53dd3c3fac3f3524daa10b19fc5d)), + closes [#110](https://github.com/ory/oathkeeper/issues/110) - Remove package.json from swagger dir ([837d18c](https://github.com/ory/oathkeeper/commit/837d18ca2eec44370b965de190b317dd40369970)) -- Removes obsolete benchmark ([3f259da](https://github.com/ory/oathkeeper/commit/3f259da7766eb6a42b54bb3a6f3ddeb49d9363a1)) +- Removes obsolete benchmark + ([3f259da](https://github.com/ory/oathkeeper/commit/3f259da7766eb6a42b54bb3a6f3ddeb49d9363a1)) - Resolve broken introspection scope setting ([18837a9](https://github.com/ory/oathkeeper/commit/18837a9fb18c931b6fadfa39f71520f3f45e6c1c)) -- Resolve HS256 kid mismatch ([6d647d7](https://github.com/ory/oathkeeper/commit/6d647d76b1e41f4ec0d43c79934d601f5e0627af)), +- Resolve HS256 kid mismatch + ([6d647d7](https://github.com/ory/oathkeeper/commit/6d647d76b1e41f4ec0d43c79934d601f5e0627af)), closes [#83](https://github.com/ory/oathkeeper/issues/83) - Resolves an issue with cached matchers - ([951da25](https://github.com/ory/oathkeeper/commit/951da251e3e862f2d0a1e5076c028a481f0235dd)), closes - [#73](https://github.com/ory/oathkeeper/issues/73): + ([951da25](https://github.com/ory/oathkeeper/commit/951da251e3e862f2d0a1e5076c028a481f0235dd)), + closes [#73](https://github.com/ory/oathkeeper/issues/73): - This patch resolves an issue where updates would not properly propagate. This caused deleted rules to still be available in the - proxy. + This patch resolves an issue where updates would not properly propagate. This + caused deleted rules to still be available in the proxy. -- Resolves issues with broken tests ([6604045](https://github.com/ory/oathkeeper/commit/6604045191446baca03791940ddf746aed4799d1)) +- Resolves issues with broken tests + ([6604045](https://github.com/ory/oathkeeper/commit/6604045191446baca03791940ddf746aed4799d1)) - Resolves naming issues and updates readme ([5495d4a](https://github.com/ory/oathkeeper/commit/5495d4aa6d23a04891b53694e4fc0e0857c2f955)) - Resolves panic when network fails in "rules import" ([078542a](https://github.com/ory/oathkeeper/commit/078542a9c143ca6e18499157b2462a4c986230a3)) - Resolves potential panic in request handler ([ef6e889](https://github.com/ory/oathkeeper/commit/ef6e8894f034ec66bb3b0da1bdda762fe428a14d)) -- Resolves recursive stack overflow ([#81](https://github.com/ory/oathkeeper/issues/81)) - ([0594cda](https://github.com/ory/oathkeeper/commit/0594cda346f7ce5af1dc86c6335c1b782632d9eb)), closes - [#80](https://github.com/ory/oathkeeper/issues/80) -- Streamlines https configuration variables ([#124](https://github.com/ory/oathkeeper/issues/124)) - ([9f6f815](https://github.com/ory/oathkeeper/commit/9f6f8155a002699e29c5f02c8ebb48ac5dff17be)), closes - [#121](https://github.com/ory/oathkeeper/issues/121) -- Test for errors ([585672e](https://github.com/ory/oathkeeper/commit/585672e3a4a7e996d575d51889918c049e95106e)) -- Test missing Extra field ([a4d3d2d](https://github.com/ory/oathkeeper/commit/a4d3d2d4708d7c6baec90289a9a0bb956a95566b)) -- Test nesting of various types ([188748d](https://github.com/ory/oathkeeper/commit/188748d526edc8aa0e71b163b7d7188755fb9b7f)) -- Test template caching/lookup ([ab8a402](https://github.com/ory/oathkeeper/commit/ab8a40298071eff9fc0bec66470d7392226cdf6e)) -- Update keto to latest ([3e2a8de](https://github.com/ory/oathkeeper/commit/3e2a8dee9ead7a89d537162b8c4271444ab137df)) -- Update rules stub ([475f39a](https://github.com/ory/oathkeeper/commit/475f39a5f506b21557def2eb967ecdc7bd84d245)) +- Resolves recursive stack overflow + ([#81](https://github.com/ory/oathkeeper/issues/81)) + ([0594cda](https://github.com/ory/oathkeeper/commit/0594cda346f7ce5af1dc86c6335c1b782632d9eb)), + closes [#80](https://github.com/ory/oathkeeper/issues/80) +- Streamlines https configuration variables + ([#124](https://github.com/ory/oathkeeper/issues/124)) + ([9f6f815](https://github.com/ory/oathkeeper/commit/9f6f8155a002699e29c5f02c8ebb48ac5dff17be)), + closes [#121](https://github.com/ory/oathkeeper/issues/121) +- Test for errors + ([585672e](https://github.com/ory/oathkeeper/commit/585672e3a4a7e996d575d51889918c049e95106e)) +- Test missing Extra field + ([a4d3d2d](https://github.com/ory/oathkeeper/commit/a4d3d2d4708d7c6baec90289a9a0bb956a95566b)) +- Test nesting of various types + ([188748d](https://github.com/ory/oathkeeper/commit/188748d526edc8aa0e71b163b7d7188755fb9b7f)) +- Test template caching/lookup + ([ab8a402](https://github.com/ory/oathkeeper/commit/ab8a40298071eff9fc0bec66470d7392226cdf6e)) +- Update keto to latest + ([3e2a8de](https://github.com/ory/oathkeeper/commit/3e2a8dee9ead7a89d537162b8c4271444ab137df)) +- Update rules stub + ([475f39a](https://github.com/ory/oathkeeper/commit/475f39a5f506b21557def2eb967ecdc7bd84d245)) - Updates to ORY Hydra v1.0.0-beta.2 ([e4c9f2e](https://github.com/ory/oathkeeper/commit/e4c9f2eeed41ab8deeb54f2137ea1b2d90a3bdc3)) -- Upgrade keto authorizer to 0.2.0 ([#145](https://github.com/ory/oathkeeper/issues/145)) +- Upgrade keto authorizer to 0.2.0 + ([#145](https://github.com/ory/oathkeeper/issues/145)) ([bcd4836](https://github.com/ory/oathkeeper/commit/bcd4836d2ad38821d2a3c856ff3b851e5dce344a)) -- Upgrade superagent version ([44ed240](https://github.com/ory/oathkeeper/commit/44ed24017fec12a4de8505b3050018230e885981)) +- Upgrade superagent version + ([44ed240](https://github.com/ory/oathkeeper/commit/44ed24017fec12a4de8505b3050018230e885981)) - Use print funcmap function to override text/template print ([76b2d9d](https://github.com/ory/oathkeeper/commit/76b2d9d13c7983ac24c2076a5f5770f2cb380d43)) -- Validate handler configurations ([a558103](https://github.com/ory/oathkeeper/commit/a55810339ba3ec85654c358b902733c3125f01f0)) +- Validate handler configurations + ([a558103](https://github.com/ory/oathkeeper/commit/a55810339ba3ec85654c358b902733c3125f01f0)) # [0.11.12](https://github.com/ory/oathkeeper/compare/v0.0.29...v0.11.12) (2018-05-07) @@ -2361,49 +2820,70 @@ Introduces new versioning number to match ORY Hydra ### Documentation -- Adds automatic summary generation ([#49](https://github.com/ory/oathkeeper/issues/49)) +- Adds automatic summary generation + ([#49](https://github.com/ory/oathkeeper/issues/49)) ([20fefbc](https://github.com/ory/oathkeeper/commit/20fefbcac042e2a251f8bf047f252e251dbc704b)) -- Adds edit on github links ([95af1bb](https://github.com/ory/oathkeeper/commit/95af1bba9cc1b5dafe12f11ab9876371efedd92a)) -- Adds license note to all source files ([#51](https://github.com/ory/oathkeeper/issues/51)) +- Adds edit on github links + ([95af1bb](https://github.com/ory/oathkeeper/commit/95af1bba9cc1b5dafe12f11ab9876371efedd92a)) +- Adds license note to all source files + ([#51](https://github.com/ory/oathkeeper/issues/51)) ([2c8ff2f](https://github.com/ory/oathkeeper/commit/2c8ff2f944574210964456126342d7a41efb73b7)) -- Fixes redirect path ([9bca2f3](https://github.com/ory/oathkeeper/commit/9bca2f36a5d9ef75afb97e63faaffa912c9121d3)) -- Moves documentation to new repository ([#57](https://github.com/ory/oathkeeper/issues/57)) +- Fixes redirect path + ([9bca2f3](https://github.com/ory/oathkeeper/commit/9bca2f36a5d9ef75afb97e63faaffa912c9121d3)) +- Moves documentation to new repository + ([#57](https://github.com/ory/oathkeeper/issues/57)) ([a9f21f3](https://github.com/ory/oathkeeper/commit/a9f21f3c5a71442ee879a8457798f8965b869f28)) -- Redirect to ory domain ([0599e63](https://github.com/ory/oathkeeper/commit/0599e63d8628effa242b85e28f66df6a95616a45)) -- Removes newline from swagger doc ([5e297b3](https://github.com/ory/oathkeeper/commit/5e297b39794e4e015dedd716f3402f0bfb6efc1c)) -- Removes stray line in api docs ([bed1a04](https://github.com/ory/oathkeeper/commit/bed1a048cd54bd103c3c6bc62455671a3536d04f)) -- Removes summary plugin ([ce06f4e](https://github.com/ory/oathkeeper/commit/ce06f4eaffda106d009f2b554aecda3e3ba86434)) -- Resolves broken policy and client definitions ([#55](https://github.com/ory/oathkeeper/issues/55)) - ([4676f40](https://github.com/ory/oathkeeper/commit/4676f4054090ef705c705a3eaac616f8f513b980)), closes - [#53](https://github.com/ory/oathkeeper/issues/53) -- Updates chat badge to discord ([1bbac52](https://github.com/ory/oathkeeper/commit/1bbac524d5634d8aa286cdd14d9230807123da85)) -- Updates execution instructions ([#56](https://github.com/ory/oathkeeper/issues/56)) +- Redirect to ory domain + ([0599e63](https://github.com/ory/oathkeeper/commit/0599e63d8628effa242b85e28f66df6a95616a45)) +- Removes newline from swagger doc + ([5e297b3](https://github.com/ory/oathkeeper/commit/5e297b39794e4e015dedd716f3402f0bfb6efc1c)) +- Removes stray line in api docs + ([bed1a04](https://github.com/ory/oathkeeper/commit/bed1a048cd54bd103c3c6bc62455671a3536d04f)) +- Removes summary plugin + ([ce06f4e](https://github.com/ory/oathkeeper/commit/ce06f4eaffda106d009f2b554aecda3e3ba86434)) +- Resolves broken policy and client definitions + ([#55](https://github.com/ory/oathkeeper/issues/55)) + ([4676f40](https://github.com/ory/oathkeeper/commit/4676f4054090ef705c705a3eaac616f8f513b980)), + closes [#53](https://github.com/ory/oathkeeper/issues/53) +- Updates chat badge to discord + ([1bbac52](https://github.com/ory/oathkeeper/commit/1bbac524d5634d8aa286cdd14d9230807123da85)) +- Updates execution instructions + ([#56](https://github.com/ory/oathkeeper/issues/56)) ([3bcfd8b](https://github.com/ory/oathkeeper/commit/3bcfd8b1b91df97f78eb6e7b9bb2df7ba398b158)): Adjusting run script to respect env variables - Updates README.md ([#58](https://github.com/ory/oathkeeper/issues/58)) ([bdb542f](https://github.com/ory/oathkeeper/commit/bdb542fcb6006c218f499793f0e44ce30f79cf2a)) -- Updates swagger docs ([5ea68c2](https://github.com/ory/oathkeeper/commit/5ea68c290d757e341932b00cb89c2a9e5b7e2429)) +- Updates swagger docs + ([5ea68c2](https://github.com/ory/oathkeeper/commit/5ea68c290d757e341932b00cb89c2a9e5b7e2429)) ### Unclassified - Introduces new versioning number to match ORY Hydra ([75b5121](https://github.com/ory/oathkeeper/commit/75b51213a50750a12f670060a34aecadf49fa3e2)) -- Adds license ([cc13ae8](https://github.com/ory/oathkeeper/commit/cc13ae8f002426dc3b39b2184b438331e6f63522)) -- Updates README.md ([c9340dc](https://github.com/ory/oathkeeper/commit/c9340dc94d1b6aec4825c8a2ccf423aee1a5fd3b)) -- Adds mock generation script ([00b51b7](https://github.com/ory/oathkeeper/commit/00b51b7a71089d04a4b3005e5fd15d5e9db22939)) +- Adds license + ([cc13ae8](https://github.com/ory/oathkeeper/commit/cc13ae8f002426dc3b39b2184b438331e6f63522)) +- Updates README.md + ([c9340dc](https://github.com/ory/oathkeeper/commit/c9340dc94d1b6aec4825c8a2ccf423aee1a5fd3b)) +- Adds mock generation script + ([00b51b7](https://github.com/ory/oathkeeper/commit/00b51b7a71089d04a4b3005e5fd15d5e9db22939)) - Corrects logging typo ([#52](https://github.com/ory/oathkeeper/issues/52)) ([d415291](https://github.com/ory/oathkeeper/commit/d41529123a756cd202b2216a0aa746e137e72e5e)): - This corrects logging from 'oahtkeeper-proxy' to 'oathkeeper-proxy' in, e.g., the proxy latency logline. + This corrects logging from 'oahtkeeper-proxy' to 'oathkeeper-proxy' in, e.g., + the proxy latency logline. -- Updates hydra sdk mock ([2ff8032](https://github.com/ory/oathkeeper/commit/2ff8032f9362a8ef5d85692ce49d425bfc18f2f0)) -- Updates hydra to 0.11.6 ([ee969f6](https://github.com/ory/oathkeeper/commit/ee969f68145c5398b79fe4e7a9bf7fa74d1e6bf3)) -- Updates license header ([94a2ed2](https://github.com/ory/oathkeeper/commit/94a2ed2a0c381fe2fbf5182c45acb52ca4e2c164)) +- Updates hydra sdk mock + ([2ff8032](https://github.com/ory/oathkeeper/commit/2ff8032f9362a8ef5d85692ce49d425bfc18f2f0)) +- Updates hydra to 0.11.6 + ([ee969f6](https://github.com/ory/oathkeeper/commit/ee969f68145c5398b79fe4e7a9bf7fa74d1e6bf3)) +- Updates license header + ([94a2ed2](https://github.com/ory/oathkeeper/commit/94a2ed2a0c381fe2fbf5182c45acb52ca4e2c164)) - Use source file from vendor for mock generation ([42517c6](https://github.com/ory/oathkeeper/commit/42517c6df9bfb1a5a14606229916b8ba674aa3e1)) -- Uses Hydra v0.11.6 in tests ([9c2cc89](https://github.com/ory/oathkeeper/commit/9c2cc8901f32ab8042fadbd32475e98650c37e72)) +- Uses Hydra v0.11.6 in tests + ([9c2cc89](https://github.com/ory/oathkeeper/commit/9c2cc8901f32ab8042fadbd32475e98650c37e72)) # [0.0.29](https://github.com/ory/oathkeeper/compare/v0.0.28...v0.0.29) (2017-12-19) @@ -2412,8 +2892,8 @@ Adds use field to well known (#48) ### Unclassified - Adds use field to well known (#48) - ([f7353ea](https://github.com/ory/oathkeeper/commit/f7353ea1de25c37f58b9e7532e06210ea575bc29)), closes - [#48](https://github.com/ory/oathkeeper/issues/48) + ([f7353ea](https://github.com/ory/oathkeeper/commit/f7353ea1de25c37f58b9e7532e06210ea575bc29)), + closes [#48](https://github.com/ory/oathkeeper/issues/48) # [0.0.28](https://github.com/ory/oathkeeper/compare/v0.0.27...v0.0.28) (2017-12-19) @@ -2424,8 +2904,9 @@ Closes #43 ### Unclassified - Replaces key discovery with well-known feature (#46) - ([e343a61](https://github.com/ory/oathkeeper/commit/e343a61d6ae8f149f61c832fc567533651a1b16f)), closes - [#46](https://github.com/ory/oathkeeper/issues/46) [#43](https://github.com/ory/oathkeeper/issues/43) + ([e343a61](https://github.com/ory/oathkeeper/commit/e343a61d6ae8f149f61c832fc567533651a1b16f)), + closes [#46](https://github.com/ory/oathkeeper/issues/46) + [#43](https://github.com/ory/oathkeeper/issues/43) # [0.0.27](https://github.com/ory/oathkeeper/compare/v0.0.26...v0.0.27) (2017-12-12) @@ -2444,7 +2925,8 @@ Adds hydra.introspect to required tokens - Adds hydra.introspect to required tokens ([b66462a](https://github.com/ory/oathkeeper/commit/b66462a0ec62d82adb805c6aa29d807c21c5e20b)) -- Fixes broken image link in docs ([1aa2404](https://github.com/ory/oathkeeper/commit/1aa2404b9fa88e69b6e18832f1532978012dba27)) +- Fixes broken image link in docs + ([1aa2404](https://github.com/ory/oathkeeper/commit/1aa2404b9fa88e69b6e18832f1532978012dba27)) # [0.0.25](https://github.com/ory/oathkeeper/compare/v0.0.24...v0.0.25) (2017-11-28) @@ -2463,10 +2945,12 @@ Replaces LogError with direct error logging - Replaces LogError with direct error logging ([73994b8](https://github.com/ory/oathkeeper/commit/73994b850629c6ec267903ad09e2a6eceef7a9cd)) -- Upgrades vendor dependencies ([4207aef](https://github.com/ory/oathkeeper/commit/4207aef3c00a64f315dc0e85cd83adb6e3c9660c)) +- Upgrades vendor dependencies + ([4207aef](https://github.com/ory/oathkeeper/commit/4207aef3c00a64f315dc0e85cd83adb6e3c9660c)) - Introduces telemetry module and adds documentation - ([c5a7f7a](https://github.com/ory/oathkeeper/commit/c5a7f7a8fc6e0e2a264b5bc3dd29174f86f4b5c9)), closes - [#27](https://github.com/ory/oathkeeper/issues/27) [#34](https://github.com/ory/oathkeeper/issues/34) + ([c5a7f7a](https://github.com/ory/oathkeeper/commit/c5a7f7a8fc6e0e2a264b5bc3dd29174f86f4b5c9)), + closes [#27](https://github.com/ory/oathkeeper/issues/27) + [#34](https://github.com/ory/oathkeeper/issues/34) - Use oathkeeper public url as issuer ([1e5ae00](https://github.com/ory/oathkeeper/commit/1e5ae00f457aafdd7a284a388704ce954b3339b1)) @@ -2478,14 +2962,16 @@ Print formatted output string in rule management CLI (#35) - Add JWK set docs ([#33](https://github.com/ory/oathkeeper/issues/33)) ([95abec8](https://github.com/ory/oathkeeper/commit/95abec817a1fb053a19d47e66725764f56f4c9cc)) -- Update readme ([f448908](https://github.com/ory/oathkeeper/commit/f448908fb38f3b069de488a59e27ff082e610e1a)) +- Update readme + ([f448908](https://github.com/ory/oathkeeper/commit/f448908fb38f3b069de488a59e27ff082e610e1a)) ### Unclassified - Print formatted output string in rule management CLI (#35) - ([b14c74e](https://github.com/ory/oathkeeper/commit/b14c74e6270c4e2fdd9741c3cbe619336efd1435)), closes - [#35](https://github.com/ory/oathkeeper/issues/35) -- Update docs and add tests (#32) ([c6bf7d1](https://github.com/ory/oathkeeper/commit/c6bf7d15e8b935b6ed64551391f9aa23968cf4d9)), + ([b14c74e](https://github.com/ory/oathkeeper/commit/b14c74e6270c4e2fdd9741c3cbe619336efd1435)), + closes [#35](https://github.com/ory/oathkeeper/issues/35) +- Update docs and add tests (#32) + ([c6bf7d1](https://github.com/ory/oathkeeper/commit/c6bf7d15e8b935b6ed64551391f9aa23968cf4d9)), closes [#32](https://github.com/ory/oathkeeper/issues/32) # [0.0.22](https://github.com/ory/oathkeeper/compare/v0.0.21...v0.0.22) (2017-11-20) @@ -2497,8 +2983,9 @@ Closes #13 Closes #29 ### Unclassified - Renames bypass values for better clarity - ([46a717e](https://github.com/ory/oathkeeper/commit/46a717e0428fba1fcabb0bdb669acaba39aa5444)), closes - [#13](https://github.com/ory/oathkeeper/issues/13) [#29](https://github.com/ory/oathkeeper/issues/29) + ([46a717e](https://github.com/ory/oathkeeper/commit/46a717e0428fba1fcabb0bdb669acaba39aa5444)), + closes [#13](https://github.com/ory/oathkeeper/issues/13) + [#29](https://github.com/ory/oathkeeper/issues/29) # [0.0.21](https://github.com/ory/oathkeeper/compare/v0.0.20...v0.0.21) (2017-11-19) @@ -2517,19 +3004,25 @@ docs: Improve swagger documentation - Add developer guide link to readme ([68be400](https://github.com/ory/oathkeeper/commit/68be400c070a63b3ec8a7f40bc343ed39a45bed5)) -- Add install and run section ([87f0700](https://github.com/ory/oathkeeper/commit/87f07004b47d9803246bc42bf78c3e5100969033)) -- Fix table of contents in summary ([fdb752b](https://github.com/ory/oathkeeper/commit/fdb752b3172ed746776cb7153f4523b10920f492)) -- Improve swagger documentation ([8f16a9b](https://github.com/ory/oathkeeper/commit/8f16a9b36e1b75415f5e367c0ae5589a74187139)) -- Wrote basic developer guide ([952d27c](https://github.com/ory/oathkeeper/commit/952d27c7639a80b5daddb702a6f790e855b1422b)) +- Add install and run section + ([87f0700](https://github.com/ory/oathkeeper/commit/87f07004b47d9803246bc42bf78c3e5100969033)) +- Fix table of contents in summary + ([fdb752b](https://github.com/ory/oathkeeper/commit/fdb752b3172ed746776cb7153f4523b10920f492)) +- Improve swagger documentation + ([8f16a9b](https://github.com/ory/oathkeeper/commit/8f16a9b36e1b75415f5e367c0ae5589a74187139)) +- Wrote basic developer guide + ([952d27c](https://github.com/ory/oathkeeper/commit/952d27c7639a80b5daddb702a6f790e855b1422b)) ### Unclassified - Replace shared secret with RSA key from Hydra for ID token signing ([e7ed8ca](https://github.com/ory/oathkeeper/commit/e7ed8ca672f617a5d67a0d70ca665e3b45fe3e67)) -- Ignore gitbook output directory ([580b94f](https://github.com/ory/oathkeeper/commit/580b94fa921363782e02d66981172659dc76dadc)) +- Ignore gitbook output directory + ([580b94f](https://github.com/ory/oathkeeper/commit/580b94fa921363782e02d66981172659dc76dadc)) - Add rules management capabilities to the cli ([289c38a](https://github.com/ory/oathkeeper/commit/289c38ae4b9c67b654e3b24dc45bd28968f75937)) -- Format cmd/serve ([bc2e7c1](https://github.com/ory/oathkeeper/commit/bc2e7c159eea9a203820e396f7588a007722efc8)) +- Format cmd/serve + ([bc2e7c1](https://github.com/ory/oathkeeper/commit/bc2e7c159eea9a203820e396f7588a007722efc8)) # [0.0.19](https://github.com/ory/oathkeeper/compare/v0.0.18...v0.0.19) (2017-11-13) @@ -2537,7 +3030,8 @@ evaluator: Use full request URL ### Unclassified -- Use full request URL ([2b4b149](https://github.com/ory/oathkeeper/commit/2b4b1492ce3356a7a251e241a308669517ddba3e)) +- Use full request URL + ([2b4b149](https://github.com/ory/oathkeeper/commit/2b4b1492ce3356a7a251e241a308669517ddba3e)) # [0.0.18](https://github.com/ory/oathkeeper/compare/v0.0.17...v0.0.18) (2017-11-13) @@ -2545,10 +3039,11 @@ evaluator: Improve audit capabilities ### Unclassified -- Improve audit capabilities ([c952d21](https://github.com/ory/oathkeeper/commit/c952d21bd59c7f318a3e7c4f98978eb8b3fc7231)) +- Improve audit capabilities + ([c952d21](https://github.com/ory/oathkeeper/commit/c952d21bd59c7f318a3e7c4f98978eb8b3fc7231)) - Resolve potential panic in token id generation - ([8fe9e9a](https://github.com/ory/oathkeeper/commit/8fe9e9a5bd7b951b93c4966f8585945074ff104d)), closes - [#22](https://github.com/ory/oathkeeper/issues/22) + ([8fe9e9a](https://github.com/ory/oathkeeper/commit/8fe9e9a5bd7b951b93c4966f8585945074ff104d)), + closes [#22](https://github.com/ory/oathkeeper/issues/22) # [0.0.17](https://github.com/ory/oathkeeper/compare/v0.0.16...v0.0.17) (2017-11-12) @@ -2557,8 +3052,8 @@ Introduces surrogate_id to SQLManager (#21) ### Unclassified - Introduces surrogate_id to SQLManager (#21) - ([fbe272f](https://github.com/ory/oathkeeper/commit/fbe272f36e64c4e15758a34f62cc3d03e63c7c64)), closes - [#21](https://github.com/ory/oathkeeper/issues/21) + ([fbe272f](https://github.com/ory/oathkeeper/commit/fbe272f36e64c4e15758a34f62cc3d03e63c7c64)), + closes [#21](https://github.com/ory/oathkeeper/issues/21) # [0.0.16](https://github.com/ory/oathkeeper/compare/v0.0.15...v0.0.16) (2017-11-12) @@ -2567,8 +3062,8 @@ Replace MatchesPath with MatchesURL (#20) ### Unclassified - Replace MatchesPath with MatchesURL (#20) - ([4ee776c](https://github.com/ory/oathkeeper/commit/4ee776cc08201f91dfdab5c0c259c4cfffd88ddb)), closes - [#20](https://github.com/ory/oathkeeper/issues/20) + ([4ee776c](https://github.com/ory/oathkeeper/commit/4ee776cc08201f91dfdab5c0c259c4cfffd88ddb)), + closes [#20](https://github.com/ory/oathkeeper/issues/20) # [0.0.15](https://github.com/ory/oathkeeper/compare/v0.0.14...v0.0.15) (2017-11-09) @@ -2577,8 +3072,8 @@ Add HTTPS capabilities and document proxy/management commands (#19) ### Unclassified - Add HTTPS capabilities and document proxy/management commands (#19) - ([98ef623](https://github.com/ory/oathkeeper/commit/98ef623e64a58afa99fcb2db67bf5c514c86334c)), closes - [#19](https://github.com/ory/oathkeeper/issues/19) + ([98ef623](https://github.com/ory/oathkeeper/commit/98ef623e64a58afa99fcb2db67bf5c514c86334c)), + closes [#19](https://github.com/ory/oathkeeper/issues/19) # [0.0.14](https://github.com/ory/oathkeeper/compare/v0.0.13...v0.0.14) (2017-11-07) @@ -2587,8 +3082,8 @@ Make refresh_delay configurable and skip it on boot (#18) ### Unclassified - Make refresh_delay configurable and skip it on boot (#18) - ([4863a82](https://github.com/ory/oathkeeper/commit/4863a823d8f510e5c82d7f8c34f5753f18861a03)), closes - [#18](https://github.com/ory/oathkeeper/issues/18) + ([4863a82](https://github.com/ory/oathkeeper/commit/4863a823d8f510e5c82d7f8c34f5753f18861a03)), + closes [#18](https://github.com/ory/oathkeeper/issues/18) # [0.0.13](https://github.com/ory/oathkeeper/compare/v0.0.12...v0.0.13) (2017-11-07) @@ -2597,8 +3092,8 @@ Store rules path match in plaintext (#17) ### Unclassified - Store rules path match in plaintext (#17) - ([6570b5d](https://github.com/ory/oathkeeper/commit/6570b5d7f3169f63f9d8c31d844660f5394fc37a)), closes - [#17](https://github.com/ory/oathkeeper/issues/17) + ([6570b5d](https://github.com/ory/oathkeeper/commit/6570b5d7f3169f63f9d8c31d844660f5394fc37a)), + closes [#17](https://github.com/ory/oathkeeper/issues/17) # [0.0.12](https://github.com/ory/oathkeeper/compare/v0.0.11...v0.0.12) (2017-11-07) @@ -2607,11 +3102,12 @@ Use ladon regex compiler for matches (#16) ### Unclassified - Use ladon regex compiler for matches (#16) - ([972a328](https://github.com/ory/oathkeeper/commit/972a328b1a0fca0dfcc41487492f0203c284b54a)), closes - [#16](https://github.com/ory/oathkeeper/issues/16) + ([972a328](https://github.com/ory/oathkeeper/commit/972a328b1a0fca0dfcc41487492f0203c284b54a)), + closes [#16](https://github.com/ory/oathkeeper/issues/16) - Fix typo in circle-ci test-docker job ([5618c30](https://github.com/ory/oathkeeper/commit/5618c3079ef559ad5dfbacc398a8b95b3c333643)) -- Run docker image in test ([12b5f13](https://github.com/ory/oathkeeper/commit/12b5f13ad997b7c427505bffa1ad7e33aa2de684)) +- Run docker image in test + ([12b5f13](https://github.com/ory/oathkeeper/commit/12b5f13ad997b7c427505bffa1ad7e33aa2de684)) # [0.0.11](https://github.com/ory/oathkeeper/compare/v0.0.10...v0.0.11) (2017-11-06) @@ -2632,7 +3128,8 @@ Add ssl certificates to scratch image - Add ssl certificates to scratch image ([56a3243](https://github.com/ory/oathkeeper/commit/56a3243d1c4be1308b1aa22244548359c94ee181)) -- Build static binary within docker ([4d6d8bf](https://github.com/ory/oathkeeper/commit/4d6d8bf22f7aea16fa21e4fee99c829b9e76de0d)) +- Build static binary within docker + ([4d6d8bf](https://github.com/ory/oathkeeper/commit/4d6d8bf22f7aea16fa21e4fee99c829b9e76de0d)) # [0.0.9](https://github.com/ory/oathkeeper/compare/v0.0.8...v0.0.9) (2017-11-06) @@ -2663,8 +3160,8 @@ Build oathekeeper docker image statically (#14) ### Unclassified - Build oathekeeper docker image statically (#14) - ([dbd2037](https://github.com/ory/oathkeeper/commit/dbd2037b56b6104b79607b20394be0e9a30e67e1)), closes - [#14](https://github.com/ory/oathkeeper/issues/14): + ([dbd2037](https://github.com/ory/oathkeeper/commit/dbd2037b56b6104b79607b20394be0e9a30e67e1)), + closes [#14](https://github.com/ory/oathkeeper/issues/14): - Build oathekeeper docker image statically @@ -2676,7 +3173,8 @@ Added serve all command ### Unclassified -- Added serve all command ([dfc071c](https://github.com/ory/oathkeeper/commit/dfc071c02d9fa6fda9832bd35fdc4b1eb96c63c6)) +- Added serve all command + ([dfc071c](https://github.com/ory/oathkeeper/commit/dfc071c02d9fa6fda9832bd35fdc4b1eb96c63c6)) # [0.0.5](https://github.com/ory/oathkeeper/compare/v0.0.4...v0.0.5) (2017-11-01) @@ -2686,14 +3184,17 @@ Remove goveralls from circle build - Remove goveralls from circle build ([8362e1c](https://github.com/ory/oathkeeper/commit/8362e1c125e2bd74faefd18ff26a9b06f88792aa)) -- Add cors handling to proxy ([84cec15](https://github.com/ory/oathkeeper/commit/84cec15900a97dec6b92423912ef6d4802121036)) -- Use circle ci build status badge ([b776e05](https://github.com/ory/oathkeeper/commit/b776e05e5a3ad60b1b993b6f8dea1d6f5baef7c6)) -- Use circle ci build status badge ([65c4100](https://github.com/ory/oathkeeper/commit/65c4100eab6a8a09ca96e31b009545a09400b1a8)) +- Add cors handling to proxy + ([84cec15](https://github.com/ory/oathkeeper/commit/84cec15900a97dec6b92423912ef6d4802121036)) +- Use circle ci build status badge + ([b776e05](https://github.com/ory/oathkeeper/commit/b776e05e5a3ad60b1b993b6f8dea1d6f5baef7c6)) +- Use circle ci build status badge + ([65c4100](https://github.com/ory/oathkeeper/commit/65c4100eab6a8a09ca96e31b009545a09400b1a8)) - Switch from glide to golang/dep for vendoring ([ec63fa4](https://github.com/ory/oathkeeper/commit/ec63fa47af310a6936f4afada49700c9ca54b9ad)) - Resolve tests by replacing nil slice (#7) - ([971d020](https://github.com/ory/oathkeeper/commit/971d02082956969c9cd6cfcb5afb257606ddeb6b)), closes - [#7](https://github.com/ory/oathkeeper/issues/7) + ([971d020](https://github.com/ory/oathkeeper/commit/971d02082956969c9cd6cfcb5afb257606ddeb6b)), + closes [#7](https://github.com/ory/oathkeeper/issues/7) # [0.0.4](https://github.com/ory/oathkeeper/compare/v0.0.3...v0.0.4) (2017-10-21) @@ -2702,11 +3203,11 @@ Return arrays instead of null on rule creation (#6) ### Unclassified - Return arrays instead of null on rule creation (#6) - ([02e88be](https://github.com/ory/oathkeeper/commit/02e88beda5415e51b42e33527af90cf59d6a759e)), closes - [#6](https://github.com/ory/oathkeeper/issues/6) + ([02e88be](https://github.com/ory/oathkeeper/commit/02e88beda5415e51b42e33527af90cf59d6a759e)), + closes [#6](https://github.com/ory/oathkeeper/issues/6) - Add circleci configuration file (#5) - ([76e58f2](https://github.com/ory/oathkeeper/commit/76e58f2033e86c522875faafc77717f31274b4f7)), closes - [#5](https://github.com/ory/oathkeeper/issues/5) + ([76e58f2](https://github.com/ory/oathkeeper/commit/76e58f2033e86c522875faafc77717f31274b4f7)), + closes [#5](https://github.com/ory/oathkeeper/issues/5) # [0.0.3](https://github.com/ory/oathkeeper/compare/v0.0.2...v0.0.3) (2017-10-18) @@ -2714,7 +3215,8 @@ Force linefeed for shell scripts ### Unclassified -- Force linefeed for shell scripts ([1e4fc77](https://github.com/ory/oathkeeper/commit/1e4fc771df44b7f67b616bc652d0c280131d59cf)) +- Force linefeed for shell scripts + ([1e4fc77](https://github.com/ory/oathkeeper/commit/1e4fc771df44b7f67b616bc652d0c280131d59cf)) - When introspection fails return unauthorized ([f5295b4](https://github.com/ory/oathkeeper/commit/f5295b484fd9430bcb0d5333ca9b395f88812d62)) @@ -2724,7 +3226,8 @@ cmd: remove unnecessary scope hydra.warden.\* ### Unclassified -- Add ability to skip acp checks ([18facbb](https://github.com/ory/oathkeeper/commit/18facbbf42baa34aa8740c2952789d1f608cfb90)) +- Add ability to skip acp checks + ([18facbb](https://github.com/ory/oathkeeper/commit/18facbbf42baa34aa8740c2952789d1f608cfb90)) - Remove unnecessary scope hydra.warden.\* ([2214498](https://github.com/ory/oathkeeper/commit/2214498c477b8cfb739c0326437d684b291d16eb)) @@ -2734,11 +3237,15 @@ travis: add goveralls report submission (#2) ### Documentation -- Update readme ([c11056a](https://github.com/ory/oathkeeper/commit/c11056a0714275f21543f2a9a7361e5223c590e8)) +- Update readme + ([c11056a](https://github.com/ory/oathkeeper/commit/c11056a0714275f21543f2a9a7361e5223c590e8)) ### Unclassified -- Initial commit ([072f5e4](https://github.com/ory/oathkeeper/commit/072f5e4321ac3a143544cf70da337f0734a86483)) -- Add goveralls report submission ([#2](https://github.com/ory/oathkeeper/issues/2)) +- Initial commit + ([072f5e4](https://github.com/ory/oathkeeper/commit/072f5e4321ac3a143544cf70da337f0734a86483)) +- Add goveralls report submission + ([#2](https://github.com/ory/oathkeeper/issues/2)) ([13f9f81](https://github.com/ory/oathkeeper/commit/13f9f81becb7efb0dba32c8ca4d6df7e98ba7191)) -- Initial commit ([bff82ab](https://github.com/ory/oathkeeper/commit/bff82ab818f993ea091257c261140f4fb0d51038)) +- Initial commit + ([bff82ab](https://github.com/ory/oathkeeper/commit/bff82ab818f993ea091257c261140f4fb0d51038)) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index e067a04411..da4b27661c 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -2,98 +2,128 @@ ## Our Pledge -We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, -regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, -level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation. -We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community. +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. ## Our Standards -Examples of behavior that contributes to a positive environment for our community include: +Examples of behavior that contributes to a positive environment for our +community include: - Demonstrating empathy and kindness toward other people - Being respectful of differing opinions, viewpoints, and experiences - Giving and gracefully accepting constructive feedback -- Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience -- Focusing on what is best not just for us as individuals, but for the overall community +- Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +- Focusing on what is best not just for us as individuals, but for the overall + community Examples of unacceptable behavior include: -- The use of sexualized language or imagery, and sexual attention or advances of any kind +- The use of sexualized language or imagery, and sexual attention or advances of + any kind - Trolling, insulting or derogatory comments, and personal or political attacks - Public or private harassment -- Publishing others' private information, such as a physical or email address, without their explicit permission -- Other conduct which could reasonably be considered inappropriate in a professional setting +- Publishing others' private information, such as a physical or email address, + without their explicit permission +- Other conduct which could reasonably be considered inappropriate in a + professional setting ## Enforcement Responsibilities -Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and -fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful. +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. -Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and -other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when -appropriate. +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. ## Scope -This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the -community in public spaces. Examples of representing our community include using an official e-mail address, posting via an -official social media account, or acting as an appointed representative at an online or offline event. +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. ## Enforcement -Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for -enforcement at [office@ory.sh](mailto:office@ory.sh). All complaints will be reviewed and investigated promptly and fairly. +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +[office@ory.sh](mailto:office@ory.sh). All complaints will be reviewed and +investigated promptly and fairly. -All community leaders are obligated to respect the privacy and security of the reporter of any incident. +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. ## Enforcement Guidelines -Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in -violation of this Code of Conduct: +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: ### 1. Correction -**Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community. +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. -**Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation and an -explanation of why the behavior was inappropriate. A public apology may be requested. +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. ### 2. Warning -**Community Impact**: A violation through a single incident or series of actions. +**Community Impact**: A violation through a single incident or series of +actions. -**Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including -unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding -interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or -permanent ban. +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or permanent +ban. ### 3. Temporary Ban -**Community Impact**: A serious violation of community standards, including sustained inappropriate behavior. +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. -**Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period of -time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code -of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban. +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. ### 4. Permanent Ban -**Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, -harassment of an individual, or aggression toward or disparagement of classes of individuals. +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. -**Consequence**: A permanent ban from any sort of public interaction within the community. +**Consequence**: A permanent ban from any sort of public interaction within the +community. ## Attribution -This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.1, available at +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.1, available at [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. -Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder][mozilla coc]. +Community Impact Guidelines were inspired by [Mozilla's code of conduct +enforcement ladder][mozilla coc]. -For answers to common questions about this code of conduct, see the FAQ at [https://www.contributor-covenant.org/faq][faq]. -Translations are available at [https://www.contributor-covenant.org/translations][translations]. +For answers to common questions about this code of conduct, see the FAQ at +[https://www.contributor-covenant.org/faq][faq]. Translations are available at +[https://www.contributor-covenant.org/translations][translations]. [homepage]: https://www.contributor-covenant.org [v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7c8dd43d8e..34111a0cc7 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -29,36 +29,45 @@ https://github.com/ory/meta/blob/master/templates/repository/common/CONTRIBUTING ## Introduction -_Please note_: We take Ory Oathkeeper's security and our users' trust very seriously. If you believe you have found a security -issue in Ory Oathkeeper, please disclose by contacting us at security@ory.sh. +_Please note_: We take Ory Oathkeeper's security and our users' trust very +seriously. If you believe you have found a security issue in Ory Oathkeeper, +please disclose by contacting us at security@ory.sh. -There are many ways in which you can contribute. The goal of this document is to provide a high-level overview of how you can get -involved in Ory. +There are many ways in which you can contribute. The goal of this document is to +provide a high-level overview of how you can get involved in Ory. -As a potential contributor, your changes and ideas are welcome at any hour of the day or night, weekdays, weekends, and holidays. -Please do not ever hesitate to ask a question or send a pull request. +As a potential contributor, your changes and ideas are welcome at any hour of +the day or night, weekdays, weekends, and holidays. Please do not ever hesitate +to ask a question or send a pull request. -If you are unsure, just ask or submit the issue or pull request anyways. You won't be yelled at for giving it your best effort. -The worst that can happen is that you'll be politely asked to change something. We appreciate any sort of contributions, and don't -want a wall of rules to get in the way of that. +If you are unsure, just ask or submit the issue or pull request anyways. You +won't be yelled at for giving it your best effort. The worst that can happen is +that you'll be politely asked to change something. We appreciate any sort of +contributions, and don't want a wall of rules to get in the way of that. -That said, if you want to ensure that a pull request is likely to be merged, talk to us! You can find out our thoughts and ensure -that your contribution won't clash with Ory Oathkeeper's direction. A great way to do this is via -[Ory Oathkeeper Discussions](https://github.com/ory/oathkeeper/discussions) or the [Ory Chat](https://www.ory.sh/chat). +That said, if you want to ensure that a pull request is likely to be merged, +talk to us! You can find out our thoughts and ensure that your contribution +won't clash with Ory Oathkeeper's direction. A great way to do this is via +[Ory Oathkeeper Discussions](https://github.com/ory/oathkeeper/discussions) or +the [Ory Chat](https://www.ory.sh/chat). ## FAQ - I am new to the community. Where can I find the [Ory Community Code of Conduct?](https://github.com/ory/oathkeeper/blob/master/CODE_OF_CONDUCT.md) -- I have a question. Where can I get [answers to questions regarding Ory Oathkeeper?](#communication) +- I have a question. Where can I get + [answers to questions regarding Ory Oathkeeper?](#communication) -- I would like to contribute but I am not sure how. Are there [easy ways to contribute?](#how-can-i-contribute) +- I would like to contribute but I am not sure how. Are there + [easy ways to contribute?](#how-can-i-contribute) [Or good first issues?](https://github.com/search?l=&o=desc&q=label%3A%22help+wanted%22+label%3A%22good+first+issue%22+is%3Aopen+user%3Aory+user%3Aory-corp&s=updated&type=Issues) -- I want to talk to other Ory Oathkeeper users. [How can I become a part of the community?](#communication) +- I want to talk to other Ory Oathkeeper users. + [How can I become a part of the community?](#communication) -- I would like to know what I am agreeing to when I contribute to Ory Oathkeeper. Does Ory have +- I would like to know what I am agreeing to when I contribute to Ory + Oathkeeper. Does Ory have [a Contributors License Agreement?](https://cla-assistant.io/ory/oathkeeper) - I would like updates about new versions of Ory Oathkeeper. @@ -69,88 +78,116 @@ that your contribution won't clash with Ory Oathkeeper's direction. A great way If you want to start to contribute code right away, take a look at the [list of good first issues](https://github.com/ory/oathkeeper/labels/good%20first%20issue). -There are many other ways you can contribute. Here are a few things you can do to help out: +There are many other ways you can contribute. Here are a few things you can do +to help out: -- **Give us a star.** It may not seem like much, but it really makes a difference. This is something that everyone can do to help - out Ory Oathkeeper. Github stars help the project gain visibility and stand out. +- **Give us a star.** It may not seem like much, but it really makes a + difference. This is something that everyone can do to help out Ory Oathkeeper. + Github stars help the project gain visibility and stand out. -- **Join the community.** Sometimes helping people can be as easy as listening to their problems and offering a different - perspective. Join our Slack, have a look at discussions in the forum and take part in community events. More info on this in - [Communication](#communication). +- **Join the community.** Sometimes helping people can be as easy as listening + to their problems and offering a different perspective. Join our Slack, have a + look at discussions in the forum and take part in community events. More info + on this in [Communication](#communication). -- **Answer discussions.** There are at all times a number of unanswered discussions on GitHub, you can see an - [overview here](https://github.com/discussions?discussions_q=is%3Aunanswered+org%3Aory+sort%3Aupdated-desc). If you think you - know an answer or can provide some information that might help, please share it! Bonus: You get GitHub achievements for answered +- **Answer discussions.** There are at all times a number of unanswered + discussions on GitHub, you can see an + [overview here](https://github.com/discussions?discussions_q=is%3Aunanswered+org%3Aory+sort%3Aupdated-desc). + If you think you know an answer or can provide some information that might + help, please share it! Bonus: You get GitHub achievements for answered discussions. -- **Help with open issues.** We have a lot of open issues for Ory Oathkeeper and some of them may lack necessary information, some - are duplicates of older issues. You can help out by guiding people through the process of filling out the issue template, asking - for clarifying information, or pointing them to existing issues that match their description of the problem. +- **Help with open issues.** We have a lot of open issues for Ory Oathkeeper and + some of them may lack necessary information, some are duplicates of older + issues. You can help out by guiding people through the process of filling out + the issue template, asking for clarifying information, or pointing them to + existing issues that match their description of the problem. -- **Review documentation changes.** Most documentation just needs a review for proper spelling and grammar. If you think a - document can be improved in any way, feel free to hit the `edit` button at the top of the page. More info on contributing to - documentation [here](#contribute-documentation). +- **Review documentation changes.** Most documentation just needs a review for + proper spelling and grammar. If you think a document can be improved in any + way, feel free to hit the `edit` button at the top of the page. More info on + contributing to documentation [here](#contribute-documentation). -- **Help with tests.** Pull requests may lack proper tests or test plans. These are needed for the change to be implemented - safely. +- **Help with tests.** Pull requests may lack proper tests or test plans. These + are needed for the change to be implemented safely. ## Communication -We use [Slack](https://www.ory.sh/chat). You are welcome to drop in and ask questions, discuss bugs and feature requests, talk to -other users of Ory, etc. +We use [Slack](https://www.ory.sh/chat). You are welcome to drop in and ask +questions, discuss bugs and feature requests, talk to other users of Ory, etc. -Check out [Ory Oathkeeper Discussions](https://github.com/ory/oathkeeper/discussions). This is a great place for in-depth -discussions and lots of code examples, logs and similar data. +Check out +[Ory Oathkeeper Discussions](https://github.com/ory/oathkeeper/discussions). +This is a great place for in-depth discussions and lots of code examples, logs +and similar data. -You can also join our community calls, if you want to speak to the Ory team directly or ask some questions. You can find more info -and participate in [Slack](https://www.ory.sh/chat) in the #community-call channel. +You can also join our community calls, if you want to speak to the Ory team +directly or ask some questions. You can find more info and participate in +[Slack](https://www.ory.sh/chat) in the #community-call channel. -If you want to receive regular notifications about updates to Ory Oathkeeper, consider joining the mailing list. We will _only_ -send you vital information on the projects that you are interested in. +If you want to receive regular notifications about updates to Ory Oathkeeper, +consider joining the mailing list. We will _only_ send you vital information on +the projects that you are interested in. Also [follow us on twitter](https://twitter.com/orycorp). ## Contribute examples -One of the most impactful ways to make a contribution is adding examples. You can find an overview of examples using Ory services -in the [documentation examples page](https://www.ory.sh/docs/examples). Source code for examples can be found in most cases in the +One of the most impactful ways to make a contribution is adding examples. You +can find an overview of examples using Ory services in the +[documentation examples page](https://www.ory.sh/docs/examples). Source code for +examples can be found in most cases in the [ory/examples](https://github.com/ory/examples) repository. _If you would like to contribute a new example, we would love to hear from you!_ -Please [open an issue](https://github.com/ory/examples/issues/new/choose) to describe your example before you start working on it. -We would love to provide guidance to make for a pleasant contribution experience. Go through this checklist to contribute an -example: - -1. Create a github issue proposing a new example and make sure it's different from an existing one. -1. Fork the repo and create a feature branch off of `master` so that changes do not get mixed up. -1. Add a descriptive prefix to commits. This ensures a uniform commit history and helps structure the changelog. Please refer to - this [list of prefixes for Oathkeeper](https://github.com/ory/oathkeeper/blob/master/.github/semantic.yml) for an overview. +Please [open an issue](https://github.com/ory/examples/issues/new/choose) to +describe your example before you start working on it. We would love to provide +guidance to make for a pleasant contribution experience. Go through this +checklist to contribute an example: + +1. Create a github issue proposing a new example and make sure it's different + from an existing one. +1. Fork the repo and create a feature branch off of `master` so that changes do + not get mixed up. +1. Add a descriptive prefix to commits. This ensures a uniform commit history + and helps structure the changelog. Please refer to this + [list of prefixes for Oathkeeper](https://github.com/ory/oathkeeper/blob/master/.github/semantic.yml) + for an overview. 1. Create a `README.md` that explains how to use the example. (Use [the README template](https://github.com/ory/examples/blob/master/_common/README)). 1. Open a pull request and maintainers will review and merge your example. ## Contribute code -Unless you are fixing a known bug, we **strongly** recommend discussing it with the core team via a GitHub issue or -[in our chat](https://www.ory.sh/chat) before getting started to ensure your work is consistent with Ory Oathkeeper's roadmap and -architecture. +Unless you are fixing a known bug, we **strongly** recommend discussing it with +the core team via a GitHub issue or [in our chat](https://www.ory.sh/chat) +before getting started to ensure your work is consistent with Ory Oathkeeper's +roadmap and architecture. -All contributions are made via pull requests. To make a pull request, you will need a GitHub account; if you are unclear on this -process, see GitHub's documentation on [forking](https://help.github.com/articles/fork-a-repo) and -[pull requests](https://help.github.com/articles/using-pull-requests). Pull requests should be targeted at the `master` branch. -Before creating a pull request, go through this checklist: +All contributions are made via pull requests. To make a pull request, you will +need a GitHub account; if you are unclear on this process, see GitHub's +documentation on [forking](https://help.github.com/articles/fork-a-repo) and +[pull requests](https://help.github.com/articles/using-pull-requests). Pull +requests should be targeted at the `master` branch. Before creating a pull +request, go through this checklist: 1. Create a feature branch off of `master` so that changes do not get mixed up. -1. [Rebase](http://git-scm.com/book/en/Git-Branching-Rebasing) your local changes against the `master` branch. -1. Run the full project test suite with the `go test -tags sqlite ./...` (or equivalent) command and confirm that it passes. -1. Run `make format` if a `Makefile` is available, `gofmt -s` if the project is written in Go, `npm run format` if the project is - written for NodeJS. -1. Add a descriptive prefix to commits. This ensures a uniform commit history and helps structure the changelog. - Please refer to this [list of prefixes for Oathkeeper](https://github.com/ory/oathkeeper/blob/master/.github/semantic.yml) for - an overview. -1. Sign-up with CircleCI so that it has access to your repository with the branch containing your PR. Simply creating a CircleCI - account is sufficient for the CI jobs to run, you do not need to setup a CircleCI project for the branch. +1. [Rebase](http://git-scm.com/book/en/Git-Branching-Rebasing) your local + changes against the `master` branch. +1. Run the full project test suite with the `go test -tags sqlite ./...` (or + equivalent) command and confirm that it passes. +1. Run `make format` if a `Makefile` is available, `gofmt -s` if the project is + written in Go, `npm run format` if the project is written for NodeJS. +1. Add a descriptive prefix to commits. This ensures a uniform commit history + and helps structure the changelog. + Please refer to this + [list of prefixes for Oathkeeper](https://github.com/ory/oathkeeper/blob/master/.github/semantic.yml) + for an overview. +1. Sign-up with CircleCI so that it has access to your repository with the + branch containing your PR. Simply creating a CircleCI account is sufficient + for the CI jobs to run, you do not need to setup a CircleCI project for the + branch. If a pull request is not ready to be reviewed yet [it should be marked as a "Draft"](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request). @@ -158,44 +195,53 @@ If a pull request is not ready to be reviewed yet Before your contributions can be reviewed you need to sign our [Contributor License Agreement](https://cla-assistant.io/ory/oathkeeper). -This agreement defines the terms under which your code is contributed to Ory. More specifically it declares that you have the -right to, and actually do, grant us the rights to use your contribution. You can see the Apache 2.0 license under which our -projects are published [here](https://github.com/ory/meta/blob/master/LICENSE). +This agreement defines the terms under which your code is contributed to Ory. +More specifically it declares that you have the right to, and actually do, grant +us the rights to use your contribution. You can see the Apache 2.0 license under +which our projects are published +[here](https://github.com/ory/meta/blob/master/LICENSE). -When pull requests fail testing, authors are expected to update their pull requests to address the failures until the tests pass. +When pull requests fail testing, authors are expected to update their pull +requests to address the failures until the tests pass. Pull requests eligible for review 1. follow the repository's code formatting conventions; -2. include tests which prove that the change works as intended and does not add regressions; +2. include tests which prove that the change works as intended and does not add + regressions; 3. document the changes in the code and/or the project's documentation; 4. pass the CI pipeline; -5. have signed our [Contributor License Agreement](https://cla-assistant.io/ory/oathkeeper); +5. have signed our + [Contributor License Agreement](https://cla-assistant.io/ory/oathkeeper); 6. include a proper git commit message following the [Conventional Commit Specification](https://www.conventionalcommits.org/en/v1.0.0/). -If all of these items are checked, the pull request is ready to be reviewed and you should change the status to "Ready for review" -and +If all of these items are checked, the pull request is ready to be reviewed and +you should change the status to "Ready for review" and [request review from a maintainer](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review). Reviewers will approve the pull request once they are satisfied with the patch. ## Contribute documentation -Please provide documentation when changing, removing, or adding features. All Ory Documentation resides in the -[Ory documentation repository](https://github.com/ory/docs/). For further instructions please head over to the Ory Documentation +Please provide documentation when changing, removing, or adding features. All +Ory Documentation resides in the +[Ory documentation repository](https://github.com/ory/docs/). For further +instructions please head over to the Ory Documentation [README.md](https://github.com/ory/docs/blob/master/README.md). ## Disclosing vulnerabilities -Please disclose vulnerabilities exclusively to [security@ory.sh](mailto:security@ory.sh). Do not use GitHub issues. +Please disclose vulnerabilities exclusively to +[security@ory.sh](mailto:security@ory.sh). Do not use GitHub issues. ## Code style Please follow these guidelines when formatting source code: - Go code should match the output of `gofmt -s` and pass `golangci-lint run`. -- NodeJS and JavaScript code should be prettified using `npm run format` where appropriate. +- NodeJS and JavaScript code should be prettified using `npm run format` where + appropriate. ### Working with forks @@ -226,10 +272,11 @@ Now go to the project's GitHub Pull Request page and click "New pull request" ## Conduct -Whether you are a regular contributor or a newcomer, we care about making this community a safe place for you and we've got your -back. +Whether you are a regular contributor or a newcomer, we care about making this +community a safe place for you and we've got your back. [Ory Community Code of Conduct](https://github.com/ory/oathkeeper/blob/master/CODE_OF_CONDUCT.md) -We welcome discussion about creating a welcoming, safe, and productive environment for the community. If you have any questions, -feedback, or concerns [please let us know](https://www.ory.sh/chat). +We welcome discussion about creating a welcoming, safe, and productive +environment for the community. If you have any questions, feedback, or concerns +[please let us know](https://www.ory.sh/chat). diff --git a/README.md b/README.md index 349358ad6f..7b2a76e495 100644 --- a/README.md +++ b/README.md @@ -22,13 +22,16 @@

-ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of -Access Rules. The BeyondCorp Model is designed by [Google](https://cloud.google.com/beyondcorp/) and secures applications in -Zero-Trust networks. +ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision +API that authorizes HTTP requests based on sets of Access Rules. The BeyondCorp +Model is designed by [Google](https://cloud.google.com/beyondcorp/) and secures +applications in Zero-Trust networks. -An Identity & Access Proxy is typically deployed in front of (think API Gateway) web-facing applications and is capable of -authenticating and optionally authorizing access requests. The Access Control Decision API can be deployed alongside an existing -API Gateway or reverse proxy. ORY Oathkeeper's Access Control Decision API works with: +An Identity & Access Proxy is typically deployed in front of (think API Gateway) +web-facing applications and is capable of authenticating and optionally +authorizing access requests. The Access Control Decision API can be deployed +alongside an existing API Gateway or reverse proxy. ORY Oathkeeper's Access +Control Decision API works with: - [Ambassador](https://github.com/datawire/ambassador) via [auth service](https://www.getambassador.io/reference/services/auth-service). @@ -41,17 +44,22 @@ API Gateway or reverse proxy. ORY Oathkeeper's Access Control Decision API works among others. -This service is stable, but under active development and may introduce breaking changes in future releases. Any breaking change -will have extensive documentation and upgrade instructions. +This service is stable, but under active development and may introduce breaking +changes in future releases. Any breaking change will have extensive +documentation and upgrade instructions. ## Project Renaming -The Ory Oathkeeper project was started in 2017 in Germany and owes its name to the Sword -[Oathkeeper](https://gameofthrones.fandom.com/wiki/Oathkeeper) from Game of Thrones. We also understand that the name is -politically charged in the US as it is shared with a far-right militia organization in the US called "Oath Keepers". +The Ory Oathkeeper project was started in 2017 in Germany and owes its name to +the Sword [Oathkeeper](https://gameofthrones.fandom.com/wiki/Oathkeeper) from +Game of Thrones. We also understand that the name is politically charged in the +US as it is shared with a far-right militia organization in the US called "Oath +Keepers". -To take a stand against extremism and avoid any confusion to the name's origin, we will be renaming the project in the near -future. Please be patient with us as we work on this complicated change of various CIs, tools, scripts, and automations. +To take a stand against extremism and avoid any confusion to the name's origin, +we will be renaming the project in the near future. Please be patient with us as +we work on this complicated change of various CIs, tools, scripts, and +automations. --- @@ -79,8 +87,10 @@ future. Please be patient with us as we work on this complicated change of vario ## Installation -Head over to the [ORY Developer Documentation](https://www.ory.sh/oathkeeper/docs/install) to learn how to install ORY Oathkeeper -on Linux, macOS, Windows, and Docker and how to build ORY Oathkeeper from source. +Head over to the +[ORY Developer Documentation](https://www.ory.sh/oathkeeper/docs/install) to +learn how to install ORY Oathkeeper on Linux, macOS, Windows, and Docker and how +to build ORY Oathkeeper from source. ## Who's using it? @@ -332,13 +342,14 @@ to perform a certain action on a resource. ### Disclosing vulnerabilities -If you think you found a security vulnerability, please refrain from posting it publicly on the forums, the chat, or GitHub and -send us an email to [hi@ory.sh](mailto:hi@ory.sh) instead. +If you think you found a security vulnerability, please refrain from posting it +publicly on the forums, the chat, or GitHub and send us an email to +[hi@ory.sh](mailto:hi@ory.sh) instead. ## Telemetry -Our services collect summarized, anonymized data which can optionally be turned off. Click -[here](https://www.ory.sh/docs/ecosystem/sqa) to learn more. +Our services collect summarized, anonymized data which can optionally be turned +off. Click [here](https://www.ory.sh/docs/ecosystem/sqa) to learn more. ## Documentation @@ -348,11 +359,13 @@ The Guide is available [here](https://www.ory.sh/oathkeeper/docs/). ### HTTP API documentation -The HTTP API is documented [here](https://www.ory.sh/oathkeeper/docs/reference/api). +The HTTP API is documented +[here](https://www.ory.sh/oathkeeper/docs/reference/api). ### Upgrading and Changelog -New releases might introduce breaking changes. To help you identify and incorporate those changes, we document these changes in +New releases might introduce breaking changes. To help you identify and +incorporate those changes, we document these changes in [UPGRADE.md](./UPGRADE.md) and [CHANGELOG.md](./CHANGELOG.md). ### Command line documentation diff --git a/SECURITY.md b/SECURITY.md index 8152c97a56..70f1ef4ddb 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -21,8 +21,8 @@ https://github.com/ory/meta/blob/master/templates/repository/SECURITY.md ## Supported Versions -We release patches for security vulnerabilities. Which versions are eligible receiving such patches depend on the CVSS v3.0 -Rating: +We release patches for security vulnerabilities. Which versions are eligible +receiving such patches depend on the CVSS v3.0 Rating: | CVSS v3.0 | Supported Versions | | --------- | ----------------------------------------- | @@ -31,6 +31,7 @@ Rating: ## Reporting a Vulnerability -Please report (suspected) security vulnerabilities to **[security@ory.sh](mailto:security@ory.sh)**. You will receive a response -from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but -historically within a few days. +Please report (suspected) security vulnerabilities to +**[security@ory.sh](mailto:security@ory.sh)**. You will receive a response from +us within 48 hours. If the issue is confirmed, we will release a patch as soon +as possible depending on complexity but historically within a few days. diff --git a/UPGRADE.md b/UPGRADE.md index 4e5ca51f40..10ff8a2c3d 100644 --- a/UPGRADE.md +++ b/UPGRADE.md @@ -1,8 +1,9 @@ # Upgrading -The intent of this document is to make migration of breaking changes as easy as possible. Please note that not all breaking -changes might be included here. Please check the [CHANGELOG.md](./CHANGELOG.md) for a full list of changes before finalizing the -upgrade process. +The intent of this document is to make migration of breaking changes as easy as +possible. Please note that not all breaking changes might be included here. +Please check the [CHANGELOG.md](./CHANGELOG.md) for a full list of changes +before finalizing the upgrade process. @@ -50,50 +51,63 @@ upgrade process. BREAKING CHANGES: -- This patch allows using the regex capture groups from the URL matcher to be used in several places, including the ID Token - generator and elsewhere. To get this working, existing `keto_engine_acp_ory` authorizers are no longer able to use regex - substition in the form of `my:action:$1` but instead must use the new format which is - `{{ printIndex .MatchContext.RegexpCaptureGroups 0}}` (notice that the index changed by _-1_). A rule migrator exists which - makes old rules compatible with the new format, if a version string is given. More details on the rule migration can be found - here: https://github.com/ory/oathkeeper/commit/fd16ceb230a1b14ebb01a147d2d70acce77f9fbd#diff-6177fb19f1b7d7bc392f5062b838df15 +- This patch allows using the regex capture groups from the URL matcher to be + used in several places, including the ID Token generator and elsewhere. To get + this working, existing `keto_engine_acp_ory` authorizers are no longer able to + use regex substition in the form of `my:action:$1` but instead must use the + new format which is `{{ printIndex .MatchContext.RegexpCaptureGroups 0}}` + (notice that the index changed by _-1_). A rule migrator exists which makes + old rules compatible with the new format, if a version string is given. More + details on the rule migration can be found here: + https://github.com/ory/oathkeeper/commit/fd16ceb230a1b14ebb01a147d2d70acce77f9fbd#diff-6177fb19f1b7d7bc392f5062b838df15 ## v0.36 -The access rule matcher now supports the [Glob patterns](https://github.com/gobwas/glob)! +The access rule matcher now supports the +[Glob patterns](https://github.com/gobwas/glob)! ## v0.35.0-beta.1 -This release focuses on a rework of the SDK pipeline. First of all, we have introduced new SDKs for all popular programming -languages and published them on their respective package repositories: +This release focuses on a rework of the SDK pipeline. First of all, we have +introduced new SDKs for all popular programming languages and published them on +their respective package repositories: - [Python](https://pypi.org/project/ory-oathkeeper-client/) - [PHP](https://packagist.org/packages/ory/oathkeeper-client) - [Go](https://github.com/ory/oathkeeper-client-go) -- [NodeJS](https://www.npmjs.com/package/@oryd/oathkeeper-client) (with TypeScript) +- [NodeJS](https://www.npmjs.com/package/@oryd/oathkeeper-client) (with + TypeScript) - [Java](https://search.maven.org/artifact/sh.ory.oathkeeper/oathkeeper-client) - [Ruby](https://rubygems.org/gems/ory-oathkeeper-client) -The SDKs hosted in this repository (under ./sdk/...) have been completely removed. Please use only the SDKs from the above sources -from now on as it will also remove several issues that were caused by the previous SDK pipeline. +The SDKs hosted in this repository (under ./sdk/...) have been completely +removed. Please use only the SDKs from the above sources from now on as it will +also remove several issues that were caused by the previous SDK pipeline. Unfortunately, there were breaking changes introduced by the new SDK generation: -- Several structs and fields have been renamed in the Go SDK. However, nothing else changed so upgrading should be a matter of - half an hour if you made extensive use of the SDK, or several minutes if just one or two methods are being used. -- All other SDKs changed to `openapi-generator`, which is a better maintained generator that creates better code than the one - previously used. This manifests in TypeScript definitions for the NodeJS SDK and several other goodies. We do not have a proper - migration path for those, unfortunately. +- Several structs and fields have been renamed in the Go SDK. However, nothing + else changed so upgrading should be a matter of half an hour if you made + extensive use of the SDK, or several minutes if just one or two methods are + being used. +- All other SDKs changed to `openapi-generator`, which is a better maintained + generator that creates better code than the one previously used. This + manifests in TypeScript definitions for the NodeJS SDK and several other + goodies. We do not have a proper migration path for those, unfortunately. -If you have issues with upgrading the SDK, please let us know in an issue on this repository! +If you have issues with upgrading the SDK, please let us know in an issue on +this repository! ## v0.34.0-beta.1+oryOS.14 -A new feature was introduced which allows you to handle errors in different ways (e.g. redirect to login, return JSON error, ...) -depending on the error and HTTP request type. For more information, head over to: +A new feature was introduced which allows you to handle errors in different ways +(e.g. redirect to login, return JSON error, ...) depending on the error and HTTP +request type. For more information, head over to: https://www.ory.sh/docs/next/oathkeeper/pipeline/error -One backwards incompatible change has been made, as JSON errors returned by ORY Oathkeeper now include only minimal information -about the error source. You can change this behavior by setting `verbose` to `true`, see: +One backwards incompatible change has been made, as JSON errors returned by ORY +Oathkeeper now include only minimal information about the error source. You can +change this behavior by setting `verbose` to `true`, see: https://www.ory.sh/docs/next/oathkeeper/pipeline/error#json No other backwards incompatible changes have been made! @@ -102,11 +116,14 @@ No other backwards incompatible changes have been made! The "mutator" hydrator config has changed: -- `config.retry.delay_in_milliseconds: 100` (int) is now `config.retry.max_delay: 100ms` (duration) -- `config.retry.max_retries: 3` (int) is now `config.retry.give_up_after: 1s` (duration) +- `config.retry.delay_in_milliseconds: 100` (int) is now + `config.retry.max_delay: 100ms` (duration) +- `config.retry.max_retries: 3` (int) is now `config.retry.give_up_after: 1s` + (duration) -A new feature introduce in this release allows to keep using existing access rules by setting `"version": "v0.32.0-beta.1"` in the -existing rules. ORY Oathkeeper will migrate the old config to the new config. +A new feature introduce in this release allows to keep using existing access +rules by setting `"version": "v0.32.0-beta.1"` in the existing rules. ORY +Oathkeeper will migrate the old config to the new config. This access rule definition will properly be migrated: @@ -131,23 +148,27 @@ We encourage you to tag all your access rules with the version. ## v0.32.0-beta.1+oryOS.12 -An issue with the release pipeline has been resolved, which required several version increases. No functionality has changed in a -backwards incompatible way. +An issue with the release pipeline has been resolved, which required several +version increases. No functionality has changed in a backwards incompatible way. ## v0.19.0-beta.1+oryOS.12 ### Config Changes -This release homogenizes all configuration settings. Previously all handlers (mutators, authenticators, and authorizers) had two -different types of config: global and per access rule. +This release homogenizes all configuration settings. Previously all handlers +(mutators, authenticators, and authorizers) had two different types of config: +global and per access rule. -With this release, all handlers have the same configuration for global and per access rule. For example, the `id_token` handler -requires the `issuer_url`. Previously, this value was only configurable in the global config. Now, it can be set on a per rule -basis as well as globally. The global config will always be used as a fallback when no access rule specific configuration is set. +With this release, all handlers have the same configuration for global and per +access rule. For example, the `id_token` handler requires the `issuer_url`. +Previously, this value was only configurable in the global config. Now, it can +be set on a per rule basis as well as globally. The global config will always be +used as a fallback when no access rule specific configuration is set. -For this to work, the ORY Oathkeeper global configuration file (`~/.oathkeeper.yaml`) has changed when it comes to mutators, -authenticaotrs, and authorizers. Instead of defining the config at the same level as the `enabled` flag, it is now nested in a -subkey "config": +For this to work, the ORY Oathkeeper global configuration file +(`~/.oathkeeper.yaml`) has changed when it comes to mutators, authenticaotrs, +and authorizers. Instead of defining the config at the same level as the +`enabled` flag, it is now nested in a subkey "config": ``` authorizers: @@ -164,16 +185,19 @@ authorizers: ### Hydrator Mutator -The Hydrator mutator has two configuration keys `api.retry.number` and `api.retry.delayInMilliseconds`. These have been renamed -for consistency reasons to: `api.retry.number_of_retries` and `api.retry.delay_in_milliseconds`. +The Hydrator mutator has two configuration keys `api.retry.number` and +`api.retry.delayInMilliseconds`. These have been renamed for consistency reasons +to: `api.retry.number_of_retries` and `api.retry.delay_in_milliseconds`. ## v0.18.0-beta.1+oryOS.12 ### Access Rule Mutators -1. ORY Oathkeeper now supports multiple mutators. Mutations are performed in the provided order and must all succeed in order for - the HTTP request to be forwarded. -2. The `mutator` property was renamed to `mutators` to reflect its true nature (see previous item). +1. ORY Oathkeeper now supports multiple mutators. Mutations are performed in the + provided order and must all succeed in order for the HTTP request to be + forwarded. +2. The `mutator` property was renamed to `mutators` to reflect its true nature + (see previous item). If you have existing rules, please update them as follows: @@ -212,11 +236,12 @@ If you have existing rules, please update them as follows: #### `id_token` mutator now renders go templates -The `id_token` mutator is now capable of rendering custom claims using Go [text/template](https://golang.org/pkg/text/template/) -receiving the `AuthenticationSession` struct as its parameters. +The `id_token` mutator is now capable of rendering custom claims using Go +[text/template](https://golang.org/pkg/text/template/) receiving the +`AuthenticationSession` struct as its parameters. -To enable this change, the `aud` config was removed and the `claims` config was introduced. The `claims` field is a raw string -representing a Go template. +To enable this change, the `aud` config was removed and the `claims` config was +introduced. The `claims` field is a raw string representing a Go template. To upgrade existing rules, apply patches similar to this one: @@ -234,34 +259,49 @@ deprecated config: ## v0.17.0-beta.1+oryOS.12 -ORY Oathkeeper now watches configuration files and access rules repositories on the local disk for changes. This does currently -not work for remote sources (http/https). Additionally, access rules can now be written in YAML (expected file extensions are -`yaml` and `yml`). +ORY Oathkeeper now watches configuration files and access rules repositories on +the local disk for changes. This does currently not work for remote sources +(http/https). Additionally, access rules can now be written in YAML (expected +file extensions are `yaml` and `yml`). ## v0.16.0-beta.1+oryOS.12 -ORY Oathkeeper was changed according to discussion [177](https://github.com/ory/oathkeeper/issues/177). Several issues have been -resolved that could not be resolved before due to design decisions. We strongly encourage you to re-read the -[documentation](https://www.ory.sh/oathkeeper/docs/) but to give you a short overview of the most important changes: - -1. Commands `oathkeeper serve api` and `oathkeeper serve proxy` have been deprecated of `oathkeeper serve` which exposes two ports - (reverse proxy, API). -1. ORY Oathkeeper can now be configured from a file and configuration keys where updated. Where appropriate, environment variables - from previous versions still work. Please check out [./docs/config.yml](internal/config/.oathkeeper.yaml) for a fully annotated - configuration file as several environment variables changed, for example (not exclusive): `HTTPS_TLS_CERT_PATH`, - `HTTPS_TLS_KEY_PATH`, `HTTPS_TLS_CERT`, `HTTPS_TLS_KEY`. -1. The Judge API (`/judge`) was renamed to Access Control Decision API (`/decisions`) -1. The need for a database was completely removed. Also, ORY Oathkeeper no longer runs as two separate processes but instead as - one process that opens two ports (one proxy, one API). -1. For consistency, JWT claims `scope`, `scp`, `scopes` will always be transformed to `scp` (string[]) in the `jwt` authenticator. -1. ORY Oathkeeper no longer requires a database. Instead, cryptographic keys, access rules, and other configuration items are - loaded from the file system, environment variables, or HTTP(s) locations. -1. Credential Issuers are now called `mutators` as they mutate the HTTP Request (Headers) for upstream services. -1. All authentication, authorization and mutation handlers are disabled by default and must be enabled and configured explicitly. +ORY Oathkeeper was changed according to discussion +[177](https://github.com/ory/oathkeeper/issues/177). Several issues have been +resolved that could not be resolved before due to design decisions. We strongly +encourage you to re-read the +[documentation](https://www.ory.sh/oathkeeper/docs/) but to give you a short +overview of the most important changes: + +1. Commands `oathkeeper serve api` and `oathkeeper serve proxy` have been + deprecated of `oathkeeper serve` which exposes two ports (reverse proxy, + API). +1. ORY Oathkeeper can now be configured from a file and configuration keys where + updated. Where appropriate, environment variables from previous versions + still work. Please check out + [./docs/config.yml](internal/config/.oathkeeper.yaml) for a fully annotated + configuration file as several environment variables changed, for example (not + exclusive): `HTTPS_TLS_CERT_PATH`, `HTTPS_TLS_KEY_PATH`, `HTTPS_TLS_CERT`, + `HTTPS_TLS_KEY`. +1. The Judge API (`/judge`) was renamed to Access Control Decision API + (`/decisions`) +1. The need for a database was completely removed. Also, ORY Oathkeeper no + longer runs as two separate processes but instead as one process that opens + two ports (one proxy, one API). +1. For consistency, JWT claims `scope`, `scp`, `scopes` will always be + transformed to `scp` (string[]) in the `jwt` authenticator. +1. ORY Oathkeeper no longer requires a database. Instead, cryptographic keys, + access rules, and other configuration items are loaded from the file system, + environment variables, or HTTP(s) locations. +1. Credential Issuers are now called `mutators` as they mutate the HTTP Request + (Headers) for upstream services. +1. All authentication, authorization and mutation handlers are disabled by + default and must be enabled and configured explicitly. ### Access Rule Changes -As already noted, `credentials_issuer` was renamed to `mutator`. If you have existing rules, please update them as follows: +As already noted, `credentials_issuer` was renamed to `mutator`. If you have +existing rules, please update them as follows: ``` [ @@ -296,10 +336,12 @@ As already noted, `credentials_issuer` was renamed to `mutator`. If you have exi #### `id_token` works stand-alone -The ID Token Mutator has completely been reworked. It no longer requires ORY Hydra for RS256 algorithms but instead loads the -required cryptographic keys from the file system, environment variables, or a remote HTTP/HTTPS location. +The ID Token Mutator has completely been reworked. It no longer requires ORY +Hydra for RS256 algorithms but instead loads the required cryptographic keys +from the file system, environment variables, or a remote HTTP/HTTPS location. -To make development easy, ORY Oathkeeper ships a CLI command that allows you to quickly create such a cryptographic key: +To make development easy, ORY Oathkeeper ships a CLI command that allows you to +quickly create such a cryptographic key: ```shell $ oathkeeper credentials generate --alg @@ -307,8 +349,8 @@ $ oathkeeper credentials generate --alg #### `headers` -> `header` -The ID of the Header Mutator has been updated from `headers` to `header`. Please apply a patch similar to the listed one to your -access rules: +The ID of the Header Mutator has been updated from `headers` to `header`. Please +apply a patch similar to the listed one to your access rules: ``` [ @@ -341,8 +383,8 @@ access rules: #### `cookies` -> `cookie` -The ID of the Cookie Mutator has been updated from `cookies` to `cookie`. Please apply a patch similar to the listed one to your -access rules: +The ID of the Cookie Mutator has been updated from `cookies` to `cookie`. Please +apply a patch similar to the listed one to your access rules: ``` [ @@ -377,17 +419,22 @@ access rules: ### New Go SDK Generator -The ORY Oathkeeper Go SDK is no being generated using [`go-swagger`](https://github.com/go-swagger/go-swagger) instead of -[`swagger-codegen`](https://github.com/go-swagger/go-swagger). If you have questions regarding upgrading, please open an issue. +The ORY Oathkeeper Go SDK is no being generated using +[`go-swagger`](https://github.com/go-swagger/go-swagger) instead of +[`swagger-codegen`](https://github.com/go-swagger/go-swagger). If you have +questions regarding upgrading, please open an issue. ## v0.14.0+oryOS.10 ### Changes to the ORY Keto Authorizer -As ORY Keto's API and scope have changed, the `keto_warden` authorizer has changed as well. The most important change is that the -identifier changed from `keto_warden` to `keto_engine_acp_ory`. This reflects the new ORY Keto concept which supports different -engines. The functionality of the authorizer itself remains the same. A new configuration option called `flavor` was added, which -sets what flavor (e.g. `regex`, `exact`, ...). Here's an exemplary diff of a rule using `keto_warden` +As ORY Keto's API and scope have changed, the `keto_warden` authorizer has +changed as well. The most important change is that the identifier changed from +`keto_warden` to `keto_engine_acp_ory`. This reflects the new ORY Keto concept +which supports different engines. The functionality of the authorizer itself +remains the same. A new configuration option called `flavor` was added, which +sets what flavor (e.g. `regex`, `exact`, ...). Here's an exemplary diff of a +rule using `keto_warden` ``` { @@ -409,32 +456,38 @@ sets what flavor (e.g. `regex`, `exact`, ...). Here's an exemplary diff of a rul } ``` -As part of this change, environment variable `AUTHORIZER_KETO_WARDEN_KETO_URL` was renamed to `AUTHORIZER_KETO_URL`. +As part of this change, environment variable `AUTHORIZER_KETO_WARDEN_KETO_URL` +was renamed to `AUTHORIZER_KETO_URL`. ### Environment variables - Environment variables `HTTP_TLS_xxx` are now called `HTTPS_TLS_xxx`. -- Environment variable `AUTHORIZER_KETO_WARDEN_KETO_URL` is now `AUTHORIZER_KETO_URL`. +- Environment variable `AUTHORIZER_KETO_WARDEN_KETO_URL` is now + `AUTHORIZER_KETO_URL`. ## v0.13.9+oryOS.9 ### Refresh Configuration -Environment variable `CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_REFRESH_INTERVAL` is now called -`CREDENTIALS_ISSUER_ID_TOKEN_JWK_REFRESH_INTERVAL`. +Environment variable `CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_REFRESH_INTERVAL` is now +called `CREDENTIALS_ISSUER_ID_TOKEN_JWK_REFRESH_INTERVAL`. ### Scope Matching -Previously, `fosite.WildcardScopeStrategy` was used to validate OAuth 2.0 Scope. This is now configurable with environment -variables `AUTHENTICATOR_JWT_SCOPE_STRATEGY` and `AUTHENTICATOR_OAUTH2_INTROSPECTION_SCOPE_STRATEGY`. Supported strategies are +Previously, `fosite.WildcardScopeStrategy` was used to validate OAuth 2.0 Scope. +This is now configurable with environment variables +`AUTHENTICATOR_JWT_SCOPE_STRATEGY` and +`AUTHENTICATOR_OAUTH2_INTROSPECTION_SCOPE_STRATEGY`. Supported strategies are `HIERARCHIC`, `EXACT`, `WILDCARD`, `NONE`. -As part of this change, the default strategy is no longer `WILDCARD` but instead `EXACT`. +As part of this change, the default strategy is no longer `WILDCARD` but instead +`EXACT`. ### Configuration changes -To improve compatibility with ORY Hydra v1.0.0-beta.8, which introduces the public and admin endpoint, the following environment -variables have now been made optional: +To improve compatibility with ORY Hydra v1.0.0-beta.8, which introduces the +public and admin endpoint, the following environment variables have now been +made optional: - `CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_CLIENT_ID` - `CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_CLIENT_SECRET` @@ -444,33 +497,42 @@ variables have now been made optional: - `AUTHENTICATOR_OAUTH2_INTROSPECTION_TOKEN_URL` - `AUTHENTICATOR_OAUTH2_INTROSPECTION_SCOPE` -They are optional because ORY Hydra's administrative endpoints no longer require authorization as they now run on a privileged -port. If you are running ORY Hydra behind a firewall that requires OAuth 2.0 Access tokens, or you are using another OAuth 2.0 -Server that requires an access token, you can still use these settings. +They are optional because ORY Hydra's administrative endpoints no longer require +authorization as they now run on a privileged port. If you are running ORY Hydra +behind a firewall that requires OAuth 2.0 Access tokens, or you are using +another OAuth 2.0 Server that requires an access token, you can still use these +settings. And the following environment variables have changed: -- `CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_URL` is now `CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_ADMIN_URL` and - `CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_PUBLIC_URL` if ORY Hydra is protected with OAuth 2.0. -- `AUTHENTICATOR_OAUTH2_INTROSPECTION_INTROSPECT_URL` is now `AUTHENTICATOR_OAUTH2_INTROSPECTION_URL`. +- `CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_URL` is now + `CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_ADMIN_URL` and + `CREDENTIALS_ISSUER_ID_TOKEN_HYDRA_PUBLIC_URL` if ORY Hydra is protected with + OAuth 2.0. +- `AUTHENTICATOR_OAUTH2_INTROSPECTION_INTROSPECT_URL` is now + `AUTHENTICATOR_OAUTH2_INTROSPECTION_URL`. ### CORS is disabled by default -A new environment variable `CORS_ENABLED` was introduced. It sets whether CORS is enabled ("true") or not ("false")". Default is -disabled. +A new environment variable `CORS_ENABLED` was introduced. It sets whether CORS +is enabled ("true") or not ("false")". Default is disabled. ## v0.13.8+oryOS.8 ### `noop` authenticator no longer bypasses authorizers/credentials issuers -The `noop` authenticator is now very similar to `anonymous` with the difference that no anonymous subject is being set. +The `noop` authenticator is now very similar to `anonymous` with the difference +that no anonymous subject is being set. -Previously, the `noop` authenticator bypassed the authorizer and credential issuers. This patch changes that. +Previously, the `noop` authenticator bypassed the authorizer and credential +issuers. This patch changes that. ## v0.13.2+oryOS.2 -This release introduces serious breaking changes. If you are upgrading, you will - unfortunately - need to re-create the database -schema and migrate your rules manually. While this is frustrating, there are a ton of features that are added with this release: +This release introduces serious breaking changes. If you are upgrading, you +will - unfortunately - need to re-create the database schema and migrate your +rules manually. While this is frustrating, there are a ton of features that are +added with this release: - ORY Oathkeeper is now a standalone project and is independent from ORY Hydra. - Supports generic & extensible authentication strategies like @@ -493,19 +555,22 @@ schema and migrate your rules manually. While this is frustrating, there are a t We recommend re-reading the user guide. -If you are upgrading a production deployment and have issues or questions, reach out to the -[ORY Community](https://discord.gg/PAMQWkr) or to [mailto:hi@ory.sh](hi@ory.sh). +If you are upgrading a production deployment and have issues or questions, reach +out to the [ORY Community](https://discord.gg/PAMQWkr) or to +[mailto:hi@ory.sh](hi@ory.sh). ### Changes to the CLI -Apart from various environment variables which changed (use `oathkeeper help serve proxy` and `oathkeeper help serve api` for an -overview), the `oathkeeper serve all` command has been deprecated. +Apart from various environment variables which changed (use +`oathkeeper help serve proxy` and `oathkeeper help serve api` for an overview), +the `oathkeeper serve all` command has been deprecated. -The proxy command no longer needs access to the database, but instead pulls the information from the API using the -`OATHKEEPER_API_URL` environment variable. +The proxy command no longer needs access to the database, but instead pulls the +information from the API using the `OATHKEEPER_API_URL` environment variable. -Most notably, the `BACKEND_URL` environment variable was deprecated. Instead, rules define their upstream server themselves, -allowing for simple routing using this software. +Most notably, the `BACKEND_URL` environment variable was deprecated. Instead, +rules define their upstream server themselves, allowing for simple routing using +this software. #### `migrate` @@ -513,10 +578,11 @@ Command `migrate` is now called `migrate sql`. ### Not compatible with ORY Hydra < 1.0.0 -This release is not compatible with ORY Hydra versions < 1.0.0. Instead, it relies on a combination of ORY Hydra and ORY Keto to -provide the same functionality as before. +This release is not compatible with ORY Hydra versions < 1.0.0. Instead, it +relies on a combination of ORY Hydra and ORY Keto to provide the same +functionality as before. ## 0.11.12 -This release adds no breaking changes but brings this version up to speed with the latest version of ORY Hydra that Oathkeeper -works with. +This release adds no breaking changes but brings this version up to speed with +the latest version of ORY Hydra that Oathkeeper works with. diff --git a/docker-compose.yml b/docker-compose.yml index a1e4a71874..d0af900592 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,4 +1,4 @@ -version: '3.7' +version: "3.7" services: oathkeeper: @@ -6,8 +6,8 @@ services: context: . dockerfile: Dockerfile-dc ports: - - '4455:4455' - - '4456:4456' + - "4455:4455" + - "4456:4456" command: serve --config=/etc/config/oathkeeper/config.yaml environment: - TRACING_PROVIDER=jaeger @@ -23,7 +23,7 @@ services: jaeger: image: jaegertracing/all-in-one ports: - - '16686:16686' # The UI port + - "16686:16686" # The UI port # These are ports for collecting, sampling, agents, ... # - "5775:5775/udp" # - "6831:6831/udp" diff --git a/docs/README.md b/docs/README.md index 7e51f63c3d..29a0541c57 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,6 +1,7 @@ # Documentation -Please find the documentation at [www.ory.sh/docs/oathkeeper](https://www.ory.sh/docs/oathkeeper). +Please find the documentation at +[www.ory.sh/docs/oathkeeper](https://www.ory.sh/docs/oathkeeper). To contribute to the documentation, please head over to: [github.com/ory/docs/tree/master/docs/oathkeeper](https://github.com/ory/docs/tree/master/docs/oathkeeper) diff --git a/go.mod b/go.mod index fb71ffc39c..f8e756f83e 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,6 @@ require ( github.com/Azure/azure-pipeline-go v0.2.2 github.com/Azure/azure-storage-blob-go v0.9.0 github.com/Masterminds/sprig/v3 v3.2.2 - github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 github.com/auth0/go-jwt-middleware v1.0.1 github.com/aws/aws-sdk-go v1.31.13 github.com/blang/semver v3.5.1+incompatible diff --git a/internal/config/.oathkeeper.yaml b/internal/config/.oathkeeper.yaml index 1d02a97b46..aa8b71f993 100644 --- a/internal/config/.oathkeeper.yaml +++ b/internal/config/.oathkeeper.yaml @@ -268,7 +268,7 @@ authorizers: config: remote: https://host/path - payload: '{}' + payload: "{}" forward_response_headers_to_upstream: - x-foo diff --git a/pipeline/authn/authenticator.go b/pipeline/authn/authenticator.go index 14b3fb1adb..0f9030ebd2 100644 --- a/pipeline/authn/authenticator.go +++ b/pipeline/authn/authenticator.go @@ -53,6 +53,16 @@ type MatchContext struct { Header http.Header `json:"header"` } +type AuthenticatorForwardConfig interface { + GetCheckSessionURL() string + GetPreserveQuery() bool + GetPreservePath() bool + GetPreserveHost() bool + GetForwardHTTPHeaders() []string + GetSetHeaders() map[string]string + GetForceMethod() string +} + func (a *AuthenticationSession) SetHeader(key, val string) { if a.Header == nil { a.Header = map[string][]string{} diff --git a/pipeline/authn/authenticator_bearer_token.go b/pipeline/authn/authenticator_bearer_token.go index 20b97f53b2..8a971878e1 100644 --- a/pipeline/authn/authenticator_bearer_token.go +++ b/pipeline/authn/authenticator_bearer_token.go @@ -8,6 +8,7 @@ import ( "github.com/tidwall/gjson" "github.com/ory/go-convenience/stringsx" + "github.com/ory/oathkeeper/x/header" "github.com/ory/oathkeeper/driver/configuration" "github.com/ory/oathkeeper/helper" @@ -31,14 +32,45 @@ type AuthenticatorBearerTokenConfiguration struct { PreserveHost bool `json:"preserve_host"` ExtraFrom string `json:"extra_from"` SubjectFrom string `json:"subject_from"` + ForwardHTTPHeaders []string `json:"forward_http_headers"` SetHeaders map[string]string `json:"additional_headers"` ForceMethod string `json:"force_method"` } +func (a *AuthenticatorBearerTokenConfiguration) GetCheckSessionURL() string { + return a.CheckSessionURL +} + +func (a *AuthenticatorBearerTokenConfiguration) GetPreserveQuery() bool { + return a.PreserveQuery +} + +func (a *AuthenticatorBearerTokenConfiguration) GetPreservePath() bool { + return a.PreservePath +} + +func (a *AuthenticatorBearerTokenConfiguration) GetPreserveHost() bool { + return a.PreserveHost +} + +func (a *AuthenticatorBearerTokenConfiguration) GetForwardHTTPHeaders() []string { + return a.ForwardHTTPHeaders +} + +func (a *AuthenticatorBearerTokenConfiguration) GetSetHeaders() map[string]string { + return a.SetHeaders +} + +func (a *AuthenticatorBearerTokenConfiguration) GetForceMethod() string { + return a.ForceMethod +} + type AuthenticatorBearerToken struct { c configuration.Provider } +var _ AuthenticatorForwardConfig = new(AuthenticatorBearerTokenConfiguration) + func NewAuthenticatorBearerToken(c configuration.Provider) *AuthenticatorBearerToken { return &AuthenticatorBearerToken{ c: c, @@ -72,6 +104,9 @@ func (a *AuthenticatorBearerToken) Config(config json.RawMessage) (*Authenticato c.SubjectFrom = "sub" } + // Add Authorization and Cookie headers for backward compatibility + c.ForwardHTTPHeaders = append(c.ForwardHTTPHeaders, []string{header.Authorization}...) + return &c, nil } @@ -86,7 +121,7 @@ func (a *AuthenticatorBearerToken) Authenticate(r *http.Request, session *Authen return errors.WithStack(ErrAuthenticatorNotResponsible) } - body, err := forwardRequestToSessionStore(r, cf.CheckSessionURL, cf.PreserveQuery, cf.PreservePath, cf.PreserveHost, cf.SetHeaders, cf.ForceMethod) + body, err := forwardRequestToSessionStore(r, cf) if err != nil { return err } diff --git a/pipeline/authn/authenticator_bearer_token_test.go b/pipeline/authn/authenticator_bearer_token_test.go index 75b53c0c45..f1a0cba321 100644 --- a/pipeline/authn/authenticator_bearer_token_test.go +++ b/pipeline/authn/authenticator_bearer_token_test.go @@ -254,6 +254,26 @@ func TestAuthenticatorBearerToken(t *testing.T) { Extra: map[string]interface{}{"session": map[string]interface{}{"foo": "bar"}, "identity": map[string]interface{}{"id": "123"}}, }, }, + { + d: "should work with custom header forwarded", + r: &http.Request{Header: http.Header{"Authorization": {"bearer token"}, "X-User": {"123"}}, URL: &url.URL{Path: ""}}, + setup: func(t *testing.T, m *httprouter.Router) { + m.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { + if r.Header.Get("X-User") == "" { + w.WriteHeader(http.StatusBadRequest) + return + } + w.WriteHeader(200) + w.Write([]byte(`{"identity": {"id": "123"}, "session": {"foo": "bar"}}`)) + }) + }, + config: []byte(`{"subject_from": "identity.id", "extra_from": "@this", "forward_http_headers": ["X-UsEr"]}`), + expectErr: false, + expectSess: &AuthenticationSession{ + Subject: "123", + Extra: map[string]interface{}{"session": map[string]interface{}{"foo": "bar"}, "identity": map[string]interface{}{"id": "123"}}, + }, + }, } { t.Run(fmt.Sprintf("case=%d/description=%s", k, tc.d), func(t *testing.T) { var ts *httptest.Server diff --git a/pipeline/authn/authenticator_cookie_session.go b/pipeline/authn/authenticator_cookie_session.go index 8b974e35ab..3c7a2d3a9a 100644 --- a/pipeline/authn/authenticator_cookie_session.go +++ b/pipeline/authn/authenticator_cookie_session.go @@ -10,6 +10,7 @@ import ( "github.com/tidwall/gjson" "github.com/ory/go-convenience/stringsx" + "github.com/ory/oathkeeper/x/header" "github.com/ory/herodot" @@ -28,21 +29,52 @@ type AuthenticatorCookieSessionFilter struct { } type AuthenticatorCookieSessionConfiguration struct { - Only []string `json:"only"` - CheckSessionURL string `json:"check_session_url"` - PreserveQuery bool `json:"preserve_query"` - PreservePath bool `json:"preserve_path"` - ExtraFrom string `json:"extra_from"` - SubjectFrom string `json:"subject_from"` - PreserveHost bool `json:"preserve_host"` - SetHeaders map[string]string `json:"additional_headers"` - ForceMethod string `json:"force_method"` + Only []string `json:"only"` + CheckSessionURL string `json:"check_session_url"` + PreserveQuery bool `json:"preserve_query"` + PreservePath bool `json:"preserve_path"` + ExtraFrom string `json:"extra_from"` + SubjectFrom string `json:"subject_from"` + PreserveHost bool `json:"preserve_host"` + ForwardHTTPHeaders []string `json:"forward_http_headers"` + SetHeaders map[string]string `json:"additional_headers"` + ForceMethod string `json:"force_method"` +} + +func (a *AuthenticatorCookieSessionConfiguration) GetCheckSessionURL() string { + return a.CheckSessionURL +} + +func (a *AuthenticatorCookieSessionConfiguration) GetPreserveQuery() bool { + return a.PreserveQuery +} + +func (a *AuthenticatorCookieSessionConfiguration) GetPreservePath() bool { + return a.PreservePath +} + +func (a *AuthenticatorCookieSessionConfiguration) GetPreserveHost() bool { + return a.PreserveHost +} + +func (a *AuthenticatorCookieSessionConfiguration) GetForwardHTTPHeaders() []string { + return a.ForwardHTTPHeaders +} + +func (a *AuthenticatorCookieSessionConfiguration) GetSetHeaders() map[string]string { + return a.SetHeaders +} + +func (a *AuthenticatorCookieSessionConfiguration) GetForceMethod() string { + return a.ForceMethod } type AuthenticatorCookieSession struct { c configuration.Provider } +var _ AuthenticatorForwardConfig = new(AuthenticatorCookieSessionConfiguration) + func NewAuthenticatorCookieSession(c configuration.Provider) *AuthenticatorCookieSession { return &AuthenticatorCookieSession{ c: c, @@ -76,6 +108,9 @@ func (a *AuthenticatorCookieSession) Config(config json.RawMessage) (*Authentica c.SubjectFrom = "subject" } + // Add Authorization and Cookie headers for backward compatibility + c.ForwardHTTPHeaders = append(c.ForwardHTTPHeaders, []string{header.Cookie}...) + return &c, nil } @@ -89,7 +124,7 @@ func (a *AuthenticatorCookieSession) Authenticate(r *http.Request, session *Auth return errors.WithStack(ErrAuthenticatorNotResponsible) } - body, err := forwardRequestToSessionStore(r, cf.CheckSessionURL, cf.PreserveQuery, cf.PreservePath, cf.PreserveHost, cf.SetHeaders, cf.ForceMethod) + body, err := forwardRequestToSessionStore(r, cf) if err != nil { return err } @@ -129,55 +164,71 @@ func cookieSessionResponsible(r *http.Request, only []string) bool { return false } -func forwardRequestToSessionStore(r *http.Request, checkSessionURL string, preserveQuery bool, preservePath bool, preserveHost bool, setHeaders map[string]string, m string) (json.RawMessage, error) { - reqUrl, err := url.Parse(checkSessionURL) +func forwardRequestToSessionStore(r *http.Request, cf AuthenticatorForwardConfig) (json.RawMessage, error) { + req, err := PrepareRequest(r, cf) + if err != nil { + return nil, err + } + + res, err := http.DefaultClient.Do(req.WithContext(r.Context())) + if err != nil { + return nil, helper.ErrForbidden.WithReason(err.Error()).WithTrace(err) + } + + defer res.Body.Close() + + if res.StatusCode == http.StatusOK { + body, err := ioutil.ReadAll(res.Body) + if err != nil { + return json.RawMessage{}, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Unable to fetch cookie session context from remote: %+v", err)) + } + return body, nil + } else { + return json.RawMessage{}, errors.WithStack(helper.ErrUnauthorized) + } +} + +func PrepareRequest(r *http.Request, cf AuthenticatorForwardConfig) (http.Request, error) { + reqURL, err := url.Parse(cf.GetCheckSessionURL()) if err != nil { - return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Unable to parse session check URL: %s", err)) + return http.Request{}, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Unable to parse session check URL: %s", err)) } - if !preservePath { - reqUrl.Path = r.URL.Path + if !cf.GetPreservePath() { + reqURL.Path = r.URL.Path } - if !preserveQuery { - reqUrl.RawQuery = r.URL.RawQuery + if !cf.GetPreserveQuery() { + reqURL.RawQuery = r.URL.RawQuery } + m := cf.GetForceMethod() if m == "" { m = r.Method } req := http.Request{ Method: m, - URL: reqUrl, + URL: reqURL, Header: http.Header{}, } - // We need to make a COPY of the header, not modify r.Header! - for k, v := range r.Header { - req.Header[k] = v + // We need to copy only essential and configurable headers + for requested, v := range r.Header { + for _, allowed := range cf.GetForwardHTTPHeaders() { + // Check against canonical names of header + if requested == header.Canonical(allowed) { + req.Header[requested] = v + } + } } - for k, v := range setHeaders { + for k, v := range cf.GetSetHeaders() { req.Header.Set(k, v) } - if preserveHost { - req.Header.Set("X-Forwarded-Host", r.Host) - } - - res, err := http.DefaultClient.Do(req.WithContext(r.Context())) - if err != nil { - return nil, helper.ErrForbidden.WithReason(err.Error()).WithTrace(err) - } - - if res.StatusCode == 200 { - body, err := ioutil.ReadAll(res.Body) - if err != nil { - return json.RawMessage{}, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Unable to fetch cookie session context from remote: %+v", err)) - } - return body, nil - } else { - return json.RawMessage{}, errors.WithStack(helper.ErrUnauthorized) + if cf.GetPreserveHost() { + req.Header.Set(header.XForwardedHost, r.Host) } + return req, nil } diff --git a/pipeline/authn/authenticator_cookie_session_test.go b/pipeline/authn/authenticator_cookie_session_test.go index bc0b6649fc..43a5c279f3 100644 --- a/pipeline/authn/authenticator_cookie_session_test.go +++ b/pipeline/authn/authenticator_cookie_session_test.go @@ -18,6 +18,7 @@ import ( "github.com/ory/oathkeeper/internal" . "github.com/ory/oathkeeper/pipeline/authn" + "github.com/ory/oathkeeper/x/header" ) func TestAuthenticatorCookieSession(t *testing.T) { @@ -246,7 +247,84 @@ func TestAuthenticatorCookieSession(t *testing.T) { Extra: map[string]interface{}{"session": map[string]interface{}{"foo": "bar"}, "identity": map[string]interface{}{"id": "123"}}, }, session) }) + t.Run("description=should work with custom header forwarded", func(t *testing.T) { + requestRecorder := &RequestRecorder{} + testServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + requestRecorder.requests = append(requestRecorder.requests, r) + requestBody, _ := ioutil.ReadAll(r.Body) + requestRecorder.bodies = append(requestRecorder.bodies, requestBody) + if r.Header.Get("X-User") == "" { + w.WriteHeader(http.StatusBadRequest) + return + } + w.WriteHeader(http.StatusOK) + w.Write([]byte(`{"identity": {"id": "123"}, "session": {"foo": "bar"}}`)) + })) + req := makeRequest("GET", "/", "", map[string]string{"sessionid": "zyx"}, "") + req.Header.Add("X-UsEr", "123") + err := pipelineAuthenticator.Authenticate( + req, + session, + json.RawMessage(fmt.Sprintf(`{"check_session_url": "%s", "subject_from": "identity.id", "extra_from": "@this", "forward_http_headers": ["X-User"]}`, testServer.URL)), + nil, + ) + require.NoError(t, err, "%#v", errors.Cause(err)) + assert.Equal(t, &AuthenticationSession{ + Subject: "123", + Extra: map[string]interface{}{"session": map[string]interface{}{"foo": "bar"}, "identity": map[string]interface{}{"id": "123"}}, + }, session) + }) + }) +} + +func TestPrepareRequest(t *testing.T) { + t.Run("prepare request should return only configured headers", func(t *testing.T) { + testCases := []struct { + requestHeaders []string + expectedHeaders []string + conf *AuthenticatorCookieSessionConfiguration + }{ + { + requestHeaders: []string{header.Authorization, header.AcceptEncoding}, + expectedHeaders: []string{}, + conf: &AuthenticatorCookieSessionConfiguration{}, + }, + { + requestHeaders: []string{header.Authorization, header.AcceptEncoding}, + expectedHeaders: []string{header.AcceptEncoding}, + conf: &AuthenticatorCookieSessionConfiguration{ + // This value is coming from the configuration and may use incorrect casing. + ForwardHTTPHeaders: []string{ + "acCept-enCodinG", + }, + }, + }, + { + requestHeaders: []string{header.Authorization, header.AcceptEncoding}, + expectedHeaders: []string{header.Authorization}, + conf: &AuthenticatorCookieSessionConfiguration{ + ForwardHTTPHeaders: []string{ + header.Authorization, + }, + }, + }, + } + + for _, testCase := range testCases { + r := makeRequest("GET", "/", "", map[string]string{"sessionID": "zyx"}, "") + for _, h := range testCase.requestHeaders { + r.Header.Add(h, h) + } + expected := http.Header{} + for _, h := range testCase.expectedHeaders { + expected.Add(h, h) + } + req, err := PrepareRequest(r, testCase.conf) + assert.NoError(t, err) + assert.Equal(t, expected, req.Header) + } }) + } type RequestRecorder struct { diff --git a/x/header/header.go b/x/header/header.go new file mode 100644 index 0000000000..7ec2bcbd39 --- /dev/null +++ b/x/header/header.go @@ -0,0 +1,18 @@ +package header + +import "net/textproto" + +const ( + AcceptEncoding = "Accept-Encoding" + Authorization = "Authorization" + Cookie = "Cookie" + XForwardedHost = "X-Forwarded-Host" +) + +// Canonical returns the canonical format of the +// MIME header key. The canonicalization converts the first +// letter and any letter following a hyphen to upper case; +// the rest are converted to lowercase. +func Canonical(h string) string { + return textproto.CanonicalMIMEHeaderKey(h) +}